Troubleshoot Provisioning Server Machine Account Password
This article contains information about troubleshooting the Provisioning Server (PVS) machine account passwords.
Verifying the Settings
Ensure to verify the following steps for setting the machine account passwords:
- Verify that the Active Directory machine account password management configured on the virtual disk (vDisk) at the target device is starting, as displayed in the following screen shot:
- Verify that the Active Directory Machine Account Management is configured on Server Properties in the provisioning server console. Ensure to select the value for Change computer account password ever this number of days, as displayed in the following screen shot:
- Verify that the Group Policy Object (GPO) on the Domain is configured to Disable machine account password changes thus giving control to the Provisioning Server over the target Active Directory machine account, as displayed in the following screen shot:
- - Verify what is the value of the maximum password age set in GPO or through Local policy, as displayed in the following screen shot:
Note: It is the best practice to ensure that the GPO or Security policy setting for that Organizational Units Maximum machine account password age setting is compared to the Provisioning Server Active Directory setting for Enable automatic password support setting. The Provisioning Server Active Directory setting for Enable automatic password support number of days must be less than the Group Policy Object or Security policy setting for that Organizational Units Maximum machine account password age setting or you could end up in a scenario where the machine accounts would not able to log on to the domain due to this restriction being in place.
Note: If any of the setting is incorrect, enable them to appropriate setting and restart the target device.
- If the issue still occurs, try resetting target device account password (Reset Machine Account Password, as displayed in the following screen shot) using PVS console and restart the target device.
Note: Target device must be powered off.
If using Windows 2008 or Vista as a provisioned target device, ensure that the Microsoft hotfix mentioned in CTX122650 - Machine Account Password Fails to Update is installed.
Microsoft hotfix, KB969837, has been confirmed to fix the Provisioning Server related Active Directory password issue for Vista and Windows 2008.
Post a Comment