kevinlee83
asked on
Unable to demote DC using dcpromo
Setup:
Two DC one is primary, other is secondary. Both set as global catalog.
Situation:
1.) I need to demote the primary DC so that I can format and reload due to some other issues, however when i run dcpromo I get a dialog box titled "New Credentials" that says "The operation failed because: The attempt to configure the machine account CORP-SRV-01$ on server corp-srv-02.local.com failed. "Access is denied." followed by "Specify an account with Enterprise Administrator privileges to the forest, "local.com". At the bottom of this whole box are text fields where I can type in the username, password, and domain.
2.) I have tried the Administator username and password.
3.) The Administrator profile is a member of the Enterprise Administrator group.
4.) If possible I would like not to force a demotion.
Thanks for the help.
Two DC one is primary, other is secondary. Both set as global catalog.
Situation:
1.) I need to demote the primary DC so that I can format and reload due to some other issues, however when i run dcpromo I get a dialog box titled "New Credentials" that says "The operation failed because: The attempt to configure the machine account CORP-SRV-01$ on server corp-srv-02.local.com failed. "Access is denied." followed by "Specify an account with Enterprise Administrator privileges to the forest, "local.com". At the bottom of this whole box are text fields where I can type in the username, password, and domain.
2.) I have tried the Administator username and password.
3.) The Administrator profile is a member of the Enterprise Administrator group.
4.) If possible I would like not to force a demotion.
Thanks for the help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I had almost a similar problem. I was setting a test enviornment and trying to demote a replica DC. Got the same error, saying "Access Denied" and wanted credentials. Nothing would work. But then I noticed that I could not access Group Policy either, and my problems were a little deeper than that. Microsoft's website suggested reinstalling the File and Printer sharing service, but that didn't help me much. Since it was a test enviornment, I didn't care much.
What does the DCpromo.log say on the server you are trying to demote? I think it's in C:\Windows\System32 folder.