I am building a enterpise network which include three domains: frankfu.com, frankfu.net, and test.frankfu.com on the HP Proliant DL380 G7.
- CPU: Intel Xeon E5649 @ 2.53GHZ ( 6 cores, L1 cache: 384 Kb, L2 cache: 1.5MB, L3 cache: 12MB)
- RAM: 36Gb
Key to access Raid controller: F8
The servers are assigned the roles as illustrated in the table bellow:
|Server name (operating system)||IP address||Server roles||Domain||Operational Master Role||Comments|
|DC1 (Win2012)||192.168.0.10||Domain Controller||Frankfu.com||GC, Schema Master|
|DC2 (Win2012)||192.168.2.10||Domain Controller||RID,Infrastructure Master,|
|DC3 (Win2012)||192.168.1.10||Domain Controller||Frankfu.net||GC, Schema Master, RID,IM|
|File_Print_WSUS_gateway (Win2012)||192.168.0.15|| File Server
|RODC (Win2012 core)||192.168.0.12||Frankfu.com||For a branch office|
|08R2 (Win2008R2)||192.168.0.11||Domain Controller||test.frankfu.com||All five||For testing purpose|
|WINXP (windows xp)||DHCP||For testing|
|WIN7 (windows 7)||DHCP||For testing|
|Win8 (windows 8)||DHCP||For testing|
Enabled ” Audit account logon events” both success and failure on Dc1. 16:55 01/Mar/2016
Enabled “Audit object access” both success and failure on Dc1. 17:00 01/Mar/2016
1, Ping Issue: DC2(192.168.2.10) can not ping DC1(192.168.0.10) with each other, but can ping all other computers in the same subnet.
The DC2 was a cloned DC, this may caused this issue, I tried command:
In this Special Device Manager Window; on the menu, click View then Show Hidden Devices
Under the Network The unwanted devices will appear dimmed. You can right-click on them from there and uninstall them ” did not work , so decide to reinstall the DC2.
Step 1, Before re-installation, we need to demote the DC2 from domain controller.
- At an elevated command prompt, type the following command, and then press ENTER:
dcpromo /unattend /username:<domain admin> /userdomain:<domain> /password:<DA password> /administratorpassword:<local admin password>Where:
domain adminis the name of an account that is a member of the Domain Admins group.
domainis the name of the domain for the domain controller.
DA passwordis the password for the account that is a member of the Domain Admins group.
local admin passwordis the password that will be used for the local administrator account on the server after AD DS is removed.
The following example removes a domain controller from a domain named contoso.com, removes the AD DS server role binaries, and sets the local administrator password to [email protected]$$w0rd:
dcpromo /unattend /username:DA1 /userdomain: contoso.com /password: DA1_password /administratorpassword: [email protected]$$w0rd
Step2, remove the computer account of DC2 from the domain
On DC1, open the “AD users and computers” MMC, find the DC2 account under Domain Controllers or somewhere else if you have moved it.
Step3, now that the record in the domain is clean, we can reinstall the DC2 and join it to the domain, then promote it as the domain controller.
2. DC replication Issue
Last error: 1722 (0x6ba): The RPC server is unavailable.
For detail, see here. http://frankfu.click/labs/networking-labs/dc-replication-problem/