Share this page : facebooktwitterlinkedinmailfacebooktwitterlinkedinmail

The dc2 was in the same site with dc1 before, the addresses was like this:

 Table1
NIC1(frankfu.com) NIC2(frankfu.net) NIC4(Internet)
DC1 192.168.0.10 192.168.1.11 192.168.32.136, default gateway: 192.168.32.2
DC2  192.168.0.13
DC3 192.168.1.10

I planned to move the DC2 to another site and promote it as a Domain controller again.

 Table2  NIC1(frankfu.com) NIC2(frankfu.net) NIC3(SiteBranch) NIC4(Internet)
DC1 192.168.0.10 192.168.1.11 192.168.2.11 192.168.32.136, default gateway: 192.168.32.2
DC2 192.168.2.10
DC3 192.168.1.10

 

Step1,  Demote the DC2 as a standalone server.

Step2, configure the DC2’s NIC address to the new one in table 2, create a new NIC on DC1 assign the address 192.168.2.11 to it.

Step3, join the DC2 to frankfu.com again.

Problem met: http://frankfu.click/labs/the-request-is-not-supported-error-when-joining-domain/

Step4, prompt the DC2 to domain controller.

Problem: Can not prompt the dc2 to be a domain controller for unknown reason: but get some warning as below.

Warning: Windows Server 2012 domain controllers have a default for the security setting named “Allow cryptography algorithms compatible with Windows NT 4.0” that prevents weaker cryptography algorithms when establishing security channel sessions.

For more information about this setting, see Knowledge Base article 942564

  • https://support.microsoft.com/en-au/kb/942564
  • Logon with another account, which is domain admins, Enterprise admin, Administrators.
  • Clear the check box: global catalog (GC) option.

Retried and succeeded.

Step5. check the result, open the Active directory Sites and Services, choose the server, NTDS settings, right click the server, and choose replicate now.

AD Replication error 8452: “The naming context is in the process of being removed or is not replicated from the specified server.”
more about this error, see https://support.microsoft.com/en-us/kb/2023704

Issued repadmin /showrepl on both DC1 and DC2,

on DC1 showed:

Naming context: CN=configuration,DC=frankfu.DC=com

Source:SiteBanch\DC2

******* WARNING: KCC could not add this REPLICA LINK due to error.

Naming context: DC=frankfu.DC=com

Source:SiteBanch\DC2

******* WARNING: KCC could not add this REPLICA LINK due to error.

On DC2 showed replication was successful.

So, now the replication from DC1 to DC2 was successful, but from DC2 to DC1 not.

I tried the following method:

  • Manual assign bridgehead Servers:  open the Active directory Sites and Services, choose the sites > SiteBranch > servers >DC2, right click DC2, choose Properties, on the bottom of the window, in the right hand side text box, there is no protocol. Which means the bridgehead server has not been chosen.
    method: on the bottom of the window, choose IP under ” Transports available for inter-site data transfer” click Add >>. Then browse to the other site,  sites > SiteHQ > servers >DC1, right click and do the same action as above. Then we got a warning that there is no server for the subdomain test.frankfu.com. So repeat this step and do the same on server 08R2, which is the dc for test.frankfu.com
  • Reboot both DC1 and DC2.

Test the replication again, succeeded. But still have the error,

DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.

Reason: Run the repadmin within a command window that is not open with admin privilege.
Solution: Right click CMD, selecting “Run as Administrator”.

Reference:

Step by step:Setting Up Active Directory Sites, Subnets & Site-Links (http://blogs.technet.com/b/canitpro/archive/2015/03/04/step-by-step-setting-up-active-directory-sites-subnets-amp-site-links.aspx )