Solved

Introducing 2008 Domain Controller to 2003 network with ADPREP /FORESTPREP Fails

Posted on 2012-04-10
12
713 Views
Last Modified: 2012-04-11
We are trying to add a 2008 server into our active directory.  Currently we have a forest domain with FDC1 and a backups domain controller to this called FDC2.

Then below that we have user domain controllers for each branch that users use for signing on.  These are DC1, DC2, DC3.  Currently they have been 2003 servers up until now and we have to add a 2008.

I am on FDC1 and running adprep \forestprep to which I get the following error attached:
ADPREP-ERROR.JPG
0
Comment
Question by:bergquistcompany
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 4

Expert Comment

by:Red_Tech
ID: 37828443
Do you have an antivirus running like McAfee? It can interfere with this.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37828453
are you running the /forestrpep on your schema master?

Is this 2008 or 2008R2.  I'm only asking because 2008 R2 includes adprep32 if your current OS is 32 bit

Thanks

Mike
0
 
LVL 1

Expert Comment

by:backhaul
ID: 37828454
Afternoon:

Seems like you may not have access to the whole schema (ie., Status/Consequence line).  
What rights do you have and what does the adprep.log state?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37828473
You should be running on your schema master. Make sure you are running the command prompt at a elevated permission.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_3644-Windows-2008-Server-R2-adprep-adprep32.html
0
 

Author Comment

by:bergquistcompany
ID: 37828533
We uninstalled McAfee completely after seeing several posts on it online, but get the same error.

We are running it on the schema master after confirming it's role.  It is 2008 R2 and we are using 32 bit adprep
0
 

Author Comment

by:bergquistcompany
ID: 37828539
adprep log:
Adprep created the log file ADPrep.log under C:\WINDOWS\debug\adprep\logs\20120410110917 directory.



Adprep copied file C:\Documents and Settings\Administrator.BQROOT\Desktop\adprep\schema.ini from installation point to local machine under directory C:\WINDOWS.



Adprep copied file C:\Documents and Settings\Administrator.BQROOT\Desktop\adprep\schupgrade.cat from installation point to local machine under directory C:\WINDOWS\system32.



Adprep copied file C:\Documents and Settings\Administrator.BQROOT\Desktop\adprep\PAS.ldf from installation point to local machine under directory C:\WINDOWS\system32.



Adprep copied file C:\Documents and Settings\Administrator.BQROOT\Desktop\adprep\dcpromo.csv from installation point to local machine under directory C:\WINDOWS\debug\adprep\data.



Adprep successfully made the LDAP connection to the local Active Directory Domain Controller BQROOT.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).



LDAP API ldap_search_s() finished, return code is 0x0



Adprep successfully retrieved information from the local Active Directory Domain Services.



Adprep successfully initialized global variables.

[Status/Consequence]

Adprep is continuing.





ADPREP WARNING:



Before running adprep, all Windows 2000 Active Directory Domain Controllers in the forest should be upgraded to Windows 2000 Service Pack 4 (SP4) or later.



[User Action]

If ALL your existing Windows 2000 Active Directory Domain Controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit.



Adprep set the value of registry key System\CurrentControlSet\Services\NTDS\Parameters\Schema Update Allowed to 1



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=27a03717-5963-48fc-ba6f-69faa33e70ed,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=bergquistcompany,DC=com.



LDAP API ldap_search_s() finished, return code is 0x20



Adprep verified the state of operation cn=27a03717-5963-48fc-ba6f-69faa33e70ed,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=bergquistcompany,DC=com.

[Status/Consequence]

The operation has not run or is not currently running. It will be run next.



Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).



LDAP API ldap_search_s() finished, return code is 0x0



Adprep was unable to upgrade the schema on the schema master.

[Status/Consequence]

The schema will not be restored to its original state.

[User Action]

Check the Ldif.err log file in the (null) directory for detailed information.

Adprep encountered a Win32 error.

Error code: 0x202b Error message: A referral was returned from the server..



Adprep set the value of registry key System\CurrentControlSet\Services\NTDS\Parameters\Schema Update Allowed to 0



Adprep was unable to update forest information.

[Status/Consequence]

Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.

[User Action]

Check the log file, ADPrep.log, in the C:\WINDOWS\debug\adprep\logs\20120410110917 directory for more information.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37828546
Run dcdiag post results.

Are you sure you are on schema master?

Go through the link I posted see what your current levels are for the schema.
0
 

Author Comment

by:bergquistcompany
ID: 37828562
DCDIAG: Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.BQROOT>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Chanhassen\BQROOT
      Starting test: Connectivity
         ......................... BQROOT passed test Connectivity

Doing primary tests

   Testing server: Chanhassen\BQROOT
      Starting test: Replications
         ......................... BQROOT passed test Replications
      Starting test: NCSecDesc
         ......................... BQROOT passed test NCSecDesc
      Starting test: NetLogons
         ......................... BQROOT passed test NetLogons
      Starting test: Advertising
         Warning: BQROOT is not advertising as a global catalog.
         Check that server finished GC promotion.
         Check the event log on server that enough source replicas for the GC ar
e available.
         ......................... BQROOT failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... BQROOT passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... BQROOT passed test RidManager
      Starting test: MachineAccount
         ......................... BQROOT passed test MachineAccount
      Starting test: Services
            NETLOGON Service is paused on [BQROOT]
         ......................... BQROOT failed test Services
      Starting test: ObjectsReplicated
         ......................... BQROOT passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... BQROOT passed test frssysvol
      Starting test: frsevent
         ......................... BQROOT passed test frsevent
      Starting test: kccevent
         ......................... BQROOT passed test kccevent
      Starting test: systemlog
         ......................... BQROOT passed test systemlog
      Starting test: VerifyReferences
         ......................... BQROOT passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : bergquistcompany
      Starting test: CrossRefValidation
         ......................... bergquistcompany passed test CrossRefValidati
on
      Starting test: CheckSDRefDom
         ......................... bergquistcompany passed test CheckSDRefDom

   Running enterprise tests on : bergquistcompany.com
      Starting test: Intersite
         ......................... bergquistcompany.com passed test Intersite
      Starting test: FsmoCheck
         ......................... bergquistcompany.com passed test FsmoCheck

C:\Documents and Settings\Administrator.BQROOT>
0
 

Author Comment

by:bergquistcompany
ID: 37828566
we ran the role lookup
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.BQROOT>dsquery server -hasfsmo schema
"CN=BQROOT,CN=Servers,CN=Chanhassen,CN=Sites,CN=Configuration,DC=bergquistcompan
y,DC=com"

C:\Documents and Settings\Administrator.BQROOT>
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 37828573
Start you netlogon service this paused.

GC is having an issue as well but start netlogon then run another dcdiag
0
 

Author Comment

by:bergquistcompany
ID: 37828861
Started and just tried adprep again and appears to have started!  THANK YOU!  Finished successfully.
0
 
LVL 1

Expert Comment

by:backhaul
ID: 37833429
So just to make sure of the solution here:

dcdiag produced the output on the netlogon service:
    Starting test: NetLogons
         ......................... BQROOT passed test NetLogons
      Starting test: Advertising
         Warning: BQROOT is not advertising as a global catalog.
         Check that server finished GC promotion.
         Check the event log on server that enough source replicas for the GC ar
e available.

Open in new window

"
Which states points to the netlogon service as not running (ie., paused).
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question