Adprep /forestprep fails

I am trying to update a 2008 standard server to an existing 2000 domain.  The 2000 standard server is the only DC on this network.  I am logged in as the domain administrator on the 2000 server.  DNS is working correctly.  I get an error when I try to run adprep /forestprep and will not let me continue.  Below are the error log files that were generated by the adprep utility.

ldif.log

There is a syntax error in the input file
Failed on token starting with 'o' on line 63
8 entries modified successfully.
An error has occurred in the program

schupgr.log

Opened Connection to BURLING1
SSPI Bind succeeded
Found Naming Context DC=burling,DC=local
Found Naming Context CN=Schema,CN=Configuration,DC=burling,DC=local
Found Naming Context CN=Configuration,DC=burling,DC=local
Current Schema Version is 22
Upgrading schema to version 44
The command line passed to ldifde is C:\WINNT\system32\ldifde -i -f C:\WINNT\system32\sch23.ldf -s BURLING1 -c DC=X DC=burling,DC=local
ERROR: Import from file C:\WINNT\system32\sch23.ldf failed. Error file is saved in ldif.err.23.

If the error is "Insufficient Rights" (Ldap error code 50), please make sure the current logged on user has rights to read/write objects in the schema and configuration containers, or log off and log in as an user with these rights and rerun schupgr.exe.

Sch23.ldf
# change objects in configuration container

dn: CN=DS-Replication-Get-Changes-All,CN=Extended-Rights,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass  SMB.                 ( 8 ^       \<           ] # attrib6da0-11d0-afd3-00c04fd930c9
appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
displayName: Replicating Directory Changes All
localizationDisplayId: 62
rightsGUID: 1131f6ad-9c07-11d1-f79f-00c04fc2dcd2
validAccesses: 256

The ojectClass line is line 63 from the sch23.ldf file.  I believe this is my issue, but I don't know how to resolve this issue.  Please Help.  Thanks
matucker1975Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike_CourtneyCommented:
Silly but quick questions from me:
IS the user you're running ADPRep with a schema administrator.
Have you enabled schema updates?
Are you running adprep on the schema master?

Do you have exchange 2000 installed?
0
DatedmanCommented:
Do you just want to join the domain with the 2008 server or are you trying to prepare to promote it to a DC?  If the former, just join the domain. :)
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

DatedmanCommented:
BTW (after the 2008 server is on the domain?) try running the prep from it instead?
0
matucker1975Author Commented:
The schema updates are enabled, the administrator account is a member of the following groups Administrators, Domain Admins, Domain Users, Enterprise Admins, Group Policy Creator Owners,  and Schema Admins.  Exchange 2000 is not installed.  

One thing interesting is sysvol and netlogon are not listed as network share.  I don't know if this matters, but I thought I would provide the information
0
Mike_CourtneyCommented:
Are you running this on a DC with the Schema master role?

IF you are and no Sysvol or netlogon share are visible from a net share command then it sounds like you have a FRS issue - are there entries in the FRS log?
0
DatedmanCommented:
If sysvol/netlogon aren't listed try DCDIAG and NETDIAG on the DC and check your FRS event log.  Also see questions above.
0
DatedmanCommented:
MC there is evidently only one DC from what I read.
0
Mike_CourtneyCommented:
HeHe, thans DatedMan - it's late here in the UK.

MaTucker, can you confirm that you've run a net share on the DC and it's not showing Sysvol or Netlogon share.
If so are there any entries in the System/FRS application log
0
matucker1975Author Commented:
I have ran net share and syslog and netlogon are not shares.  I was able to get the frs to sync.

Event Type:      Information
Event Source:      NtFrs
Event Category:      None
Event ID:      13516
Date:            7/3/2009
Time:            1:12:07 PM
User:            N/A
Computer:      BURLING1
Description:
The File Replication Service is no longer preventing the computer BURLING1 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
 
Type "net share" to check for the SYSVOL share.

This is fine, but when you do a sysvol, it still does not show the sysvol and netlogon shares.  When I run netdiag, no errors.  I do have SQL 2000 running on this server, if that matters.  I wondering how to fix the Sch23.ldf file that is erroring out.  It looks like it may not have the correct object id, line 63.  This is the only present dc.  It is a windows 2000 server.  Im trying to promote a 2008 server to dc.  The 2008 server is on the domain.  I saw an entery to run the adprep on the 2008 server.  Is that correct?  I have not tried that yet.

0
Mike_CourtneyCommented:
It seems to be working - ldap is binding, it's identifying the current version as 22 - I'd be inclined to run it on the DC (reduce likelihood of errors)
Did you check out the article I posted - it seems it's running.
I am concerned about the lack of sysvol on the DC though.

Try running it on the W2000 DC after going through that article please
0
matucker1975Author Commented:
Mike, I am using an oem dell 2008 server dvd from the new server.  I am accessing the dvd on the old server from a network share.  The old server does not have a dvd player.  I have been running the adprep from m:\service\adprep\adprep.exe /forestprep.  In the adprep folder, there is an folder us-en folder that has an adprep.exe.mui file.  Do I need to try to run this file?  Do I need to remove the mui ext?   Orginally, I tried to copy the adprep folder to the c drive, and it did not run.  Thanks for your quick responses everyone.
0
matucker1975Author Commented:
Does anyone think that the sysvol and netlogon shares will ok on the 2008 server dc after it is promoted?
0
DatedmanCommented:
I don't think things will be right until you're sharing SYSVOL.
0
Mike_CourtneyCommented:
As you have a Windows 2000 domain you must complete the Forestprep and domainprep before you can make the 2008 server a DC. (In the same domani at least)

So we need to make sure your forestprep work.

Now you've explained the setup I'd suggest you copy the source/adprep directory from the DVD to the local drive of the Windows 2000 DC.

As you've already tried running it and it hasn't errored prior to importing the files I assume you're running Service Pack 4 on the 2000 DC.

I have concerns that your sysvol and netlogon aren't appearing - but can you explain exactly what you're doing to check if the SYSVOL and NETLOGON shares are present. Bearing in mind that these shares will only be on the 2000 DC.

They will appear on the 2008 DC after you've run DCPROMO and the SYSVOL has replicated from the Windows 2000 DC.

So can you confirm how you're checking the sysvol presence.
Then try it again after copying the files locally.
My instinct is to say there's a 'funny' with the running of ADPRep rather than any issue with the DC as it seems to be binding OK at the start of the forestprep.

Did you look over the article I sent a link to
0
matucker1975Author Commented:
Hi Mike,
I am checking to see if syslog and netlogon share are there by running net share command on the 2000 dc command prompt.  They file structure is there c:\winnt\syslog\domain.  I did copy the adprep locally to the 2000 dc and tried to run it.  It was faster, but still gave me the same error message.  I looked at the article, but everything I can tell is set to us-eng lang.  I even tried to rename the adprep.exe.mui file in the us-eng folder to adprep.exe, and placing it in the adprep folder, but it could not run the file.    I am am running service pack 4 on the 2000 dc.  I do not have another copy of windows 2008 dvd.  Do you think mine is corrupt somehow?  How does it create the .ldf files when adprep runs.  Do you know how to resolve schema conflicts?  The error states There is a syntax error in the input file
Failed on token starting with 'o' on line 63, which is
objectClass  SMB.                 ( 8 ^       \<           ] # attrib6da0-11d0-afd3-00c04fd930c9.
Thanks for all your help.



0
matucker1975Author Commented:
BTW (after the 2008 server is on the domain?) try running the prep from it instead?
The 2008 server is on the domain.  It tried to run adprep on the 2008 server and it would not let me, it said it was an incorrect windows version.  Im thinking this has to be ran on the windows 2000 dc.  This is the only dc and they do not run exchange.
0
DatedmanCommented:
BTW what antivirus are you using on the 2000 server?
0
DatedmanCommented:
These servers are the same language as the DVD you're using?  

Just checking off some possible problems that caused similar situs for others.
0
DatedmanCommented:
btw i am looking at my 2008 DVD now, on mine it's sources folder not service, that was a typo?  I have sch23.ldf in front of me and it doesn't look like what you're posting.

Line 63:

objectClass: controlAccessRight

Starting to think this is possibly a DVD read error, gah.  You said it "didn't work" when you copied to drive c?  What happened?  
0
DatedmanCommented:
Here's that whole section from the file:

# change objects in configuration container

dn: CN=DS-Replication-Get-Changes-All,CN=Extended-Rights,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: controlAccessRight
ShowInAdvancedViewOnly: TRUE
appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
displayName: Replicating Directory Changes All
localizationDisplayId: 62
rightsGUID: 1131f6ad-9c07-11d1-f79f-00c04fc2dcd2
validAccesses: 256

This is from the latest VLK CD with SP2 integrated.  Might be slightly different now but what I see in your file looks like garbage, no?
btw the reason i asked about AV is that one person had a similar problem and it was McAfee causing it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mike_CourtneyCommented:
i'm with datedman on this. the file looks wrong. is this original media? good call on the av too.

did you get the schema file from the c drive or off the dvd (adprep copies them to c before starting)
if that's from C then compare it to the one on the cd.
also if it's the one on C rename it, stop any anti virus and try again.

I do have concerns over the sysvol not being available though.
0
DatedmanCommented:
Yeah MC seems as if there are multiple problems but the primary one is the way the file looks at this point.  Can't believe I didn't look at another copy sooner, DOH.
0
matucker1975Author Commented:
Datedman,
we are using symantec EndPoint Protection 11.0 - We currently have it disabled to make this migration.  I saw other posts where it could cause issues(McAfee).  The servers are the same language as the dvd we are using.  When I did a copy to the 2000 server the first time, It did not copy the schema.ini file so it would error out while running adprep.  I did an xcopy from the dvd to the server and all files compare correctly and adprep runs off of the local machine, but I still get the above error.  I am using an dell oem 2008 server reinstall dvd to gather the adprep directory for the 2000 server adprep.  I agree that the file looks like garbage, so I guess I need to compare what is on the dvd and what is in the copied file on the 2000 server adprep directory.  If there are any  discrepancies, I will change the file in the 2000 server adprep directory.  If they are the same, it looks like a possible bad dvd?  I am at my oher job now and will not be able to look at till after work.  Thanks for your help
0
DatedmanCommented:
Could be a bad dvd I guess.  Weird tho, normally you'd get a read error, not sure what would cause that.

Iunno if it's legal to post you the contents of the adprep folder from my dvd...
0
Mike_CourtneyCommented:
here's one from left field - is your 2008 media 64 bit I think they are by default. I'd also bet your 2000 box is 32 bit.

this may be part of it. you can download the 32bit version of 2008 from MS and run adprep from that.

here's a link to a good post on dan petri's site
http:/www.petri.co.Il/windows-server-2008-adprep.htm
0
matucker1975Author Commented:
I think I might download the evaluation copy of the 2008 32-bit from Microsoft tonight that way I have another copy of the adprep utility to work with.  I will give everyone a status update.  Hopefully I just have a bad Dell OEM DVD.
For anyone else that is looking for instructions on how to upgrade 2000/2003 to 2008 server, this site has an excellent step-by-step
http://www.petri.co.il/windows-server-2008-adprep.htm
0
DatedmanCommented:
heh actually now that you mention it, *my* media is 64bit but i'm thinking that file is the same on either
0
matucker1975Author Commented:
Mike, we saw the web site at the same time, weird.  The 2000 ad is 32-bit and I am using the 32-bit dvd from dell.  I had the 32-bit 2008 installed from dell, so I have both the 32-bit and 64-bit software.  I think yall have the right idea of downloading the demo version from microsoft.  May take awhile, but we have alreay spent alot of time on this already.  Thanks
0
matucker1975Author Commented:
Would ya stop the SQL services before I run adprep?
0
Mike_CourtneyCommented:
i don't think it's necessary but nor will it do any harm.
0
matucker1975Author Commented:
I was able to check the dvd and the file looks the same as in the copy location - bad dell, for sending bad media. - I am in the process of downloading the eval version of the 32-bit server english from microsoft.  It is 1.7gig may take awhile.
0
ms-proCommented:
try to run the Adprep /forestprep with an Enterprise Admin account!!
0
matucker1975Author Commented:
My administrator account is in the Enterprise Admin group.
0
matucker1975Author Commented:
I guess it was just a bad dvd from dell, I downloaded the eval 2008 and it worked without an hitch.  Thank you for all your help Mike and Datedman
0
DatedmanCommented:
Pleasure.  Sorry it took so long for me to think of the file corruption, sheesh.
0
matucker1975Author Commented:
Thanks for your help and pointing me to the right direction
0
Mike_CourtneyCommented:
Typical tho isn't it - we've come so far that the most obvious we don't think of - and it was there for all  to see at the start - it even looks wrong with those bracketed bits.

But it works now and that's the most important and relatively quickly too.

Good luck with your upgrade Matucker,

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.