8

I recently inherited infrastructure duties for a small startup I am working with. My traditional role has been development, so bear with me...

I was hoping to start off on the right foot, and get Active Directory up and running in Azure. I have followed the guides on Microsoft's TechNet for Installing an AD forest in an Azure VPN, and I have the following structure

Azure VPN, configured for Site-to-Site VPN with my local network, it shows as connected properly.

  • Subnet: 192.168.5.0/24 HQNET
  • Subnet: 192.169.1.0/24 Site-to-Site VPN Gateway
  • Subnet: 192.169.2.0/24 Auth
  • Subnet: 192.169.3.0/24 Apps
  • Subnet: 192.169.4.0/24 Data
  • Subnet: 192.169.6.0/24 Middle

I have Server 2012 R2 on an A1 Standard VM in the Auth subnet, IP 192.169.2.4. AD Install went great, started a new forest, everything seemed to work well. This VM was created with Username1/Password1, which is automatically added as a Domain Admin/Enterprise Admin when AD is installed.

I spin up a second Server 2012 R2 A1 Standard VM for replication purposes within the same Auth Subnet - IP 192.169.2.5, and create this VM with Username2/Password2. I then join this VM to the domain created with the first DC. After joining the domain, I attempt to promote this VM as a replica DC. It asks for credentials to perform this action, and I provide DOMAIN\Username1:Password1 as the credentials.

During the promotion process AD reaches a step where it is "Creating an NTDS settings object" on the parent AD VM, the installation stalls out at this step. According to this article here: Active Directory installation stalls at the "Creating the NTDS settings object", This is a result of either the domain credentials being the same as the local credentials? Or I have incorrectly provided the domain credentials to the installation.

I have deleted and recreated the VM many times, trying to perform the installation. I tried logging into VM2 as the domain admin, and performing the promotion. I have also tried just about every means of providing the domain credentials during the promotion (Username1@domain:Password1, DOMAIN\Username1:Password1, domain.com\Username1:Password1), no matter what the installation hangs. Each time I was careful to follow the steps in the article for removing VM2 from the forest on VM1 before trying to promote again.

I believe I am missing a step, or not seeing a small piece I am missing, but my inexperience is shining through.

What am I missing when promoting DC2 to a replica DC?

Mark L
  • 81
  • 4
  • 1
    Don't forget to check dns setup . This technet article say you must delete the computer(server2 in computer) account from ad (on your server1) , clean the server with remove roles and relaunch the ad install . – YuKYuK Feb 11 '15 at 14:35
  • 3
    `I was hoping to start off on the right foot, and get Active Directory up and running in Azure` - I'm curious why you deem that the right foot? What's your business case for it? What's your end goal? Are you trying to do this in Azure because "Everyone else is putting their stuff in the cloud!"? – joeqwerty Feb 12 '15 at 04:23
  • Are you seeing the events in that Technet article in your Server Event logs? – Simon W Feb 12 '15 at 10:32
  • @SimonW yes, I am seeing the exact same events in my logs as in the article. – Mark L Feb 16 '15 at 12:51
  • I would think DNS isn't the issue, because you said that you were able to join the domain to begin with. But it still seems like maybe you have bad DNS info. Are you doing anything foolish like internally doing static addressing on those DCs? – Kevin Remde Aug 25 '15 at 15:49

1 Answers1

1

Have you changed the DNS for the Azure network to use your first DC as DNS, instead of Azure DNS (default). The 2nd DC wouldn't be able to find the first DC without that being listed in the settings for the Azure network.

Jennelle Crothers
  • 421
  • 2
  • 10