Share this page : facebooktwitterlinkedinmailfacebooktwitterlinkedinmail

I am building a enterpise network which include three domains: frankfu.com, frankfu.net, and test.frankfu.com on the HP Proliant DL380 G7.

Hardware Specification:

  • CPU: Intel Xeon E5649 @ 2.53GHZ ( 6 cores, L1 cache: 384 Kb, L2 cache: 1.5MB, L3 cache: 12MB)
  • RAM: 36Gb

Key to access Raid controller: F8

 

 

IP scheme

The servers are assigned the roles as illustrated in the table bellow:

Server name (operating system) IP address Server roles Domain Operational Master Role Comments
DC1 (Win2012)  192.168.0.10  Domain Controller Frankfu.com GC, Schema Master
DC2 (Win2012)  192.168.2.10  Domain Controller  RID,Infrastructure Master,
DC3 (Win2012) 192.168.1.10  Domain Controller Frankfu.net GC, Schema Master, RID,IM
 File_Print_WSUS_gateway (Win2012) 192.168.0.15  File Server

Print Server

WSUS Server

Routing

Frankfu.com  N/A  DFS member1
RODC (Win2012 core)  192.168.0.12  Frankfu.com For a branch office
WDS01 (Win2012) 192.168.0.18
08R2 (Win2008R2)  192.168.0.11  Domain Controller test.frankfu.com All five For testing purpose
WINXP (windows xp)  DHCP For testing
WIN7 (windows 7)  DHCP For testing
Win8 (windows 8)  DHCP For testing

 

Topology

 

 

Audit:

Enabled ” Audit account logon events” both success and failure on Dc1. 16:55 01/Mar/2016

Enabled “Audit object access” both success and failure on Dc1. 17:00 01/Mar/2016

 

Problem:

 

1, Ping Issue:  DC2(192.168.2.10) can not ping DC1(192.168.0.10) with each other, but can ping all other computers in the same subnet.

The DC2 was a cloned DC, this may caused this issue, I tried command:

set devmgr_show_nonpresent_devices=1
start devmgmt.msc

In this Special Device Manager Window; on the menu, click View then Show Hidden Devices

Under the Network The unwanted devices will appear dimmed. You can right-click on them from there and uninstall them ” did not work , so decide to reinstall the DC2.

Step 1, Before re-installation, we need to demote the DC2 from domain controller.

  • At an elevated command prompt, type the following command, and then press ENTER:dcpromo /unattend /username:<domain admin> /userdomain:<domain> /password:<DA password> /administratorpassword:<local admin password>Where:
    • domain admin is the name of an account that is a member of the Domain Admins group.
    • domain is the name of the domain for the domain controller.
    • DA password is the password for the account that is a member of the Domain Admins group.
    • local admin password is the password that will be used for the local administrator account on the server after AD DS is removed.

    The following example removes a domain controller from a domain named contoso.com, removes the AD DS server role binaries, and sets the local administrator password to [email protected]$$w0rd:

    dcpromo /unattend /username:DA1 /userdomain: contoso.com /password: DA1_password /administratorpassword: [email protected]$$w0rd

Step2, remove the computer account of DC2 from the domain

On DC1, open the “AD users and computers” MMC, find the DC2 account under Domain Controllers or somewhere else if you have moved it.

Step3, now that the record in the domain is clean, we can reinstall the DC2 and join it to the domain, then promote it as the domain controller.


2.  DC replication Issue

Last error: 1722 (0x6ba): The RPC server is unavailable.

For detail, see here. http://frankfu.click/labs/networking-labs/dc-replication-problem/