Question

Cannot join additional domain, create child domain or new tree in existing forest

Asked by: vinchan3

My problem is as following:

1. I created a new Windows Server 2003 R2 Standard Edition in Mainland.
I "dcpromo" it as a Child Domain or New Tree in existing forest via VPN.
But it shows the error in the attachment "Child Domain from Branch.jpg".

2. I created a new Windows Server 2003 R2 Standard Edition in Hong Kong
Virtual Machine. I "dcpromo" it as a additional Domain Controller in the
exisiting forest domain. But it alsow shows the error in the attachment
"Additional Domain Controller in VM.jpg"

I am sure that my account has Enterprise Admin and Schema Admin. DNS setting is correct.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-01-16 at 17:30:49ID23089061
Tags

Microsoft

,

Windows2003 R2 Standard Edition

,

2003 R2 SP2

,

Active Directory with Exchange 2007 Schema

Topics

Active Directory

,

Windows 2003 Server

Participating Experts
3
Points
500
Comments
9

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. DCPROMO Failed Forest Prep Error
    I am trying to set up another domain controller as a backup. The error that I am getting is: The Operation Failed: The AD Installation wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Us the AD prep command line tool to prepare...
  2. dcpromo
    I am trying to dcpromo a new server but i get this error The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep command-line tool to prepare both the forest and the domain. For more infor...
  3. Upgrading Forest Root from 2k3 R2 to 2K8
    I am thinking of upgrading my forest root from 2K3 R2 32-bit to 2K8 x64. Yes, I know you can't do an in place upgrade between architectures. I already have one 2K8 box as the domain controller of a child domain in the forest so ADPrep /forestprep has already been done. I ...
  4. New Forest
    I currently have a forest with a single domain in it called ad.company.com. I tried to create a new forest for our active director 2003 domain called company.intenral and dcpromo told me their was a conflict on the network. How can I resolve this issue? If I remove the dns...
  5. Forest Takeover
    Let's say the following scenario exists: A forest was built. All forest DC's were lost, only 2 domain level dc's exist. Is there a way to execute a forest takeover or force the DC's to become forest DC's?

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: sprucasPosted on 2008-01-16 at 18:20:23ID: 20678170

Looks like you are creating DC using R2 version of Windows - have you updated the Windows Schema to support R2??

If you haven't then you will not be able to add an R2 based DC

If you have added R2 schema then try the following before doing DC promo:

1. test dns connectivity by running > netdiag /test:dns
2. verify communications with existing DCs > netdiag /test:dsgetdc
3. verify connecitivity to existing FSMO servers - you will need to point this to existing DC >
dcdiag /s: domaincontroller /test:knowsofroleholders /v
dcdiag /s: domaincontroller /test:fsmocheck
4. Ensure subnet that you are installing DC into is listed in a Site within Sites and Services

 

by: vinchan3Posted on 2008-01-16 at 19:23:47ID: 20678434

In fact, I search over the Google and this experts-exchange knowledge library. I found that one question is very similar to me in experts-exchange knowledge library. But the Author said that he found the Microsoft directly. Then, the Author does not write any solution.

It seems a very complicated problem! Hope any expert can help me!

 

by: kpradPosted on 2008-01-16 at 20:07:40ID: 20678610

looking at the errors, and considering that you had checked the settings of DNS and the FSMo roles.
Could you also check the following Domain controller policy and ADD administrator if not already added to the following:
Access this computer from the network.
enable compouter and user accounts to be trusted for delegation.

also for Dc promotion issue you could also check the dcpromo.log file.

 

by: vinchan3Posted on 2008-01-16 at 20:11:27ID: 20678627

1/17 11:16:46 [INFO] Promotion request for domain controller of new domain
01/17 11:16:46 [INFO] DnsDomainName  yfgj.kck.com.hk
01/17 11:16:46 [INFO]       FlatDomainName  YFGJ0
01/17 11:16:46 [INFO]       SiteName  (NULL)
01/17 11:16:46 [INFO]       SystemVolumeRootPath  C:\WINDOWS\SYSVOL
01/17 11:16:46 [INFO]       DsDatabasePath  C:\WINDOWS\NTDS, DsLogPath  C:\WINDOWS\NTDS
01/17 11:16:46 [INFO]       ParentDnsDomainName  kck.com.hk
01/17 11:16:46 [INFO]       ParentServer  (NULL)
01/17 11:16:46 [INFO]       Account KCK.COM.HK\administrator
01/17 11:16:46 [INFO]       Options  192
01/17 11:16:46 [INFO] Validate supplied paths
01/17 11:16:46 [INFO] Validating path C:\WINDOWS\NTDS.
01/17 11:16:46 [INFO]       Path is a directory
01/17 11:16:46 [INFO]       Path is on a fixed disk drive.
01/17 11:16:46 [INFO] Validating path C:\WINDOWS\NTDS.
01/17 11:16:46 [INFO]       Path is a directory
01/17 11:16:46 [INFO]       Path is on a fixed disk drive.
01/17 11:16:46 [INFO] Validating path C:\WINDOWS\SYSVOL.
01/17 11:16:46 [INFO]       Path is on a fixed disk drive.
01/17 11:16:46 [INFO]       Path is on an NTFS volume
01/17 11:16:46 [INFO] Child domain creation -- check the new domain name is child of parent domain name.
01/17 11:16:46 [INFO] Domain Creation -- check that the flat name is unique.
01/17 11:16:51 [INFO] Start the worker task
01/17 11:16:51 [INFO] Request for promotion returning 0
01/17 11:16:51 [INFO] No source DC or no site name specified. Searching for dc in domain kck.com.hk: ( DS_REQUIRED | WRITABLE )
01/17 11:16:51 [INFO] Searching for a domain controller for the domain kck.com.hk
01/17 11:16:51 [INFO] Located domain controller kck.com.hk for domain (null)
01/17 11:16:51 [INFO] No user specified source DC
01/17 11:16:51 [INFO] No user specified site
01/17 11:16:51 [INFO] Using site YF for server kck.com.hk
01/17 11:16:51 [INFO] Forcing a time synch with \\hkpdc.kck.com.hk
01/17 11:16:51 [ERROR] Failed to get the current time on \\hkpdc.kck.com.hk: 5
01/17 11:16:51 [ERROR] NON-FATAL error forcing a time sync (5).  Ignoring
01/17 11:16:52 [INFO] Reading domain policy from the domain controller \\hkpdc.kck.com.hk
01/17 11:16:52 [INFO] Stopping service NETLOGON
01/17 11:16:52 [INFO] Stopping service NETLOGON
01/17 11:16:52 [INFO] Configuring service NETLOGON to 1 returned 0
01/17 11:16:52 [INFO] Stopped NETLOGON
01/17 11:16:52 [INFO] Creating the System Volume C:\WINDOWS\SYSVOL
01/17 11:16:52 [INFO] Deleting current sysvol path C:\WINDOWS\SYSVOL
01/17 11:16:57 [INFO] Preparing for system volume replication using root C:\WINDOWS\SYSVOL
01/17 11:16:57 [INFO] Created the system volume
01/17 11:16:57 [INFO] Copying initial Directory Service database file C:\WINDOWS\system32\ntds.dit to C:\WINDOWS\NTDS\ntds.dit
01/17 11:16:58 [INFO] Installing the Directory Service
01/17 11:16:58 [INFO] Calling NtdsInstall for yfgj.kck.com.hk
01/17 11:16:58 [INFO] Starting Active Directory installation
01/17 11:16:58 [INFO] Validating user supplied options
01/17 11:16:58 [INFO] Determining a site in which to install
01/17 11:16:58 [INFO] Examining an existing Active Directory forest
01/17 11:16:59 [INFO] Configuring the local domain controller to host Active Directory
01/17 11:17:07 [INFO] Replicating the schema directory partition
01/17 11:17:08 [INFO] Error - Active Directory could not replicate the directory partition CN=Schema,CN=Configuration,DC=kck,DC=com,DC=hk from the remote domain controller hkpdc.kck.com.hk. (5)
01/17 11:17:09 [INFO] NtdsInstall for yfgj.kck.com.hk returned 5
01/17 11:17:09 [INFO] DsRolepInstallDs returned 5
01/17 11:17:09 [ERROR] Failed to install the directory service (5)
01/17 11:17:15 [INFO] The attempted domain controller operation has completed
01/17 11:17:15 [INFO] DsRolepSetOperationDone returned 0

 

by: sprucasPosted on 2008-01-16 at 20:55:56ID: 20678864

01/17 11:16:51 [INFO] Forcing a time synch with \\hkpdc.kck.com.hk
01/17 11:16:51 [ERROR] Failed to get the current time on \\hkpdc.kck.com.hk: 5
01/17 11:16:51 [ERROR] NON-FATAL error forcing a time sync (5).  Ignoring

looks like you have a time sync issue - check and make sure that the computer is syncing its time correctly with the PDC Emulator for the Domain

did the fsmo check before show the schema master??
could you server contact the schema master correctly??

you haven't said whether the R2 schema has been implemented?? is this the case??

 

by: vinchan3Posted on 2008-01-16 at 21:57:26ID: 20679063

I run the time sync command by w32tm /resync. I am sure that the time sync is correct.

Furthermore, as all servers are Windows 2003 R2, it seems that no need to implement the R2 schema preparation, right?

 

by: SteveH_UKPosted on 2008-01-16 at 22:13:24ID: 20679102

See my blog entry for configuring time in an Active Directory domain.  If you don't have this sorted, then Kerberos can fail and domain replication can fail in many ways.  Using w32tm /resync is not sufficient.

See:
http://blogs.bdnet.co.uk/steve/archive/2008/01/06/The-Windows-Time-Service.aspx

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...