All Products
Search

This Product

    :Usage notes for and FAQ about installing an AD domain controller on a Windows ECS instance

    Document Center

    :Usage notes for and FAQ about installing an AD domain controller on a Windows ECS instance

    Last Updated:Apr 10, 2023

    This topic describes the usage notes for installing an Active Directory (AD) domain controller on a Windows Elastic Compute Service (ECS) instance. This topic also provides answers to some frequently asked questions about the installation.

    Note

    In this topic, an ECS instance that runs Windows Server 2008 R2 SP1 x64 is used. The instance works as the master node and has the DNS client deployed.

    Usage notes

    • The TCP/IP NetBIOS Helper service and Remote Registry service must start on each domain node of the Windows instance. By default, the services are disabled. We recommend that you configure the services to automatically run.

    • For all nodes except the domain, the IP address of the DNS server, the Internet network interface, and the private network interface must be changed to the private IP address of the instance.

    • The service set identifier (SSID) of each node except the domain must be modified.

    • After the sysprep tool is run on the Windows instance, the instance must be restarted in repair mode.

    • After the primary domain is created, you must use a username in the <Domain name/username> format to log on to the instance.

    What do I do if an AD domain controller cannot be installed and the error message "Failed to install active directory domain services binaries" appears?

    Problem description

    An AD domain controller cannot be installed on the Windows instance and the error message "Failed to install active directory domain services binaries" appears.

    Cause

    The error displayed on the Windows Event Viewer indicates that the Remote Registry service is disabled and cannot be started as expected.

    Solution

    To start the Remote Registry service, perform the following steps:

    1. Connect to the Windows instance.

      For more information, see Connect to a Windows instance by using a password or key.

    2. In the taskbar on the desktop, click Start and select Run. In the Run dialog box, enter services.msc and click OK.

    3. In the Services window, double-click Remote Registry to open the Remote Registry Properties window. In the Remote Registry Properties window, configure the following settings:

      • Set Startup type to Automatic.

      • In the Service status section, click Start to ensure that the Remote Registry service can be started as expected.

    4. Click OK.

    What do I do if the error message "This computer has dynamically assigned IP addresses" appears when I install an AD domain controller?

    Problem description

    When you install an AD domain controller on the Windows instance, the error message "This computer has dynamically assigned IP addresses" appears.

    Cause

    At least one physical network adapter on the instance does not have a static IP address.

    Solution

    1. Connect to the Windows instance.

      For more information, see Connect to a Windows instance by using a password or key.

    2. Install an AD domain controller.

    3. In the Static IP assignment window, click Yes.

    Note

    Loopback uses the Dynamic Host Configuration Protocol (DHCP) and can work as expected without a static IP address.

    What do I do if the 0x0000232B RCODE_NAME_ERROR error code is returned when I install an AD domain controller?

    Problem description

    When you install an AD domain controller on the Windows instance, the 0x0000232B RCODE_NAME_ERROR error code is returned.

    Cause

    IP addresses are improperly configured in the DNS server.

    Solution

    To resolve the issue, perform the following steps to change the DNS server addresses to the private IP address of the instance:

    1. Connect to the Windows instance.

      For more information, see Connect to a Windows instance by using a password or key.

    2. Open the Internet Protocol Version 4 (TCP/IP) Properties window, change the DNS server addresses, and then click OK.

      Note

      Change the DNS server addresses to the private IP address of the instance.

      p13294

    3. Check whether the IP address of the DNS server can be pinged.

    What do I do if the error message "The network path was not found" appears when I install an AD domain controller?

    Problem description

    When you install an AD domain controller on the Windows instance, the error message "The network path was not found" appears.

    Causes

    The issue may be caused by the following reasons:

    • The TCP/IP NetBIOS Helper service and Remote Registry service do not start on the AD domain controller and DNS client.

    • The DNS configurations of the DNS client and AD domain controller are improper.

    • The security identifier (SID) of the DNS client is the same as the SID of the AD domain controller.

    • The firewall or security software blocks the DNS client.

    Solution

    To resolve the preceding issue, perform the following operations:

    Start the TCP/IP NetBIOS Helper service and Remote Registry service

    Start the TCP/IP NetBIOS Helper service and Remote Registry service for the AD domain controller and the DNS client. For more information, see the Solution sections in this topic.

    Modify the DNS configurations of the DNS client

    For more information, see the Solution sections in this topic.

    Modify the SID of the DNS client

    Perform the following operations:

    1. Connect to the Windows instance.

      For more information, see Connect to a Windows instance by using a password or key.

    2. Download the PowerShell script that is used to modify the SID of the DNS client.

    3. Open Command Prompt and enter powershell to go to the Windows PowerShell page.

      Note

      If the operating system of the instance is 64-bit, do not use a 32-bit PowerShell (Windows PowerShell (x86)) script. If you use the preceding script, an error is reported.

    4. Go to the script storage path and run the following command to view the description of the script tool : 

      .\AutoSysprep.ps1 -help

    5. Run the following command to initialize the SID of the server: 

      .\AutoSysprep.ps1 -ReserveHostname -ReserveNetwork -SkipRearm -PostAction "reboot"

      After the SID is initialized, the instance is restarted. Take note of the following items:

      • The IP address of the DNS server is changed from a dynamic IP address that is assigned based on DHCP to a static IP address. Make sure that the static IP address is the same as the IP address of the instance. You can configure the IP address to be assigned based on DHCP to obtain the primary private IP address of the instance.

        Note

        If you modify the primary private IP address of the instance in the ECS console, access exceptions occur due to the modifications to the IP address. We recommend that you do not modify the primary private IP address of the instance in the ECS console.

      • After the SID is initialized, the configurations of the firewall on the instance are changed to the default configurations of Microsoft. As a result, the instance cannot be pinged. You must disable the guest or public network firewall, or allow traffic on appropriate ports.

    6. Open Control Panel to disable the guest or public network firewall.

      After the guest or public network firewall is disabled, the server can be pinged.

    Configure the firewall or security software to allow access from the DNS client

    For more information, see Configure Windows Firewall rules for Windows Server instances.