Domain Name System

How to enter the second server (controller) into the domain?

Good afternoon
Tell me the solution to this problem
. We have 2 sites A and B, they are connected by an ipsec tunnel, in the role of Mikrotik CHR and RB951 gateways.

There is a connection between the sites, ping passes without loss https://pastebin.com/TLTQq2ZR
172.19.1.1 - the gateway of the neighboring site A,
Serv1 server from Site A, 172.19.1.10 -
ip address of the server from site A.
Server Serv1 is a server from Site A has its network config here https://pastebin.com/2NjQ2c8F
Server Serv2 is the server from site B its network config is here https://pastebin.com/CNTKVs8E

I ran commands from server Serv2.ms.local "nlslookup ,ping name server, tracert "results here https://pastebin.com/Db1ef9wg
The ping serv1 .ms.local command did not work for me, because when entering the serv1 server, an A record was not created in DNS, I added it manually, then the command was completed successfully.
I ran the same commands from the server Serv1.ms.local results here https://pastebin.com/AndXEeur
Port availability here https://pastebin.com/fVWFDh65
Sites created, networks created


The problem is that I entered the server Serv1 in ms.local domain, but when I promote it to a domain controller, I get errors of this kind

Rights to the sysvol folder

In the dcpromo log there are such entries https://pastebin.com/VUqWBr8n

Entering the domain was carried out with a domain record Administrator
of his rights


I tried to change ipsec to L2TP , tracing worked correctly, without * * * , but problems with server promotion are the same.