Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Bradley Schacht

Bradley is a consultant at Pragmatic Works in Jacksonville, FL. He was an author on the book SharePoint 2010 Business Intelligence 24-Hour Trainer and tech edited the SQL 2011 Bible. His experience on the Microsoft BI platform includes DTS, SSIS, SSRS, SSAS and migrations and conversions. He has helped numerous companies in successfully developing and implementing new business intelligence solutions into their organizations. Bradley also participates as a speaker in community events like SQL Saturday, Code Camp, SQL Lunch and SQL Server User Groups. He is a contributor on sites such as BIDN.com and SQL Server Central as well as an active member of the Jacksonville SQL Server User Group (JSSUG).

Error: No mapping between account names and security IDs was done

I recently decided to move over to Windows 8 so I can take advantage of Hyper-V and get off a third party tool for virtualization. In the process I decided to rebuild my VM set up and modify the layout a little. Previously I had made each VM a domain controller that needed to be joined to a domain. This was ok in the previous setup as communication between VMs was a pain. With Hyper-V though I decided to create one domain controller and join the other VMs to it in an attempt to boost my SharePoint VM performance.

This was working splendid. I created a single Windows Server 2008 R2 Service Pack1 image with all the updates applied. I then made that read-only and used it as the base for my differencing disks. Again not a problem. Created a domain controller and a second VM for SharePoint 2010. Joining the domain was a breeze and installing SharePoint went great. The problem arose when I went to install SQL Server 2012.

When assigning the service accounts to the various SQL services the following error popped up when selecting the account to use:

“S-1-5-21-4180795751-2880370114-533936497-1103: No mapping between account names and security IDs was done.”.

The issue:

Since I created a single differencing disk in Hyper-V and used it as the base for both my domain controller and my SharePoint VM the machines has the same SID. Normally this is not a problem except in one case when a DC is involved. I’m not a Windows admin, so I honestly don’t know all the details behind that (you’re welcome to read a really good blog about the problem here: http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx). In the end, the fact that both machines had the same SID was the issue.

The resolution:

The domain controller should have it’s own SID. Everything else can have the same SID, but the DC needs to be unique. This can mean doing one of two things; run SYSPREP on each new VM you create on top of the differencing disk (which if you read the blog above introduces all kinds of issues/undoes a bunch of settings you may have done already) or just create two separate VMs (one for the DC and a separate image for everything else).

I chose to go option two. I have a single image I use for the DC and a second image that is the base image for all differencing disks that I may create. This way the DC SID is always guaranteed to be different from the other VMs I create and I don’t have to bother with running the annoying SYSPREP process every time I create a new VM.

If you do choose the SYSPREP route though here is what you need to do:

  1. From the Start Menu select Run
  2. Enter C:\Windows\System32\sysprep\sysprep.exe in the box and click OK
  3. Be sure that Enter System Out-of-Box Experience (OOBE) is selected
  4. Check the box next to Generalize (If this is not select the SID won’t get changed)
  5. Click OK and follow the prompts when the system reboots.

Comments

Leave a comment on the original post [www.bradleyschacht.com, opens in a new window]

Loading comments...