ADPrep error when trying to add Server 2012 as Domain Controller in a Server 2003 R2 Domain
I'm hoping someone can help me out with an error I'm getting in trying to promote an already Domain-Joined Server 2012 to a Domain Controller with the intention of making it the PDC. This Windows 2012 Server is brand new.
Current PDC is Windows Server 2003 R2 SP3 Standard 32-bit
Secondary DC is Windows Server 2008 Standard SP2 32-bit (off-site).
Forest Functional Level: Windows Server 2003
Domain Functional Level: Windows Server 2003
Server to Add: Windows Server 2012 Standard 64-bit
Able to add Server 2012 to Domain as Member.
Able to add AD DS Role to Server 2012
Server 2012 'Promotion to Domain Controller' Wizard gives following Error after all Pre-requisites have passed:
Looking in the ADPrep.log, the following error:
I've looked around and verified/tried the following:
Server 2012 is joined to domain.com as server1.domain.com
Server 2003R2 is PDC as server.domain.com
Only 1 NIC Card per server. IPs statically set on both.
DNS on 2003R2 is set to its own IP (not loopback).
DNS on 2012 is set only to 2003R2 IP.
Can ping server.domain.com from server1.domain.com and vice versa.
Verified Administrator login (used in Promote 2012 to Domain Controller Wizard) is part of Enterprise Admins, Schema Admins, Domain Admins groups.
Tried logging on to the local Administrator account on 2012 and manually entering Domain Administrator account when running promotion wizard.
Checking to ensure Remote Registry service on 2003R2 is running. It is.
Am I missing something?
Thanks
Current PDC is Windows Server 2003 R2 SP3 Standard 32-bit
Secondary DC is Windows Server 2008 Standard SP2 32-bit (off-site).
Forest Functional Level: Windows Server 2003
Domain Functional Level: Windows Server 2003
Server to Add: Windows Server 2012 Standard 64-bit
Able to add Server 2012 to Domain as Member.
Able to add AD DS Role to Server 2012
Server 2012 'Promotion to Domain Controller' Wizard gives following Error after all Pre-requisites have passed:
ADPrep execution failed --> System.ComponentModel.Win32Exception (0x80004005): A device attached to the system is not functioning
Looking in the ADPrep.log, the following error:
[2013/10/19:13:50:59.112]
Adprep was unable to complete because the call back function failed.
[Status/Consequence]
Error message: An error occurred while attempting to bind to object default-Display using the path LDAP://server.domain.com/CN=default- Display,CN =406,CN=Di splaySpeci fiers,CN=C onfigurati on,DC=doma in,DC=com. An operations error occurred.
(0x80072020).
...
DSID Info:
DSID: 0x1811132a
winerror = 0x1f
NT BUILD: 9200
NT BUILD: 16384
[2013/10/19:13:50:59.112]
Adprep was unable to update forest information.
[Status/Consequence]
Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.
I've looked around and verified/tried the following:
Server 2012 is joined to domain.com as server1.domain.com
Server 2003R2 is PDC as server.domain.com
Only 1 NIC Card per server. IPs statically set on both.
DNS on 2003R2 is set to its own IP (not loopback).
DNS on 2012 is set only to 2003R2 IP.
Can ping server.domain.com from server1.domain.com and vice versa.
Verified Administrator login (used in Promote 2012 to Domain Controller Wizard) is part of Enterprise Admins, Schema Admins, Domain Admins groups.
Tried logging on to the local Administrator account on 2012 and manually entering Domain Administrator account when running promotion wizard.
Checking to ensure Remote Registry service on 2003R2 is running. It is.
Am I missing something?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The 2003 is not an SBS 2003 R2, right?
Because on SBS version´s, in the past that can occur if the NTFS junction point for the SYSVOL tree is not correctly defined.
I have to dig a little more, because no info about that is reported by Microsoft for Windows 2012.
All updates are in order, and hardware drivers?
Did you Disable Driver Signature Enforcement. This is just a guess.
Can you perform a DCDiag on the DC and check if any strange thing is reported?
Regards
Because on SBS version´s, in the past that can occur if the NTFS junction point for the SYSVOL tree is not correctly defined.
I have to dig a little more, because no info about that is reported by Microsoft for Windows 2012.
All updates are in order, and hardware drivers?
Did you Disable Driver Signature Enforcement. This is just a guess.
Can you perform a DCDiag on the DC and check if any strange thing is reported?
Regards
ASKER
Hello, thanks for your suggestions thus far.
No SBS2003.
Everything is up-to-date as far as Windows is concerned. Haven't confirmed drivers on the old server.
I haven't tried Driver Signature Enforcement either.
On the PDC, the only test that fails for DCDiag is the KCCEvent.
I think I have a deeper issue here. It appears that this 'CN=406' entry is corrupt. When opening ADSI Edit on PDC and navigating to: CN=Configuration,CN=Displa
If I try to display the contents of 'CN=407' or 'CN=405' everything shows fine.
If I try to delete the CN=406 container altogether I get an error saying "The directory service encountered an unknown failure."
I'm not really sure what to try from here... seems like a corrupt entry or something.
No SBS2003.
Everything is up-to-date as far as Windows is concerned. Haven't confirmed drivers on the old server.
I haven't tried Driver Signature Enforcement either.
On the PDC, the only test that fails for DCDiag is the KCCEvent.
I think I have a deeper issue here. It appears that this 'CN=406' entry is corrupt. When opening ADSI Edit on PDC and navigating to: CN=Configuration,CN=Displa
If I try to display the contents of 'CN=407' or 'CN=405' everything shows fine.
If I try to delete the CN=406 container altogether I get an error saying "The directory service encountered an unknown failure."
I'm not really sure what to try from here... seems like a corrupt entry or something.
Ok.
Can you confirm in the other server if you have the same issue? On that partition.
If not you can try to replicate to the 2003 server from the 2008, or change the PDC role to 2008 and try again.
Let us know.
Regards.
Can you confirm in the other server if you have the same issue? On that partition.
If not you can try to replicate to the 2003 server from the 2008, or change the PDC role to 2008 and try again.
Let us know.
Regards.
Just to raise a point, you have to make sure to run adprep /forestprep on the Schema controller else it will fail.
ASKER
The Configuration Container on the 2008 server displays the 'CN=406' locale group fine but when replicating the configuration from 2008 to 2003 it makes no change to the 2003 server's Configuration container. There continues to be an operation error when attempting to display the contents of the group.
And as I understand it, there is no ADPrep32 available for Server 2012 to run on the 2003 server. This is now an automatic step from within the Promotion Wizard in 2012. I did attempt to run ADPrep from the 2012 server manually for forestprep and received the same error as above.
And as I understand it, there is no ADPrep32 available for Server 2012 to run on the 2003 server. This is now an automatic step from within the Promotion Wizard in 2012. I did attempt to run ADPrep from the 2012 server manually for forestprep and received the same error as above.
How you replicate? From the NTDS directory?
Try to replicate from command line:
Ex: repadmin /replicate <Dest_DSA_List> <Source_DSA_Name> <Naming Context> [/force]
repadmin /replicate "2003" "2008" "CN=Configuration,CN=Displ
And see if let you do that, after check the partition on 2003.
Regards
Try to replicate from command line:
Ex: repadmin /replicate <Dest_DSA_List> <Source_DSA_Name> <Naming Context> [/force]
repadmin /replicate "2003" "2008" "CN=Configuration,CN=Displ
And see if let you do that, after check the partition on 2003.
Regards
Can you move the FSMO role to Win2008 DC and point the dns setting on Win2012 to only Win2008 DC and then proceed with promoting the DC.
Hi,
please also see this thread http://social.technet.microsoft.com/Forums/en-US/0eb5670e-1786-4b1c-b970-30fe0f28583e/adding-server-2012-as-dc-to-server-2003-domain-getting-adprep-error
and see if this helps
please also see this thread http://social.technet.microsoft.com/Forums/en-US/0eb5670e-1786-4b1c-b970-30fe0f28583e/adding-server-2012-as-dc-to-server-2003-domain-getting-adprep-error
and see if this helps
ASKER
The issue ended up being caused by the failing health of the 2003 AD Schema. I ended up transferring to 2008, demoting and removing 2003 and promoting then transferring FSMO to 2012, without issue. Thanks for your willingness to help!
Great to ear that everything is working now.
Regards.
Regards.
How did you solve the error? because 2008 needs the adprep / forestprep not to fail and it is ok for the dcpromo
ASKER
Here's the results when run from PDC Server:
It may come to temporarily transitioning the PDC to 2008 but it's in another city so I'd like to leave this as a last resort.