SID issue of duplicated Windows virtual disk

SID issue of duplicated Windows virtual disk

When you use virtualization software such as Microsoft Virtual PC, VMWare, etc. Most of the time, you’ll duplicate (copy and paste) Windows virtual disk for creating a new system instead of grab a Windows CD and install it from scratch because it’s really fast and simple. But the problem occured on the duplicated disk that it contains the same Computer Security Identifier (SID) with the original so that if you try to join the domain on the new system, you can’t login to the domain and the error message show as below:

"The system cannot log you on due to the following error:
 
The name or security ID (SID) of the domain specified is inconsistent with the trust information for that domain."

SID problem

The event log also show error as:
“The computer or domain computername trusts domain domainname. This may be an indirect trust. However, computername and domainname have the same security identifier. NT should be reinstalled on domainname or computername. ”
SID error in event log

Microsoft states that “Computers running the Windows operating system use a Security ID (SID) to uniquely identify themselves. When you use disk-duplicating software, it is important to take steps to ensure the uniqueness of these Security IDs.”

Note: The problem will not occured if you use System Preparation Tool (Sysprep.exe) or some system duplication tools such as Symantec’s Ghost, Altiris’s RapiDeploy, etc. These tools will change a computer’s SID after a system has been cloned automatically.

For more infmation on Windows System Preparation Tool, visit at Desktop Deployment Center Windows – Imaging: System Preparation Tool

Solution

You can solve the problem by run newsid program on the duplicated system. The program will generates new sid for the sytem so that it’s no longer duplicate with the original one.

  1. If you have already join the domain, disjoined the domain before apply newsid program in the next step.
    Note: If you apply the program without disjoined the domain, permissions of all users on the domain won’t be set on the computer. For example, if you have applied newsid program without disjoined the domain and you try to use domain admin account to login to the computer. The account won’t have permission as an administrator but only as a user.
  2. Download NewSID v4.10 from sysinternal.com or at here.
  3. Extract the zipped file and run newsid.exe
  4. Click Next.
    NewSID v4.10
  5. Select Random SID. Click Next.
    Select Random SID
  6. You can also rename the computer name if you want.
    You can also rename the computer name if you want
  7. Click Next and wait a few minutes for applying new sid. Then the system will automatically restarts.
    Click Next to apply SID
  8. Now join the domain again and now you can use the system without the error as stated at the beginning.

Reference

Leave a Reply