Solved

Introducing 2008 Domain Controller to 2003 network with ADPREP /FORESTPREP Fails

Posted on 2012-04-10
12
703 Views
Last Modified: 2012-04-11
We are trying to add a 2008 server into our active directory.  Currently we have a forest domain with FDC1 and a backups domain controller to this called FDC2.

Then below that we have user domain controllers for each branch that users use for signing on.  These are DC1, DC2, DC3.  Currently they have been 2003 servers up until now and we have to add a 2008.

I am on FDC1 and running adprep \forestprep to which I get the following error attached:
ADPREP-ERROR.JPG
0
Comment
Question by:bergquistcompany
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 4

Expert Comment

by:Red_Tech
ID: 37828443
Do you have an antivirus running like McAfee? It can interfere with this.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37828453
are you running the /forestrpep on your schema master?

Is this 2008 or 2008R2.  I'm only asking because 2008 R2 includes adprep32 if your current OS is 32 bit

Thanks

Mike
0
 
LVL 1

Expert Comment

by:backhaul
ID: 37828454
Afternoon:

Seems like you may not have access to the whole schema (ie., Status/Consequence line).  
What rights do you have and what does the adprep.log state?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37828473
You should be running on your schema master. Make sure you are running the command prompt at a elevated permission.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_3644-Windows-2008-Server-R2-adprep-adprep32.html
0
 

Author Comment

by:bergquistcompany
ID: 37828533
We uninstalled McAfee completely after seeing several posts on it online, but get the same error.

We are running it on the schema master after confirming it's role.  It is 2008 R2 and we are using 32 bit adprep
0
 

Author Comment

by:bergquistcompany
ID: 37828539
adprep log:
Adprep created the log file ADPrep.log under C:\WINDOWS\debug\adprep\logs\20120410110917 directory.



Adprep copied file C:\Documents and Settings\Administrator.BQROOT\Desktop\adprep\schema.ini from installation point to local machine under directory C:\WINDOWS.



Adprep copied file C:\Documents and Settings\Administrator.BQROOT\Desktop\adprep\schupgrade.cat from installation point to local machine under directory C:\WINDOWS\system32.



Adprep copied file C:\Documents and Settings\Administrator.BQROOT\Desktop\adprep\PAS.ldf from installation point to local machine under directory C:\WINDOWS\system32.



Adprep copied file C:\Documents and Settings\Administrator.BQROOT\Desktop\adprep\dcpromo.csv from installation point to local machine under directory C:\WINDOWS\debug\adprep\data.



Adprep successfully made the LDAP connection to the local Active Directory Domain Controller BQROOT.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).



LDAP API ldap_search_s() finished, return code is 0x0



Adprep successfully retrieved information from the local Active Directory Domain Services.



Adprep successfully initialized global variables.

[Status/Consequence]

Adprep is continuing.





ADPREP WARNING:



Before running adprep, all Windows 2000 Active Directory Domain Controllers in the forest should be upgraded to Windows 2000 Service Pack 4 (SP4) or later.



[User Action]

If ALL your existing Windows 2000 Active Directory Domain Controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit.



Adprep set the value of registry key System\CurrentControlSet\Services\NTDS\Parameters\Schema Update Allowed to 1



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=27a03717-5963-48fc-ba6f-69faa33e70ed,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=bergquistcompany,DC=com.



LDAP API ldap_search_s() finished, return code is 0x20



Adprep verified the state of operation cn=27a03717-5963-48fc-ba6f-69faa33e70ed,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=bergquistcompany,DC=com.

[Status/Consequence]

The operation has not run or is not currently running. It will be run next.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).



LDAP API ldap_search_s() finished, return code is 0x0



Adprep was unable to upgrade the schema on the schema master.

[Status/Consequence]

The schema will not be restored to its original state.

[User Action]

Check the Ldif.err log file in the (null) directory for detailed information.

Adprep encountered a Win32 error.

Error code: 0x202b Error message: A referral was returned from the server..



Adprep set the value of registry key System\CurrentControlSet\Services\NTDS\Parameters\Schema Update Allowed to 0



Adprep was unable to update forest information.

[Status/Consequence]

Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.

[User Action]

Check the log file, ADPrep.log, in the C:\WINDOWS\debug\adprep\logs\20120410110917 directory for more information.
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37828546
Run dcdiag post results.

Are you sure you are on schema master?

Go through the link I posted see what your current levels are for the schema.
0
 

Author Comment

by:bergquistcompany
ID: 37828562
DCDIAG: Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.BQROOT>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Chanhassen\BQROOT
      Starting test: Connectivity
         ......................... BQROOT passed test Connectivity

Doing primary tests

   Testing server: Chanhassen\BQROOT
      Starting test: Replications
         ......................... BQROOT passed test Replications
      Starting test: NCSecDesc
         ......................... BQROOT passed test NCSecDesc
      Starting test: NetLogons
         ......................... BQROOT passed test NetLogons
      Starting test: Advertising
         Warning: BQROOT is not advertising as a global catalog.
         Check that server finished GC promotion.
         Check the event log on server that enough source replicas for the GC ar
e available.
         ......................... BQROOT failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... BQROOT passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... BQROOT passed test RidManager
      Starting test: MachineAccount
         ......................... BQROOT passed test MachineAccount
      Starting test: Services
            NETLOGON Service is paused on [BQROOT]
         ......................... BQROOT failed test Services
      Starting test: ObjectsReplicated
         ......................... BQROOT passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... BQROOT passed test frssysvol
      Starting test: frsevent
         ......................... BQROOT passed test frsevent
      Starting test: kccevent
         ......................... BQROOT passed test kccevent
      Starting test: systemlog
         ......................... BQROOT passed test systemlog
      Starting test: VerifyReferences
         ......................... BQROOT passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : bergquistcompany
      Starting test: CrossRefValidation
         ......................... bergquistcompany passed test CrossRefValidati
on
      Starting test: CheckSDRefDom
         ......................... bergquistcompany passed test CheckSDRefDom

   Running enterprise tests on : bergquistcompany.com
      Starting test: Intersite
         ......................... bergquistcompany.com passed test Intersite
      Starting test: FsmoCheck
         ......................... bergquistcompany.com passed test FsmoCheck

C:\Documents and Settings\Administrator.BQROOT>
0
 

Author Comment

by:bergquistcompany
ID: 37828566
we ran the role lookup
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.BQROOT>dsquery server -hasfsmo schema
"CN=BQROOT,CN=Servers,CN=Chanhassen,CN=Sites,CN=Configuration,DC=bergquistcompan
y,DC=com"

C:\Documents and Settings\Administrator.BQROOT>
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 37828573
Start you netlogon service this paused.

GC is having an issue as well but start netlogon then run another dcdiag
0
 

Author Comment

by:bergquistcompany
ID: 37828861
Started and just tried adprep again and appears to have started!  THANK YOU!  Finished successfully.
0
 
LVL 1

Expert Comment

by:backhaul
ID: 37833429
So just to make sure of the solution here:

dcdiag produced the output on the netlogon service:
"  
    Starting test: NetLogons
         ......................... BQROOT passed test NetLogons
      Starting test: Advertising
         Warning: BQROOT is not advertising as a global catalog.
         Check that server finished GC promotion.
         Check the event log on server that enough source replicas for the GC ar
e available.

Open in new window

"
Which states points to the netlogon service as not running (ie., paused).
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now