Solved

Server 2008 dcpromo fails

Posted on 2009-05-07
16
2,350 Views
Last Modified: 2012-05-06
Here is the situation:

Single SBS 2003 server in small domain, obviously holding all FSMO roles, DNS, DHCP, File and Print.  They are NOT using any of the functionality of SBS, i.e. SQL or Exchange.  Trying to install and migrate to a Server 2008 standard.  ADPREP /forestprep and ADPREP /domainprep all ran successfully.  Server 2008 is joined to SBS 2003 domain.  When attempting to dcpromo Server 2008 into SBS 2003 domain, all goes well until trying to replicate the schema.

Error is as follows:

The operation failed because:

Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration,DC=domain,DC=local from the remote Active Directory Domain Controller Server.domain.local.

"The source server is currently rejecting replication requests."

Things I have tried...

1. Setting schema permissions for Domain Administrator (the account I am doing the dcpromo as) to the same as the Schema Admins group

2. Edit registry HKLM/System/CurrentControlSet/Services/NTDS/Parameters  "Schema Update Allowed" to value of 1

3. Raised forest and domain functional level to Server 2003 native.

4. Disabled BroadComm NIC on Server 2008 as I didnt need it due to the dual Intel card.

Can anyone provide any help??

Thanks,
Marc
0
Comment
Question by:maoleson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
  • 2
16 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 24330756

Did you also run adprep /domainprep /gpprep when prepping the domain? That is a required step for Server 2008.

I would, however, put that issue down to a DNS problem. Check the TCP/IP settings of the NIC(s) in the server and verify all DNS servers are configured to point to the local SBS server as the only DNS server. If you have multiple NICs, disable all but one for the purpose of the installation.

-Matt
0
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24332037
You might want to checkout the SBS 2003 Transition Pack.

http://blogs.technet.com/moloyt/archive/2007/10/10/sbs-2003-transition-pack.aspx
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24339039

The Transition Pack is *not* required for simply adding a new DC to an SBS domain. Adding a second DC running Windows Server Standard/Enterprise is supported and perfectly valid on an SBS network.

Purchasing the transition pack would only be a waste of money; it is ONLY useful if they will be intending to keep the SBS running on the network alongside the 2008 DC, but move FSMO roles around or exceed the SBS limit of 75 users.

-Matt
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:maoleson
ID: 24339624
Matt,

Thank you for the insight, I am pretty sure that I did run the adprep /domainprep /gpprep when I was prepping the domain, but it has been a while so as soon as I can get a 2008 CD in the drive (server is offsite), I will confirm that.  

I did make the DNS changes that you mentioned, I had listed the SBS 2003 server as the Primary DNS, but had the 2008 server as its own secondary DNS.  I removed that and tried the dcpromo again but to no avail.  I will keep you up to date.

Also, SWSIMBX, thanks for your input, but I believe Matt to be correct in this instance that we do not want to continue using the SBS 2003.  In this case, we will be eliminating the SBS 2003 server completely as soon as we can get the 2008 server acting as a domain controller.

Thanks,
Marc
0
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24339625
Thanks for the clarification Matt.  I mis-read what the transition pack was for.

-Andy
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24340083
Andy,

No problem. Migrating away from an SBS can be a bit of a minefield and can be quite confusing.

Marc,

Having a secondary IP on the Server 2008 for DNS as itself technically shouldn't affect matters, but it's worth removing it. Only once the DC is promoted and has the DNS role installed can it act as an Additional Domain Controller.

Let me know as soon as you've re-run the adprep /domainprep /gpprep

-Matt
0
 

Author Comment

by:maoleson
ID: 24364685
Matt,

OK, I was able to run the adprep /domainprep /gpprep and it still fails with the same error.  Any other suggestions??

Thanks,
Marc
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24366729

And just to clarify, the error occurs when running the DCPromo on the new server?

What is the DNS Server IP set to?

-Matt
0
 

Author Comment

by:maoleson
ID: 24366760
Matt,

The only DNS server I have listed in the 2008 server is the 2003 SBS server.

Thanks,
Marc
0
 

Author Comment

by:maoleson
ID: 24386544
Matt,

Sorry, I forgot to answer the first part of your question, yes, the error occurs when doing a dcpromo on the new server and the only DNS server I have listed on the new server (Windows 2008 Std.) is the 2003 SBS server.  I have disabled all other network cards and unchecked the IPv6 settings on the 2008 server as well.  Still the dcpromo fails with the same error.  "The source server is currently rejecting replication requests."

Any other advice before I install the Server 2008 into a new domain and join the clients to that domain, transfer data, etc.??

Thanks,
Marc
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24387463

Apologies I've not got back to you on this.

I'd like you to check a few things:

Run a DCDiag /c /v >C:\dcdiag.txt. Upload the log file in C:\dcdiag.txt to a comment here and I'll take a look through it. (Feel free to sanitize company name/domain name if required)

Second, do you see any Errors logged in the SBS's Event Viewer related to Active Directory and replication?

-Matt
0
 

Author Comment

by:maoleson
ID: 24387758
Matt,

No worries...  This is a pretty small domain so if it doesn't get resolved it won't be the end of the world to have to create a new one and move on, but I would rather not do that unless it is a last resort.  Here is the sanitized dcdiag.txt file you asked for.

As for Event Log errors, the Directory Service log is clean and I can find nothing else that would be relevant in either DNS, System, FRS, or Application logs.

Thanks,
Marc
dcdiag.txt
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24387840

I've taken a look at the DCDiag and the first problem is Outbound Replication is disabled on the SBS. This means it will not replicate data outbound to other DCs.

To resolve, run the command
repadmin /options SBS2003Server -DISABLE_OUTBOUND_REPL

The NTFRS service is also reporting is being disabled, but that may be a fluke, particularly if you are seeing no errors reported from it in the Event Viewer.

-Matt
0
 

Author Closing Comment

by:maoleson
ID: 31579206
Matt,

You are the man!!  That was the problem and I now have the Server 2008 joined to the domain and can proceed with the rest of my work.  Many kudos and all the points to you!!

Thanks again,
Marc
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24388003
Glad you got it resolved. I wouldn't like to say why/how outbound replication was disabled, but I'm glad it's now working for you.

Cheers,

-Matt
0
 

Author Comment

by:maoleson
ID: 24388112
Matt,

Not really sure how it got disabled either, this is a network that we "inherited" from another provider that was in over his head.  Anyway, thanks again!

Marc
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question