Solved

Server 2012 R2 DC Upgrade

Posted on 2014-03-18
4
4,389 Views
Last Modified: 2014-03-19
I currently have 2 domain controllers running Server 2008 SP2 STD.

I would like to install a 3rd DC running Server 2012R2.

I have successfully prepared for this by doing the following on an existing DC...:

adprep /forestprep

adprep /domainprep

adprep /domainprep /gpprep

Once I run DCPROMO on the new Server 2012R2 installation I get a warning message abbout the crypto security...

Is the upgrade safe?

Anything I should be concerned about?

My goal is to demote one of the 2008 DCs and upgrade the other once this new one is in place and functioning properly.

Both my Domain and forest function level are Server 2003.

Please assist!!
0
Comment
Question by:BSModlin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 39938824
what was the warning?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39939043
With windows 2012 R2 active directory, windows server 2003 DFL and FFL are deprecated and you will be notified about that

In future you need to consider upgrading functional levels to atlest 2008

Are you talking about that

Mahesh
0
 

Author Comment

by:BSModlin
ID: 39939667
Here is the message I get from the prerequisite check:

Windows Server 2012 R2 domain controllers have a default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker cryptography algorithms when establishing security channel sessions.

For more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751).

Should I be concerned...
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39939893
Beginning with Windows Server 2008, the operating system stopped using “legacy” cryptography algorithms for secure channel communications. By default, Windows NT 4.0 (and other applications/OS’s that use this algorithm) will not be able to establish a secure channel (or otherwise authenticate) with a Windows Server 2008, or higher, domain controller. There is a configuration setting/GPO that can reverse this behaviour – “Allow cryptography algorithms compatible with Windows NT 4.0”. Be warned; however, that even this configuration option will not allow Windows Server 2008 R2 and NT 4.0 to work across a trust relationship.

I don't think you are having windows NT4 client \ server machines
You don't need to worry about above setting
http://blogs.technet.com/b/askpfeplat/archive/2013/06/03/upgrade-active-directory-to-windows-server-2012-phase-1-assessment.aspx

Mahesh
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question