Domain Membership for Hyper-V Virtual Machine

Q: I have a virtual machine that's domain-joined. When I try to log on to the virtual machine, it reports a trust relationship problem. What can I do?

A: This actually has nothing to do with Hyper-V. If you see the message The security database on the server does not have a computer account for this workstation trust relationship when you try to log on, either Active Directory isn't aware of the OS or the machine password is incorrect. This frequently happens on machines that are turned off for a very long time and the object in AD has been cleaned up, or if you've restored a backup that has the incorrect machine account password.

The reason this is common in virtual machines is that virtual machines tend to be left offline for long periods of time. In addition, with technologies such as checkpoints and snapshots, it's easier to move a virtual machine backward and forward through time, increasing the chance of machine password problems. In a lab environment, you can lengthen the time between machine account password changes or even disable them completely, as documented in "Frequency of machine account password changes."

The solution to the problem is the same as for a physical machine: Move the OS to a workgroup, then rejoin to the domain.