We help IT Professionals succeed at work.

Active Directory Installation Error

Noyan Gonulsen
on
Medium Priority
1,164 Views
Last Modified: 2012-05-06
Hi All,

I'm receiving an error message when installing active directory. Im adding another domain controller in an existing domain and Im getting:
Active directory installation failed. The operation failed because: Failed to configure the service kdc has requested. "The specified service does not exist as an installed service."

Any help would be greatly appreciated,

Thanks in Advance
Comment
Watch Question

Joseph MoodyBlogger and wearer of all hats.
CERTIFIED EXPERT

Commented:
Does it list the service Kerberos Key Distribution Center has requested? Do you see any errors related to this in event viewer or in any dcpromo logs? Use the link below to read up on the logging habits of dcpromo:

http://support.microsoft.com/kb/265090

The DCpromo log is location in %SystemRoot%\Debug
Chris HudsonCloud Security Architect
CERTIFIED EXPERT

Commented:
check the following in running DC
1)Replication
2)Sysvol shared or not
3)Name resolution from the new server

If all these are fine ,check whether "clients for Microsoft Networks" and "File and Printer Sharing for Microsoft Networks" is installed.

Update Ur server latest service apck

Author

Commented:
Hi Jmoody10,

I've looked in the dcpromo log and recieved this error:
 OpenService on kdc failed with 1060
02/13 09:27:05 [INFO] Configuring service kdc to 16 returned 1060
02/13 09:27:05 [INFO] Error - Failed to configure the service kdc as requested
 (1060)
02/13 09:27:05 [INFO] OpenService on RPCLOCATOR failed with 5
02/13 09:27:05 [INFO] Configuring service RPCLOCATOR to 0 returned 5
02/13 09:27:05 [INFO] OpenService on IsmServ failed with 5
02/13 09:27:05 [INFO] Configuring service IsmServ to 0 returned 5
02/13 09:27:05 [INFO] OpenService on kdc failed with 1060
02/13 09:27:05 [INFO] Configuring service kdc to 0 returned 1060
02/13 09:27:05 [ERROR] Failed to configure domain controller services (1060)

What I'm trying to accomplish is:
I have a DC in a remote site (I believe to be orphaned). It's the only site that's not replicating properly
I'm trying to setup a dc to ship out there
Once out there, I wanted to remove ad off the orphaned DC (If I have any issue I have the new dc waiting).

Author

Commented:
Hey Chris,

The only issue is that the replication is not happening to one dc in a remote site. All other dc's in other sites are fine.
Joseph MoodyBlogger and wearer of all hats.
CERTIFIED EXPERT

Commented:
Before I start looking further into this, is your  domain server 2003 or 2008?

Author

Commented:
It's server 2000
Joseph MoodyBlogger and wearer of all hats.
CERTIFIED EXPERT

Commented:
Sad. I was hoping you were using server 2008. Ok. I will see what I kind find about this error.
Chris HudsonCloud Security Architect
CERTIFIED EXPERT

Commented:
could you send me DCpromo log and netmon trace while running dcpromo.From your side first check, from  which DC this new server is trying to pull data.You will see in DCpromo log
In netmon trace first filter with "tcp.port==135",there you will see RPC Map response for NTDS API ,expand that tree and find the port number for replication.Filter with that port number so that u can see where it's failing.

I will always recommend to remove orphaned DC from domain before the DC promotion
http://support.microsoft.com/kb/216498

Author

Commented:
Hey Chris,

Here is the dcpromo log file; ( i will run it again with the netmon trace running).
Interesting note when looking at the log file, irwin-server is only a GC while irwin-primary holds all the fsmo roles.

02/17 11:34:22 [INFO] Promotion request for replica domain controller
02/17 11:34:22 [INFO] DnsDomainName  irwin-ind.com
02/17 11:34:22 [INFO]       ReplicaPartner  (NULL)
02/17 11:34:22 [INFO]       SiteName  (NULL)
02/17 11:34:22 [INFO]       DsDatabasePath  C:\WINNT\NTDS, DsLogPath  C:\WINNT\NTDS
02/17 11:34:22 [INFO]       SystemVolumeRootPath  C:\WINNT\SYSVOL
02/17 11:34:22 [INFO]       Account irwin-ind.com\administrator
02/17 11:34:22 [INFO]       Options  196
02/17 11:34:22 [INFO] Validate supplied paths
02/17 11:34:22 [INFO] Validating path C:\WINNT\NTDS.
02/17 11:34:22 [INFO]       Path is a directory
02/17 11:34:22 [INFO]       Path is on a fixed disk drive.
02/17 11:34:22 [INFO] Validating path C:\WINNT\NTDS.
02/17 11:34:22 [INFO]       Path is a directory
02/17 11:34:22 [INFO]       Path is on a fixed disk drive.
02/17 11:34:22 [INFO] Validating path C:\WINNT\SYSVOL.
02/17 11:34:22 [INFO]       Path is on a fixed disk drive.
02/17 11:34:22 [INFO]       Path is on an NTFS volume
02/17 11:34:22 [INFO] Start the worker task
02/17 11:34:22 [INFO] Request for promotion returning 0
02/17 11:34:22 [INFO] Searching for a domain controller for the domain irwin-ind.com that contains the account CALGARYSERVER$

02/17 11:34:22 [INFO] Located domain controller irwin-server.irwin-ind.com for domain irwin-ind.com

02/17 11:34:22 [INFO] Using site Richmondhill for server \\irwin-server.irwin-ind.com

02/17 11:34:22 [INFO] Forcing time sync
02/17 11:34:22 [INFO] Forcing a time synch with \\irwin-server.irwin-ind.com

02/17 11:34:23 [INFO] Setting machine account to be DC
02/17 11:34:23 [INFO] Configuring the server account

02/17 11:34:23 [INFO] Searching for the machine account for CALGARYSERVER$ on \\irwin-server.irwin-ind.com...
02/17 11:34:23 [INFO] Configuring the server account

02/17 11:34:23 [INFO] NtdsSetReplicaMachineAccount returned 0
02/17 11:34:23 [INFO] Previous location of account CALGARYSERVER$ to CN=CALGARYSERVER,CN=Computers,DC=irwin-ind,DC=com
02/17 11:34:23 [INFO] Stopping service NETLOGON

02/17 11:34:23 [INFO] Stopping service NETLOGON

02/17 11:35:23 [INFO] Configuring service NETLOGON to 1 returned 0
02/17 11:35:23 [INFO] Deleting current sysvol path C:\WINNT\SYSVOL
02/17 11:35:34 [INFO] Copying initial Directory Service database file C:\WINNT\system32\ntds.dit to C:\WINNT\NTDS\ntds.dit

02/17 11:35:37 [INFO] Installing the Directory Service

02/17 11:35:37 [INFO] Calling NtdsInstall for irwin-ind.com
02/17 11:35:37 [INFO] Starting the Directory Service installation
02/17 11:35:37 [INFO] Validating user supplied options
02/17 11:35:37 [INFO] Determining local site to enter
02/17 11:35:37 [INFO] Examining existing Enterprise Directory Service
02/17 11:35:37 [INFO] Starting a replication cycle between irwin-server.irwin-ind.com and irwin-primary.irwin-ind.com, the RID FSMO, so that the new replica will be able to create security principals.
02/17 11:35:38 [INFO] Configuring the local server to host the Directory Service
02/17 11:35:50 [INFO] Creating the ntdsa object for this server on irwin-server.irwin-ind.com.
02/17 11:35:50 [INFO] Replicating the Directory Service schema container
02/17 11:35:56 [INFO] Replicating CN=Schema,CN=Configuration,DC=irwin-ind,DC=com: received 536 out of 902 objects.
02/17 11:36:01 [INFO] Replicating CN=Schema,CN=Configuration,DC=irwin-ind,DC=com: received 1007 out of 902 objects.
02/17 11:36:02 [INFO] Replicating the Directory Service configuration container
02/17 11:36:08 [INFO] Replicating CN=Configuration,DC=irwin-ind,DC=com: received 536 out of 2163 objects.
02/17 11:36:13 [INFO] Replicating CN=Configuration,DC=irwin-ind,DC=com: received 1071 out of 2163 objects.
02/17 11:36:17 [INFO] Replicating CN=Configuration,DC=irwin-ind,DC=com: received 1124 out of 2163 objects.
02/17 11:36:17 [INFO] Replicating critical domain information
02/17 11:36:28 [INFO] Creating new domain security principals
02/17 11:36:29 [INFO] The Directory Service install is completing
02/17 11:36:29 [INFO] NtdsInstall for irwin-ind.com returned 0
02/17 11:36:29 [INFO] DsRolepInstallDs returned 0
02/17 11:36:29 [INFO] Setting AccountDomainInfo to:
02/17 11:36:29 [INFO]       Domain: IRWIN
02/17 11:36:29 [INFO]       Sid:  S-1-5-21-1008472541-494805893-1845911597
02/17 11:36:30 [INFO] Setting the LSA policy information from policy \\irwin-server.irwin-ind.com

02/17 11:36:30 [INFO] Setting Lsa policy 12 returned 0x0
02/17 11:36:30 [INFO] Setting Efs policy from \\irwin-server.irwin-ind.com returned 0x0
02/17 11:36:30 [INFO] DsRolepSetRegStringValue on SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\Auth2 to RASSFM returned 0
02/17 11:36:30 [INFO] Configuring service RPCLOCATOR

02/17 11:36:30 [INFO] Configuring service RPCLOCATOR to 16 returned 0
02/17 11:36:30 [INFO] Configuring service IsmServ

02/17 11:36:31 [INFO] Configuring service IsmServ to 16 returned 0
02/17 11:36:31 [INFO] OpenService on kdc failed with 1060
02/17 11:36:31 [INFO] Configuring service kdc to 16 returned 1060
02/17 11:36:31 [INFO] Error - Failed to configure the service kdc as requested
 (1060)
02/17 11:36:31 [INFO] OpenService on RPCLOCATOR failed with 5
02/17 11:36:31 [INFO] Configuring service RPCLOCATOR to 0 returned 5
02/17 11:36:31 [INFO] OpenService on IsmServ failed with 5
02/17 11:36:31 [INFO] Configuring service IsmServ to 0 returned 5
02/17 11:36:31 [INFO] OpenService on kdc failed with 1060
02/17 11:36:31 [INFO] Configuring service kdc to 0 returned 1060
02/17 11:36:31 [ERROR] Failed to configure domain controller services (1060)
02/17 11:36:46 [INFO] Starting service NETLOGON

02/17 11:36:46 [INFO] Configuring service NETLOGON to 2 returned 0
02/17 11:36:46 [INFO] Searching for the machine account for CALGARYSERVER$ on \\irwin-server.irwin-ind.com...
02/17 11:36:46 [INFO] Configuring the server account

02/17 11:36:46 [INFO] NtdsSetReplicaMachineAccount returned 0
02/17 11:36:46 [INFO] Attempted to move account CALGARYSERVER$ to CN=CALGARYSERVER,CN=Computers,DC=irwin-ind,DC=com
02/17 11:36:46 [INFO] The attempted domain controller operation has completed

02/17 11:36:46 [INFO] DsRolepSetOperationDone returned 0

Author

Commented:
Hi All,

Sorry for not replying got pulled off this to work on different issues.
Still experiencing the same problem. I think I'm ready to break down and call MS {:-(
I will post the answer from MS.

Thanks again to everyone.
Hi All,

Well it turns out that my Disk was corrupt which caused all the problems. They copied all the missing registry entries from a working DC. Once they did the import everything was fine.
Thanks everyone for the help.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.