Solved

Server 2008 dcpromo fails

Posted on 2009-05-07
16
2,332 Views
Last Modified: 2012-05-06
Here is the situation:

Single SBS 2003 server in small domain, obviously holding all FSMO roles, DNS, DHCP, File and Print.  They are NOT using any of the functionality of SBS, i.e. SQL or Exchange.  Trying to install and migrate to a Server 2008 standard.  ADPREP /forestprep and ADPREP /domainprep all ran successfully.  Server 2008 is joined to SBS 2003 domain.  When attempting to dcpromo Server 2008 into SBS 2003 domain, all goes well until trying to replicate the schema.

Error is as follows:

The operation failed because:

Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration,DC=domain,DC=local from the remote Active Directory Domain Controller Server.domain.local.

"The source server is currently rejecting replication requests."

Things I have tried...

1. Setting schema permissions for Domain Administrator (the account I am doing the dcpromo as) to the same as the Schema Admins group

2. Edit registry HKLM/System/CurrentControlSet/Services/NTDS/Parameters  "Schema Update Allowed" to value of 1

3. Raised forest and domain functional level to Server 2003 native.

4. Disabled BroadComm NIC on Server 2008 as I didnt need it due to the dual Intel card.

Can anyone provide any help??

Thanks,
Marc
0
Comment
Question by:maoleson
  • 7
  • 7
  • 2
16 Comments
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

Did you also run adprep /domainprep /gpprep when prepping the domain? That is a required step for Server 2008.

I would, however, put that issue down to a DNS problem. Check the TCP/IP settings of the NIC(s) in the server and verify all DNS servers are configured to point to the local SBS server as the only DNS server. If you have multiple NICs, disable all but one for the purpose of the installation.

-Matt
0
 
LVL 3

Expert Comment

by:ISWSIMBX
Comment Utility
You might want to checkout the SBS 2003 Transition Pack.

http://blogs.technet.com/moloyt/archive/2007/10/10/sbs-2003-transition-pack.aspx
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

The Transition Pack is *not* required for simply adding a new DC to an SBS domain. Adding a second DC running Windows Server Standard/Enterprise is supported and perfectly valid on an SBS network.

Purchasing the transition pack would only be a waste of money; it is ONLY useful if they will be intending to keep the SBS running on the network alongside the 2008 DC, but move FSMO roles around or exceed the SBS limit of 75 users.

-Matt
0
 

Author Comment

by:maoleson
Comment Utility
Matt,

Thank you for the insight, I am pretty sure that I did run the adprep /domainprep /gpprep when I was prepping the domain, but it has been a while so as soon as I can get a 2008 CD in the drive (server is offsite), I will confirm that.  

I did make the DNS changes that you mentioned, I had listed the SBS 2003 server as the Primary DNS, but had the 2008 server as its own secondary DNS.  I removed that and tried the dcpromo again but to no avail.  I will keep you up to date.

Also, SWSIMBX, thanks for your input, but I believe Matt to be correct in this instance that we do not want to continue using the SBS 2003.  In this case, we will be eliminating the SBS 2003 server completely as soon as we can get the 2008 server acting as a domain controller.

Thanks,
Marc
0
 
LVL 3

Expert Comment

by:ISWSIMBX
Comment Utility
Thanks for the clarification Matt.  I mis-read what the transition pack was for.

-Andy
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
Andy,

No problem. Migrating away from an SBS can be a bit of a minefield and can be quite confusing.

Marc,

Having a secondary IP on the Server 2008 for DNS as itself technically shouldn't affect matters, but it's worth removing it. Only once the DC is promoted and has the DNS role installed can it act as an Additional Domain Controller.

Let me know as soon as you've re-run the adprep /domainprep /gpprep

-Matt
0
 

Author Comment

by:maoleson
Comment Utility
Matt,

OK, I was able to run the adprep /domainprep /gpprep and it still fails with the same error.  Any other suggestions??

Thanks,
Marc
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

And just to clarify, the error occurs when running the DCPromo on the new server?

What is the DNS Server IP set to?

-Matt
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 

Author Comment

by:maoleson
Comment Utility
Matt,

The only DNS server I have listed in the 2008 server is the 2003 SBS server.

Thanks,
Marc
0
 

Author Comment

by:maoleson
Comment Utility
Matt,

Sorry, I forgot to answer the first part of your question, yes, the error occurs when doing a dcpromo on the new server and the only DNS server I have listed on the new server (Windows 2008 Std.) is the 2003 SBS server.  I have disabled all other network cards and unchecked the IPv6 settings on the 2008 server as well.  Still the dcpromo fails with the same error.  "The source server is currently rejecting replication requests."

Any other advice before I install the Server 2008 into a new domain and join the clients to that domain, transfer data, etc.??

Thanks,
Marc
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

Apologies I've not got back to you on this.

I'd like you to check a few things:

Run a DCDiag /c /v >C:\dcdiag.txt. Upload the log file in C:\dcdiag.txt to a comment here and I'll take a look through it. (Feel free to sanitize company name/domain name if required)

Second, do you see any Errors logged in the SBS's Event Viewer related to Active Directory and replication?

-Matt
0
 

Author Comment

by:maoleson
Comment Utility
Matt,

No worries...  This is a pretty small domain so if it doesn't get resolved it won't be the end of the world to have to create a new one and move on, but I would rather not do that unless it is a last resort.  Here is the sanitized dcdiag.txt file you asked for.

As for Event Log errors, the Directory Service log is clean and I can find nothing else that would be relevant in either DNS, System, FRS, or Application logs.

Thanks,
Marc
dcdiag.txt
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
Comment Utility

I've taken a look at the DCDiag and the first problem is Outbound Replication is disabled on the SBS. This means it will not replicate data outbound to other DCs.

To resolve, run the command
repadmin /options SBS2003Server -DISABLE_OUTBOUND_REPL

The NTFRS service is also reporting is being disabled, but that may be a fluke, particularly if you are seeing no errors reported from it in the Event Viewer.

-Matt
0
 

Author Closing Comment

by:maoleson
Comment Utility
Matt,

You are the man!!  That was the problem and I now have the Server 2008 joined to the domain and can proceed with the rest of my work.  Many kudos and all the points to you!!

Thanks again,
Marc
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
Glad you got it resolved. I wouldn't like to say why/how outbound replication was disabled, but I'm glad it's now working for you.

Cheers,

-Matt
0
 

Author Comment

by:maoleson
Comment Utility
Matt,

Not really sure how it got disabled either, this is a network that we "inherited" from another provider that was in over his head.  Anyway, thanks again!

Marc
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now