Virtual Enterprise - SERVER01 - Domain Controller (Windows Server 2012 R2) - Adding a 2nd Domain Controller

Blog Post created by SungHoon_Kim Employee on Aug 18, 2015

This is the 2nd virtual machine in my virtual enterprise.

It has the same hardware as the 1st virtual machine(AD2012R2-02).


OS : Windows Server 2012 R2 Standard



NIC: 2 (1 x "SECURE.LAB BACKEND", 1 x "VM Network")


Install the OS.

Install VMWare Tools.

Activate the Windows.

Manually specify the fixed IP on the "SECURE.LAB BACKEND" NIC.


I am setting up the following.





(The reason why it is pointing to DNS as primary is because this server does not yet have a DNS to resolve the SECURE.LAB and need to rely on to resolve it.)



It also has the Active Directory Domain Services role installed (same as the AD2012R2-02).


Following is the steps to configure after the steps above has been performed.



1. Rename the host to "AD2012R2-01" and register to SECURE.LAB at the same time.




For some reason, I am getting the following error.

(I will cover this part later at the bottom of this article).

I clicked "OK" and continue.


2. Reboot the machine

3. Promote the server to a domain controller.


Unlike the first domain controller, what we are doing here is to add an additional domain controller to an existing domain.


In the above, the credential to perform this task is "AD2012R2-01\Administrator" which will not have permission to do this.

Local Administrator only has local privilege, not domain level privilege, so you will need to select a domain administrator.




Ignore the warning and continue.


Accept the default and continue. (You have the option to choose from which AD you want to replicate from, but default is alright).




This got stuck after I clicked on "Install".

It seems to have performed everything but did not finish.

Looking at the event log at the AD2012R2-02, it was complaining about duplicate SPN for this AD2012R2-01.


After doing some research, I found the following article.


MS site tells me that there is a new feature introduced in 2008 R2 to prevent duplicate SPN from registering.

It is curious why my 2 machines will have same SPN when they were installed fresh separately.

But there is a patch above so I will need to apply it on both servers and see if the issue goes away.

After you apply this patch, it will ask you to reboot.

After reboot, the AD2012R2-01 was recognized as Domain Controller.


This is not a pleasant experience and still not really comfortable whether this AD2012R2-01 would work well as a domain controller.

I will monitor and update this article if anything happens.ScreenHunter_157.jpg