[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Server 2012 R2 DC Upgrade

Posted on 2014-03-18
4
Medium Priority
?
5,162 Views
Last Modified: 2014-03-19
I currently have 2 domain controllers running Server 2008 SP2 STD.

I would like to install a 3rd DC running Server 2012R2.

I have successfully prepared for this by doing the following on an existing DC...:

adprep /forestprep

adprep /domainprep

adprep /domainprep /gpprep

Once I run DCPROMO on the new Server 2012R2 installation I get a warning message abbout the crypto security...

Is the upgrade safe?

Anything I should be concerned about?

My goal is to demote one of the 2008 DCs and upgrade the other once this new one is in place and functioning properly.

Both my Domain and forest function level are Server 2003.

Please assist!!
0
Comment
Question by:BSModlin
  • 2
4 Comments
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 39938824
what was the warning?
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39939043
With windows 2012 R2 active directory, windows server 2003 DFL and FFL are deprecated and you will be notified about that

In future you need to consider upgrading functional levels to atlest 2008

Are you talking about that

Mahesh
0
 

Author Comment

by:BSModlin
ID: 39939667
Here is the message I get from the prerequisite check:

Windows Server 2012 R2 domain controllers have a default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker cryptography algorithms when establishing security channel sessions.

For more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751).

Should I be concerned...
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39939893
Beginning with Windows Server 2008, the operating system stopped using “legacy” cryptography algorithms for secure channel communications. By default, Windows NT 4.0 (and other applications/OS’s that use this algorithm) will not be able to establish a secure channel (or otherwise authenticate) with a Windows Server 2008, or higher, domain controller. There is a configuration setting/GPO that can reverse this behaviour – “Allow cryptography algorithms compatible with Windows NT 4.0”. Be warned; however, that even this configuration option will not allow Windows Server 2008 R2 and NT 4.0 to work across a trust relationship.

I don't think you are having windows NT4 client \ server machines
You don't need to worry about above setting
http://blogs.technet.com/b/askpfeplat/archive/2013/06/03/upgrade-active-directory-to-windows-server-2012-phase-1-assessment.aspx

Mahesh
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question