Wednesday, February 19, 2014

Adding a Windows 2012 R2 Essential Server to a existing domain

Adding a new Windows 2012 R2 Essentials server to a existing domain is a supported scenario by microsoft.

The new server will then be the primary server for all the ADS roles.

Unfortunally this does not mean it will just work out of the box.

The basic steps for this are:

- Make the basic installtion of the windows server

- Don't follow the wizard after installation, just cancel it
- Important: Set the server name you wish to use now, you won't be able to change it later on
- Install the Active Directory Services on the new server
- Add the new server as a additional ADS server in the existing domain
- Let the wizard finish the essentials configuration

The details can be found on the microsoft product site.

Unfortunally the wizard won't finish, but rather say: Error occured and nothing is logged.

The post-config wizard won't let you configure the Essentials Experience role because it's unable to start the 'Windows Server Essentials Management Service' system service. This service is configured to run under the <domain>\ServerAdmin$ account. This account must have 'Log on as a service' rights.
  • Go to Group Policy Management
  • Edit your policy, such as the 'Default Domain Controllers Policy'
  • Go to Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ User Rights Assignment
  • Edit 'Log on as a service' and add 2 accounts: <domain>\ServerAdmin$ and <domain>\MediaAdmin$
The ServerAdmin$ is enough to let the wizard finish the configuration. The MediaAdmin$ is needed for the 'Windows Server Essentials Media Streaming Service'.