Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1637
  • Last Modified:

add 2012 DC to Server 2003 domain

I have a single server running Server 2003 Std. sp2. I added a Server 2012 Std Server to the domain as a member server. I am now trying to promote the 2012 server to a DC. The 2003 forest and domain are in 2003 functional level. I am getting the error described here; http://support.microsoft.com/kb/2737560 when the prerequisites check runs (last step before installation) I followed resolution one by adding the logon permissions to the built in administrator account. Instead of following step two I turned off all firewalls and AV programs but I'm still getting the same error. There is no Exchange Server
0
rettif9
Asked:
rettif9
  • 8
  • 3
  • 3
1 Solution
 
yo_beeDirector of ITCommented:
did you shut the firewall service off or just went into Control Panel and turned of the firewall feature for your domain network connection on your 2012 server?

If you shut the service off you need to have it turned and just disable the feature from within control panel.

Not sure if this will work, but I know if you disable the service you will not be able to RDP into a OS running W7, 2008, W8 or 2012.  This might be the case if you did disable the service on that 2012 box.
0
 
rettif9ManagerAuthor Commented:
server 2012 firewall is on in services, off in control panel. server 2003 firewall is off in services.
0
 
yo_beeDirector of ITCommented:
So that idea is out the window.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
yo_beeDirector of ITCommented:
did you run adprep on the 2003 box?
0
 
rettif9ManagerAuthor Commented:
Supposedly not necessary in 2012 it runs automatically during promotion. http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx
0
 
rettif9ManagerAuthor Commented:
Getting late here will continue tomorrow.
0
 
MaheshArchitectCommented:
Try below

Reboot Windows 2003 PDC server and server hosting Schema master and Domain naming master once.

Then Make sure you have logged on 2012 server with account having Enterprise Admins, domain admins and schema admins group membership prior to start below operations.

Check if ADDS tools is already installed on 2012 member server when you tried to run DC promotion from GUI, if not just add them through server manager.
Then insert 2012 DVD \ ISO and browse to \Support\Adprep folder in DVD from elevated command prompt run below commands on 2012 member server

Adprep /Forestprep
Adprep /domainprep
Adprep /domainprep /gpprep
adprep /rodcprep -- This is required only if you wanted to run RODC in Windows 2003 forest. However you may run this command if wanted to without any issues
http://technet.microsoft.com/library/cc731728.aspx

Side Note:
You must run adprep /domainprep and adprep /domainprep /gpprep in all domains in given forest
Same thing is applied to adprep /rodcprep command as well.

Once that all commands completed successfully, just reboot 2012 server once and try to run DCPromo wizard on 2012 member server, it will work hopefully

Mahesh
0
 
rettif9ManagerAuthor Commented:
I now have several tools in Administrative tools on the 2012 server that are normally only found in DCs. like AD domains and Trusts, AD users and computers, etc.

I ran DCDiag from the 2012 server.

I have replaced some names with [generic equivalent]

i.e. localDomain.local = [LOCALDOMAIN]
new server = [2012Server]
existing server = [2003Server]

There seem to be a few causes for concern please advise.

Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.

C:\Users\administrator.[LOCALDOMAIN]>dcdiag /c

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   ***Error: [2012Server] is not a Directory Server.  Must specify /s:<Directory
   Server> or  /n:<Naming Context> or nothing to use the local machine.
   ERROR: Could not find home server.

C:\Users\administrator.[LOCALDOMAIN]>dcdiag /c /s:[2003Server]

Directory Server Diagnosis

Performing initial setup:
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site\[2003SERVER]
      Starting test: Connectivity
         ......................... [2003SERVER] passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\[2003SERVER]
      Starting test: Advertising
         ......................... [2003SERVER] passed test Advertising
      Starting test: CheckSecurityError
         [[2003SERVER]] No security related replication errors were found on this DC!
         To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... [2003SERVER] passed test CheckSecurityError
      Starting test: CutoffServers
         ......................... [2003SERVER] passed test CutoffServers
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... [2003SERVER] failed test FrsEvent
      Starting test: DFSREvent
         ......................... [2003SERVER] passed test DFSREvent
      Starting test: SysVolCheck
         ......................... [2003SERVER] passed test SysVolCheck
      Starting test: FrsSysVol
         ......................... [2003SERVER] passed test FrsSysVol
      Starting test: KccEvent
         ......................... [2003SERVER] passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... [2003SERVER] passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... [2003SERVER] passed test MachineAccount
      Starting test: NCSecDesc
         ......................... [2003SERVER] passed test NCSecDesc
      Starting test: NetLogons
         ......................... [2003SERVER] passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... [2003SERVER] passed test ObjectsReplicated
      Starting test: OutboundSecureChannels
         ** Did not run Outbound Secure Channels test because /testdomain: was
         not entered
         ......................... [2003SERVER] passed test OutboundSecureChannels
      Starting test: Replications
         ......................... [2003SERVER] passed test Replications
      Starting test: RidManager
         ......................... [2003SERVER] passed test RidManager
      Starting test: Services
            Invalid service type: RpcSs on [2003SERVER], current value
            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
         ......................... [2003SERVER] failed test Services
      Starting test: SystemLog
         ......................... [2003SERVER] passed test SystemLog
      Starting test: Topology
         ......................... [2003SERVER] passed test Topology
      Starting test: VerifyEnterpriseReferences
         ......................... [2003SERVER] passed test VerifyEnterpriseReferences
      Starting test: VerifyReferences
         ......................... [2003SERVER] passed test VerifyReferences
      Starting test: VerifyReplicas
         ......................... [2003SERVER] passed test VerifyReplicas

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... [2003SERVER] failed test DNS

   Running partition tests on : TAPI3Directory
      Starting test: CheckSDRefDom
         ......................... TAPI3Directory passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... TAPI3Directory passed test
         CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : [LOCALDOMAIN]
      Starting test: CheckSDRefDom
         ......................... [LOCALDOMAIN] passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... [LOCALDOMAIN] passed test CrossRefValidation

   Running enterprise tests on : [LOCALDOMAIN].local
      Starting test: DNS
         Test results for domain controllers:

            DC: [2003Server].[LOCALDOMAIN].local
            Domain: [LOCALDOMAIN].local


               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  No host records (A or AAAA) were found for this DC

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: [LOCALDOMAIN].local
               [2003Server]                        PASS FAIL n/a  n/a  n/a  n/a  n/a

         ......................... [LOCALDOMAIN].local failed test DNS
      Starting test: LocatorCheck
         ......................... [LOCALDOMAIN].local passed test LocatorCheck
      Starting test: FsmoCheck
         ......................... [LOCALDOMAIN].local passed test FsmoCheck
      Starting test: Intersite
         ......................... [LOCALDOMAIN].local passed test Intersite

C:\Users\administrator.[LOCALDOMAIN]>
0
 
MaheshArchitectCommented:
Basically output states that 2012 server is not promoted to DC yet and 2003 server is functional DC.
The AD tools are installed on that when you tried to promote it as Domain controller at 1st place.
Simply go to command prompt and enter net Share on 2012 member server, it will not show you netlogon and Sysvol share.
Also In domain controllers OU on 2003 DC, you will not found 2012 as a DC, it will be found as 2012 member server in ADUC
Also if you try to connect ADUC to different server, it will not show you 2012 server as it is not promoted to DC yet.

Also check if 2003 DC is functioning properly
Run net share in command prompt, it should show netlogon and Sysvol share
Check directory events for 1394 event ID
Check File replication events for 13516
Check all AD services are running properly
Netlogon
File replication services
DNS Server
DNS Client
Intersite messaging
Security accounts Manager
Kerberos Key distribution centre
Remote registry

In command prompt run nslookup
This should resolve to its own IP address and FQDN
In DNS, under _msdcs.domain.com zone check that 2003 server DC GUID is listed and under NS records also.
Ensure that DC is pointing itself in tcp/ip properties
Go to run and enter %logonserver% and it should resolve to its own NetBIOS name
In command prompt run netdom query fsmo and verify that all FSMO roles are listed

Then you could probably go ahead and follow my 1st comment to deploy 2012 ADC
Ensure that 2012 DC is pointing to 2003 DC in its tcp/ip network card properties for  dns name resolution

Mahesh
0
 
rettif9ManagerAuthor Commented:
@Mahesh,

I had an Exchange server go down so this got moved to back burner. Hoping to get time to work on it today.
0
 
rettif9ManagerAuthor Commented:
Adprep /Forestprep log file has two errors;
Adprep could not retrieve data from the server [2003 server.domain].local through Windows Managment Instrumentation (WMI).

[User Action]

Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20140109220221 directory for possible cause of failure.
[2014/01/09:22:03:18.989]
Adprep encountered a Win32 error.

Error code: 0x6ba Error message: The RPC server is unavailable.

Tried this fix under known issues but it didn't help; http://technet.microsoft.com/en-us/library/hh472161.aspx
0
 
MaheshArchitectCommented:
I hope 2012 server is member server, if not please make it

Run below command on 2012 DC in elevated command prompt to turn off firewall for all 3 profiles

netsh advfirewall set allprofiles state off
Also ensure that you remove IPv6 checkbox from tcp/ip properties on 2012 server and server must point to 2003 DC in preferred DNS entry in tcp/ip settings.

Then try to run schema upgrade

If still it fails try below workaround:
Introduce 2008 R2 member server in existing 2003 domain and install AD RSAT tools from windows features and then insert 2012 DVD in 2008 R2 member server and from there try to upgrade schema.

If all above actions fails, then try workaround mentioned in below article:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/d6dd1256-4561-4981-a24e-da075b5d79f3/adding-new-server-2012-dc-in-existing-2003-forest?forum=winserverDS

Mahesh
0
 
rettif9ManagerAuthor Commented:
@Mahesh
I've got limited opportunities to work on this, but plan to try again Friday evening. I tried the netsh command which completed successfully but then Adprep /forestprep failed again anyway. I plan to try this again. If that fails I'll get a 2008 R2 server joined to the network and try that.
0
 
rettif9ManagerAuthor Commented:
After rebooting both servers and getting both firewalls stopped The DC promotion completed successfully. Replication looks like it will be the next challenge. Thanks Mahesh
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 8
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now