Hyper-V: Troubleshooting Snapshot Restore Domain Logon Failure

This article sourced from mikekol's blog: http://blogs.msdn.com/mikekol/archive/2009/03/18/does-restoring-a-snapshot-break-domain-connectivity-here-s-why.aspx

Symptom: You have a VM that’s joined to a domain and working perfectly.  You take a snapshot so you can restore it at any time. At some point in the future (usually more than 30 days), you revert to the snapshot VM and start it. However you  receive and error message that the domain doesn't trust the VM.

Cause: By default Active Directory domain policies for a domain member require that the computer account password is changed on a schedule set by the administrator (by default 30 days).  The VM you are using has a machine account password that is not current.

Since Windows 2000, all versions of Windows have the same value. You can modify this to a custom value using the following group policy setting in Active Directory.

**Domain member: Maximum machine account password age

**You can configure this security setting by opening the appropriate policy and expanding the console tree:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

This problem is not exclusive to Hyper-V snapshots. It happens to VMWare images, and in restoring backups. 

Solution:

• Log into a local administrator account on the vm and leave the domain.  Then rejoin it.  The computer account will get updated with a new password knows. 
• You could use NETDOM.EXE to reset the computer account password. You could even automate this if you need to.
• Sysprep the VM and create an unattend file that will configure it to your liking, and that will automatically join the domain for you.  Once the machine is sysprep’d, make a snapshot and restore to that one from now on.
• If you can, change the default domain policy, or get an exception created for your computer account(s). NOTE: This is not the recommended option for security reasons.