I recently inherited infrastructure duties for a small startup I am working with. My traditional role has been development, so bear with me...

I was hoping to start off on the right foot, and get Active Directory up and running in Azure. I have followed the guides on Microsoft's TechNet for Installing an AD forest in an Azure VPN, and I have the following structure

Azure VPN, configured for Site-to-Site VPN with my local network, it shows as connected properly.

  • Subnet: 192.168.5.0/24 HQNET
  • Subnet: 192.169.1.0/24 Site-to-Site VPN Gateway
  • Subnet: 192.169.2.0/24 Auth
  • Subnet: 192.169.3.0/24 Apps
  • Subnet: 192.169.4.0/24 Data
  • Subnet: 192.169.6.0/24 Middle

I have Server 2012 R2 on an A1 Standard VM in the Auth subnet, IP 192.169.2.4. AD Install went great, started a new forest, everything seemed to work well. This VM was created with Username1/Password1, which is automatically added as a Domain Admin/Enterprise Admin when AD is installed.

I spin up a second Server 2012 R2 A1 Standard VM for replication purposes within the same Auth Subnet - IP 192.169.2.5, and create this VM with Username2/Password2. I then join this VM to the domain created with the first DC. After joining the domain, I attempt to promote this VM as a replica DC. It asks for credentials to perform this action, and I provide DOMAIN\Username1:Password1 as the credentials.

During the promotion process AD reaches a step where it is "Creating an NTDS settings object" on the parent AD VM, the installation stalls out at this step. According to this article here: Active Directory installation stalls at the "Creating the NTDS settings object", This is a result of either the domain credentials being the same as the local credentials? Or I have incorrectly provided the domain credentials to the installation.

I have deleted and recreated the VM many times, trying to perform the installation. I tried logging into VM2 as the domain admin, and performing the promotion. I have also tried just about every means of providing the domain credentials during the promotion (Username1@domain:Password1, DOMAIN\Username1:Password1, domain.com\Username1:Password1), no matter what the installation hangs. Each time I was careful to follow the steps in the article for removing VM2 from the forest on VM1 before trying to promote again.

I believe I am missing a step, or not seeing a small piece I am missing, but my inexperience is shining through.

What am I missing when promoting DC2 to a replica DC?


Solution 1:

Have you changed the DNS for the Azure network to use your first DC as DNS, instead of Azure DNS (default). The 2nd DC wouldn't be able to find the first DC without that being listed in the settings for the Azure network.