Link to home
Start Free TrialLog in
Avatar of justinmoore14
justinmoore14Flag for United States of America

asked on

DNS and Promoting Server 2012R2 to DC Issues

Good Morning,

I think there are two separate issues here, but are one in the same. Let me give a brief description of what I have first.
We have a Primary and Secondary DC at our corporate site. We have a remote office that I am installing it's first server (DC) in (Server 2012 R2) and am trying to promote it to a DC without success. Remote site and Corporate Site are connected with a site to site VPN

Part 1...DNS Issue

--When I ping the primary or secondary DC at the Corporate site from the remote site it resolves to an external IP. However, I can open up explorer and type \\0.0.0.0 (IP Of PDC) and it will browse right to it, so I know the connection is there. I can also ping it by ip, but just not by name.
--The server has a static IP with Primary DNS as itself and Secondary DNS as the PDC at the Corporate Site.
--Here is where things get weird. If I uninstall DNS Server role and re-open a command prompt everytime I ping the PDC it resolves to the servers private IP. It is almost like when you install the AD DS role everything goes well until it installs the DNS Role automatically. Once it does then it can't find the PDC (I assume) and is why it is failing.

Part 2 Promoting Server

--It hangs at the NTDLS (I think is the object) trying to create the DNS entries
--Sometimes it will make it past that to the Replicating Critical Domain Information, but it has been here for two days.
--It finally failed with this message.
The operation failed because:
The Active Directory Domain Services Installation Wizard (Dcpromo.exe) was unable to convert the computer account EPF1$ to an Active Directory Domain Controller account.
Verify that the user running Dcpromo.exe is granted the "Enable computer and user accounts to be trusted for delegation" user right in the Default Domain Controllers Policy.
For more information, see the resolution section of http://go.microsoft.com/fwlink/?LinkId=178406.
The error was:
"The specified server cannot perform the requested operation."

--I am using the Domain Admin Account to promote
--Could the DNS issue above be causing the issue?



Justin
SOLUTION
Avatar of ExchangeKB
ExchangeKB

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of justinmoore14

ASKER

Thank You for replying so quickly.

I will change the DNS Settings per your recommendation.

DFL = Domain Function Level correct? DFL = WIndows Server 2008R2 & FFL = Windows Server 2003
     --Also, forgot to mention that the PDC and SDC at the corporate site are both Server 2012 R2 as they were the first DC's in the org that were 2012. All previous DC's were Server 2008 R2

Would you mind elaborating a little more on what you mean by AD site and Subnet configured? What information you need me to provide with this?
Avatar of ExchangeKB
ExchangeKB

For configuring the AD site and subnet with  site links, refer this step by step, you are only going to create one site and the corresponding remote subnet

https://blogs.technet.microsoft.com/canitpro/2015/03/03/step-by-step-setting-up-active-directory-sites-subnets-site-links/

And then when run the wizard to promote new DC in branch choose the appropriate site that you setup.
I forgot to create the site link...I had already created the sites, and subnets.

I have made all recommended changes and am re-running the wizard...Will let you know what happens.
When I re-run the wizard now I get the following error message? If I look in AD there is no server named that under "Domain Controllers".

The operation failed because:

Active Directory Domain Services could not determine if this directory server name CN=NTDS Settings,CN=EPF1,CN=Servers,CN=Richburg,CN=Sites,CN=Configuration,DC=eldecoinc,DC=com is unique on the remote directory server DC4.eldecoinc.com. If this name is not unique, rename this directory server.

"A domain controller with the specified name already exists."
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I will answer in order.

Yes, was already part of the domain...Yes, it exist in the computer account ou...Just to clarify you are wanting me to install the AD DS Role while the machine is still in a WORKGOUP, so don't join it to the domain first?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok....I wanted to clarify because I had already done that once without success. The only difference is when I ran the wizard it was already joined to the domain first. I will re-do these steps but leave the server on a workgroup and run the Wizard again. Will let you know what happens.
I have been able to finally get the DC Promoted. Thank You for all of your help! I will accept the solutions a little later today.