SungHoon_Kim

Virtual Enterprise - SERVER01 - Domain Controller (Windows Server 2012 R2) - Adding a 2nd Domain Controller

Blog Post created by SungHoon_Kim Employee on Aug 18, 2015

This is the 2nd virtual machine in my virtual enterprise.

It has the same hardware as the 1st virtual machine(AD2012R2-02).

 

OS : Windows Server 2012 R2 Standard

HDD: 40GB

RAM: 1GB

NIC: 2 (1 x "SECURE.LAB BACKEND", 1 x "VM Network")

 

Install the OS.

Install VMWare Tools.

Activate the Windows.

Manually specify the fixed IP on the "SECURE.LAB BACKEND" NIC.

 

I am setting up the following.

IP: 172.17.8.1

Subnet: 255.255.252.0

DNS: 172.17.8.2

          172.17.8.1

 

(The reason why it is pointing to DNS 172.17.8.2 as primary is because this server 172.17.8.1 does not yet have a DNS to resolve the SECURE.LAB and need to rely on 172.17.8.2 to resolve it.)

ScreenHunter_143.jpg

 

It also has the Active Directory Domain Services role installed (same as the AD2012R2-02).

 

Following is the steps to configure after the steps above has been performed.

 

 

1. Rename the host to "AD2012R2-01" and register to SECURE.LAB at the same time.

ScreenHunter_144.jpg

ScreenHunter_145.jpg

ScreenHunter_146.jpg

For some reason, I am getting the following error.

(I will cover this part later at the bottom of this article).

I clicked "OK" and continue.

ScreenHunter_147.jpg

2. Reboot the machine

3. Promote the server to a domain controller.

ScreenHunter_148.jpg

Unlike the first domain controller, what we are doing here is to add an additional domain controller to an existing domain.

ScreenHunter_149.jpg

In the above, the credential to perform this task is "AD2012R2-01\Administrator" which will not have permission to do this.

Local Administrator only has local privilege, not domain level privilege, so you will need to select a domain administrator.

ScreenHunter_150.jpg

ScreenHunter_151.jpg

ScreenHunter_152.jpg

Ignore the warning and continue.

ScreenHunter_153.jpg

Accept the default and continue. (You have the option to choose from which AD you want to replicate from, but default is alright).

ScreenHunter_154.jpg

ScreenHunter_155.jpgScreenHunter_156.jpg

 

This got stuck after I clicked on "Install".

It seems to have performed everything but did not finish.

Looking at the event log at the AD2012R2-02, it was complaining about duplicate SPN for this AD2012R2-01.

 

After doing some research, I found the following article.

https://support.microsoft.com/en-us/kb/3070083

 

MS site tells me that there is a new feature introduced in 2008 R2 to prevent duplicate SPN from registering.

It is curious why my 2 machines will have same SPN when they were installed fresh separately.

But there is a patch above so I will need to apply it on both servers and see if the issue goes away.


After you apply this patch, it will ask you to reboot.

After reboot, the AD2012R2-01 was recognized as Domain Controller.

 

This is not a pleasant experience and still not really comfortable whether this AD2012R2-01 would work well as a domain controller.

I will monitor and update this article if anything happens.ScreenHunter_157.jpg

Outcomes