Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Can not install a secondary DC (role = DC) #1629

Open
mfgjwaterman opened this issue Apr 14, 2024 · 2 comments
Open

[Bug]: Can not install a secondary DC (role = DC) #1629

mfgjwaterman opened this issue Apr 14, 2024 · 2 comments
Assignees
@raandree

Comments

@mfgjwaterman
Copy link

mfgjwaterman commented Apr 14, 2024
edited by raandree

Description

I'm not able to install a second domain controller in a domain, the ALDCPromo log file contains these errors:

Windows PowerShell transcript start
Start time: 20240414192408
Username: LAB-DC02\Administrator
RunAs User: LAB-DC02\Administrator
Configuration Name: Microsoft.PowerShell
Machine: LAB-DC02 (Microsoft Windows NT 10.0.20348.0)
Host Application: C:\Windows\system32\wsmprovhost.exe -Embedding
Process ID: 8064
PSVersion: 5.1.20348.2227
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.20348.2227
BuildVersion: 10.0.20348.2227
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1

Install-ADDSDomainController : Verification of user credential permissions failed. An Active Directory domain 
controller for the domain "security.lan" could not be contacted.

Ensure that you supplied the correct DNS domain name.

At line:110 char:19
+         $result = Install-ADDSDomainController @param
+                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Install-ADDSDomainController], TestFailedException
    + FullyQualifiedErrorId : Test.VerifyUserCredentialPermissions.DCPromo.General.25,Microsoft.DirectoryServices.Deploy
ment.PowerShell.Commands.InstallADDSDomainControllerCommand
Write-ScreenInfo : The term 'Write-ScreenInfo' is not recognized as the name of a cmdlet, function, script file, or 
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try 
again.
At line:122 char:9
+         Write-ScreenInfo "The first try to promote '$(HOSTNAME.EXE)'  ...
+         ~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Write-ScreenInfo:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
Install-ADDSDomainController : Verification of user credential permissions failed. An Active Directory domain 
controller for the domain "security.lan" could not be contacted.

Ensure that you supplied the correct DNS domain name.



At line:128 char:23
+             $result = Install-ADDSDomainController @param
+                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Install-ADDSDomainController], TestFailedException
    + FullyQualifiedErrorId : Test.VerifyUserCredentialPermissions.DCPromo.General.25,Microsoft.DirectoryServices.Deploy
ment.PowerShell.Commands.InstallADDSDomainControllerCommand
Write-ScreenInfo : The term 'Write-ScreenInfo' is not recognized as the name of a cmdlet, function, script file, or 
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try 
again.
At line:122 char:9
+         Write-ScreenInfo "The first try to promote '$(HOSTNAME.EXE)'  ...
+         ~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Write-ScreenInfo:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
Install-ADDSDomainController : Verification of user credential permissions failed. An Active Directory domain 
controller for the domain "security.lan" could not be contacted.

Ensure that you supplied the correct DNS domain name.



At line:128 char:23
+             $result = Install-ADDSDomainController @param
+                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Install-ADDSDomainController], TestFailedException
    + FullyQualifiedErrorId : Test.VerifyUserCredentialPermissions.DCPromo.General.25,Microsoft.DirectoryServices.Deploy
ment.PowerShell.Commands.InstallADDSDomainControllerCommand
Write-ScreenInfo : The term 'Write-ScreenInfo' is not recognized as the name of a cmdlet, function, script file, or 
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try 
again.
At line:122 char:9
+         Write-ScreenInfo "The first try to promote '$(HOSTNAME.EXE)'  ...
+         ~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Write-ScreenInfo:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
Install-ADDSDomainController : Verification of user credential permissions failed. An Active Directory domain 
controller for the domain "security.lan" could not be contacted.

Ensure that you supplied the correct DNS domain name.

ALDCPromo.log
powershell_support_pack_2024_04_14-20_04_45.zip

Steps to reproduce the issue

Use the following script. I have a default gateway running pfsense, but I've tested this with the router role and getting the same results.

New-LabDefinition -Name "Demo" `
                  -DefaultVirtualizationEngine HyperV

Add-LabVirtualNetworkDefinition -Name 'Internal Virtual Switch' `
                                -HyperVProperties @{SwitchType = 'Internal'; AdapterName = 'vEthernet (Internal Virtual Switch)'} `
                                -AddressSpace 192.168.11.0/24

Add-LabMachineDefinition -Name "LAB-DC01" `
                         -OperatingSystem 'Windows Server 2022 Standard Evaluation (Desktop Experience)' `
                         -Network 'Internal Virtual Switch' `
                         -Memory 8GB `
                         -Processors 4 `
                         -EnableWindowsFirewall `
                         -Gateway 192.168.11.254 `
                         -IpAddress 192.168.11.3 `
                         -Roles RootDC `
                         -DomainName 'security.lan'
                         
Add-LabMachineDefinition -Name "LAB-DC02" `
                         -OperatingSystem 'Windows Server 2022 Standard Evaluation (Desktop Experience)' `
                         -Network 'Internal Virtual Switch' `
                         -Memory 8GB `
                         -Processors 4 `
                         -EnableWindowsFirewall `
                         -Gateway 192.168.11.254 `
                         -IpAddress 192.168.11.4 `
                         -Roles DC `
                         -DomainName 'security.lan'
                         
Add-LabMachineDefinition -Name "LAB-SRV01" `
                         -OperatingSystem 'Windows Server 2022 Standard Evaluation (Desktop Experience)' `
                         -Network 'Internal Virtual Switch' `
                         -Memory 8GB `
                         -Processors 4 `
                         -EnableWindowsFirewall `
                         -Gateway 192.168.11.254 `
                         -DomainName 'security.lan'

Install-Lab

PowerShell Version

Name                           Value
----                           -----
PSVersion                      7.4.1
PSEdition                      Core
GitCommitId                    7.4.1
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

AutomatedLab Version

ame                      Version
----                      -------
AutomatedLab              5.51.0
AutomatedLab.Common       2.3.25
AutomatedLab.Recipe       5.51.0
AutomatedLab.Ships        5.51.0
AutomatedLabCore          5.51.0
AutomatedLabDefinition    5.51.0
AutomatedLabNotifications 5.51.0
AutomatedLabTest          5.51.0
AutomatedLabUnattended    5.51.0
AutomatedLabWorker        5.51.0
@mfgjwaterman
Copy link
Author

mfgjwaterman commented Apr 15, 2024
edited by raandree

I made a bit of progress today.

I noticed that the first DNS server of the secondary DC is pointing to itself during installation. I performed a few tests and DNS resolution to find the domain is broken with that setup. If I manually set the first dns server to point to the first installed DC, the installation is successful.

Is this a bug or did I configure something incorrectly? I've simplified the script to this:

$labName = 'Security'

#create an empty lab template and define where the lab XML files and the VMs will be stored
New-LabDefinition -Name $labName -DefaultVirtualizationEngine HyperV

#make the network definition
Add-LabVirtualNetworkDefinition -Name $labName -AddressSpace 192.168.12.0/24
Add-LabVirtualNetworkDefinition -Name 'External Virtual Switch' -HyperVProperties @{SwitchType = 'External'; AdapterName = 'vEthernet (External Virtual Switch)'}

#and the domain definition with the domain admin account
Add-LabDomainDefinition -Name 'security.local' -AdminUser Install -AdminPassword Somepass1
Set-LabInstallationCredential -Username Install -Password Somepass1

#Set the parameters that are the same for all machines
$PSDefaultParameterValues = @{
    'Add-LabMachineDefinition:Network' = $labName
    'Add-LabMachineDefinition:Processors' = 4
    'Add-LabMachineDefinition:Memory' = 4GB
    'Add-LabMachineDefinition:OperatingSystem' = 'Windows Server 2022 Standard Evaluation (Desktop Experience)'
}

$netAdapterRouter = @()
$netAdapterRouter += New-LabNetworkAdapterDefinition -VirtualSwitch $labName
$netAdapterRouter += New-LabNetworkAdapterDefinition -VirtualSwitch 'External Virtual Switch' -UseDhcp

#Defining contoso.com machines
Add-LabMachineDefinition -Name LABDC1 -IpAddress 192.168.12.10 `
    -DomainName 'security.local' -Roles RootDC

Add-LabMachineDefinition -Name LABDC2 -IpAddress 192.168.12.11 `
    -DomainName 'security.local' -Roles DC 

Add-LabMachineDefinition -Name Router -Roles Routing -NetworkAdapter $netAdapterRouter     

Install-Lab

Show-LabDeploymentSummary -Detailed

@mfgjwaterman
Copy link
Author

mfgjwaterman commented Apr 17, 2024
edited by raandree

Update 2:

I've noticed that each time I use a new $AddressSpace, the installation was successful, so it's something that sticks on my machine and messes with the network in some way. This is what I now have as a procedure which is successful 90% of the time:

Remove-Lab -Name Security -RemoveExternalSwitches
Remove the Lab Switch Manually (This does not get removed when invoking the command above)
get-LabVirtualNetworkDefinition | remove-LabVirtualNetworkDefinition
get-LabVirtualNetworkDefinition (Check if anything is left)
ipconfig /flushdns

Manually remove the lab directory in C:\ProgramData\AutomatedLab\Labs

That seems to improve the success of installation for a great deal.

If there's anything else you want me to try or if you have any hints, tips or tricks, I would be happy to help.

@raandree raandree self-assigned this Apr 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@raandree raandree

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@raandree @mfgjwaterman