Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Server 2012 R2 DC Upgrade

Posted on 2014-03-18
4
Medium Priority
?
5,014 Views
Last Modified: 2014-03-19
I currently have 2 domain controllers running Server 2008 SP2 STD.

I would like to install a 3rd DC running Server 2012R2.

I have successfully prepared for this by doing the following on an existing DC...:

adprep /forestprep

adprep /domainprep

adprep /domainprep /gpprep

Once I run DCPROMO on the new Server 2012R2 installation I get a warning message abbout the crypto security...

Is the upgrade safe?

Anything I should be concerned about?

My goal is to demote one of the 2008 DCs and upgrade the other once this new one is in place and functioning properly.

Both my Domain and forest function level are Server 2003.

Please assist!!
0
Comment
Question by:BSModlin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 39938824
what was the warning?
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39939043
With windows 2012 R2 active directory, windows server 2003 DFL and FFL are deprecated and you will be notified about that

In future you need to consider upgrading functional levels to atlest 2008

Are you talking about that

Mahesh
0
 

Author Comment

by:BSModlin
ID: 39939667
Here is the message I get from the prerequisite check:

Windows Server 2012 R2 domain controllers have a default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker cryptography algorithms when establishing security channel sessions.

For more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751).

Should I be concerned...
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39939893
Beginning with Windows Server 2008, the operating system stopped using “legacy” cryptography algorithms for secure channel communications. By default, Windows NT 4.0 (and other applications/OS’s that use this algorithm) will not be able to establish a secure channel (or otherwise authenticate) with a Windows Server 2008, or higher, domain controller. There is a configuration setting/GPO that can reverse this behaviour – “Allow cryptography algorithms compatible with Windows NT 4.0”. Be warned; however, that even this configuration option will not allow Windows Server 2008 R2 and NT 4.0 to work across a trust relationship.

I don't think you are having windows NT4 client \ server machines
You don't need to worry about above setting
http://blogs.technet.com/b/askpfeplat/archive/2013/06/03/upgrade-active-directory-to-windows-server-2012-phase-1-assessment.aspx

Mahesh
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question