none
A member could not be added to or removed from the local group because the member does not exist.

    问题

  • Hopefully someone can tell me what I'm doing wrong here.

    Here's the scenario.

    Installed Win2k8 DC.

    Installed Win2k8 TS, setup remote apps and now want to test web access.

    Installed Win2k8 WEB server into domain with the intent of installing the TS Web Access role.

     

    Now if I have it correct you need to modify the TS Web Access Computers group on the TS server to allow the TS Web server to see the list of remote apps.

    I have tried to add the computer account without success.

    The receive the following error:

     

    The following error occurred while attempting to save properties

    for group TS Web Access Computers on WIN2K8-TS

     

    A member could not be added to or removed from the local group

    because the member does not exist.  

     

    I can see the computer account in AD, I can login to the domain without any issues.  I have even tried to create a group in AD and add that instead.  Same issue.

    What am I doing wrong?

    Why can I not add domain comouter accounts or domain groups into a local group?

    I have reinstalled AD and TS several times without luck.

    2009年11月12日 5:55

答案

全部回复

  • Help!
    2009年11月12日 7:07
  • Are you trying to add local user to the group on TS or a domain user to the group?

    A member could not be added to or removed from the local group because the member does not exist" may result from varieties of incidents such as duplicate SIDs. This is critical error that may need to re-install or Newsid the OS.


    See Miles Comments here http://social.technet.microsoft.com/Forums/en/winserverDS/thread/4cdeab25-c9f8-4f63-bff1-d4a8ebdb42ab



    Raj
    2009年11月12日 7:16
  • Are you trying to add local user to the group on TS or a domain user to the group?

    A member could not be added to or removed from the local group because the member does not exist" may result from varieties of incidents such as duplicate SIDs. This is critical error that may need to re-install or Newsid the OS.


    See Miles Comments here http://social.technet.microsoft.com/Forums/en/winserverDS/thread/4cdeab25-c9f8-4f63-bff1-d4a8ebdb42ab



    Raj

    Im trying to add the TS to the LOCAL group "TS Web Access Computers" on the TS itself via Server Manager.
    2009年11月12日 7:42
  • Are you following instructions from http://technet.microsoft.com/en-us/library/cc771623.aspx ?
    Then you should be adding the computer account of the RD Web Access server to the TS Web Access Computers group on the RD Session Host. Try removing both computers from the domain and rejoining them... If this does not work - and you are using imaging, sysprep both before joining the domain...

    hth
    Marcin

     

    2009年11月12日 12:19
  • Hello,

    in addition to what the others suggest think about using the following forum site:
    http://social.technet.microsoft.com/Forums/en/winserverTS/threads

    http://social.technet.microsoft.com/Forums/en/windowsserver2008r2virtualization/threads

    Especially made for remote desktop services.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    2009年11月13日 15:02
  • Recently I had done a P2V of one of our live server using SCVMM2008. The physical box was running Terminal Services and Hyper-V(Windows2008 x64 Ent). The objective was to install Active Directory on the physical box to retain the User profiles with their respective settings and to create a new VM which shall hold only Terminal Service Role.

    The reason for doing P2v was also to retain some critical in-house application configurations & some 300 schedules. The P2V using SCVMM was smooth. But after joining this new vm to the domain, i was unable to add domain users to the TS Web Access Computers group . Everytime I tried to join domain users, got this message :-

    "A member could not be added to or removed from the local group because the member does not exist. "

    After lot of reading and research I found the root cause of this issue. The issue was with Machine's duplicate SID. Basically i had cloned the existing physical systems and why not, it helps save time, but the problem is the clone may have a duplicate SID and changing the computer name will not help.

    To check machine's SID use PsGetSid from Sysinternals. The out put should be something like this:-

     

    SID for \\Machinename
    S-1-5-21-202558765-4256612347-545987650

     

    So now my objective was to generate a new SID for this VM to resolve the conflict. There was an awesome tool NewSID v4.10 by Mark Russinovich and Bryce Cogswell which helps to change the Machine's SID and genarate a new SID. However Microsoft does not support using NewSID , so the alternative is to use SysPrep . Changing the SID using sysprep is also very simple, just follow few steps as described below :-

    1. Start->Run , type sysprep and press OK . This will open sysprep folder which is located in c:\Windows\System32 .                                                      
    2. Open sysprep application. This will open System Preparation Tool 3.14 window . As a System Cleanup Action select Enter System Out-of-Box Experience (OOBE) . Select Generalize if you want to change SID , it’s not selected by default. As Shutdown Options select Reboot .
    3. After rebooting you’ll have to enter some data, for example, Country or region, Time and currency and Keyboard input .
    4. Also, you’ll have to accept EULA . And that’s it. After booting, in Server Manager you’ll see that everything is changed, if you had some settings set now they’re changed

    Again check the SID using PsgetSid as mentioned above. You should now have a new SID for this machine. Now add domain users to the TS Web Access Computers group. It should work fine now. Hope this info helps.

     

    cheers,

    Debarghaya a.k.a Cyberyogi

    • 已建议为答案 AntonyPaul 2011年5月28日 14:16
    2010年12月14日 20:19
  • This is a SID issue. You have clones servers with out a sys prep.

    run

    c:\windows\system32\sysprep\sysprep.exe to reset the sid. Do this on all machines before joining the domain.

    I have repeatedly tested this with and without the sysprep. With out you will always get the above error.

    Hope this helps.


    Andy

    2012年6月15日 17:36
  • Thanks!!!!!!!!
    2012年7月10日 19:27