Windows 2012 R2 DC to Windows 2022 DC Migration

Question

Windows 2012 R2 DC to Windows 2022 DC Migration

A Ska 241

Dears

We're planning Domain Controller migration from 2012 R2 to 2022.

We have 2 DCs 2012 R2 that must be migrated on 2 others DC 2022. We'll keep the same IP of old DCs because of dns dhcp settings on all of our devices

We do not have this patch installed on our 2012R2 DCs:

https://support.microsoft.com/it-it/topic/kb5008380-aggiornamenti-dell-autenticazione-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041

Is it mandatory before adding the new DCs to the domain?

There may be problems if not installed?

Thanks

A Ska 241 Reputation points

2024-05-09T09:57:51.6366667+00:00

Furthermore, could this patch get issues about domain authentication?

Thanks
Anonymous

2024-05-16T08:39:03.7933333+00:00

Hello ,

Good day!

How are things going? I have not heard back from you in a few days and wanted to check on the status of your problem. Please let me know the results of your troubleshooting. Your time is greatly appreciated.

Best Regards,

Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
A Ska 241 Reputation points

2024-05-17T16:52:30.7066667+00:00

I added 2 DCs 2022 without First installing the mentioned patches on the old DCs. Now we randomly have RDP session issues "invalid credentials". Cifs and logons have no problems. Any suggestioni?

1 answer

Your answer

A Ska 241 Reputation points

2024-05-09T09:57:51.6366667+00:00

Furthermore, could this patch get issues about domain authentication?

Thanks
Anonymous

2024-05-16T08:39:03.7933333+00:00

Hello ,

Good day!

How are things going? I have not heard back from you in a few days and wanted to check on the status of your problem. Please let me know the results of your troubleshooting. Your time is greatly appreciated.

Best Regards,

Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
A Ska 241 Reputation points

2024-05-17T16:52:30.7066667+00:00

I added 2 DCs 2022 without First installing the mentioned patches on the old DCs. Now we randomly have RDP session issues "invalid credentials". Cifs and logons have no problems. Any suggestioni?

Answer 1

Hello A Ska,

Thank you for posting in Q&A forum.

Is it mandatory before adding the new DCs to the domain?

A1: I think it is not mandatory.

There may be problems if not installed?
A2: You can read:
User's image

Furthermore, could this patch get issues about domain authentication?

A3: I think There is no issue related to domain authentication. But CVE-2021-42287 addresses a security bypass vulnerability that affects the Kerberos Privilege Attribute Certificate (PAC) and allows potential attackers to impersonate domain controllers.

To be on the safe side, Microsoft strongly recommends installing the necessary updates.

https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

Best Regards,

Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

A Ska 241 Reputation points

2024-05-23T16:40:49.85+00:00

Dear

After adding 2 DCs (W2022 not patched) to the other 2 2012 Domain controllers (not patched with KB5008380 ), on the old DC with FSMO roles we notice Event 37 and sometimes we have authentication errors in the network.

We plan to demote old DC next week but I want to avoid any issue till then.

Do you suggest to install the KB5008380 asap on 2012 DCs? could it be that the lack of patches KB5008380 on 2012 and the coexistence with the two DC 2022 could lead to problems?

Thanks

Share via

Windows 2012 R2 DC to Windows 2022 DC Migration

1 answer

Your answer