Solved

Migration from Server 2003 - 2012 - Unable to promote to DC - ACCESS DENIED

Posted on 2014-02-24
4
3,705 Views
1 Endorsement
Last Modified: 2014-03-04
We have a single server running as a file server / domain controller. We are having an issue migrating AD DS from Server 2003 to Server 2012.

When we run the Active Directory Services Configuration Wizard, we receive the following error at the prerequisites check:

Verification of prerequisite for Active Directory preparation failed. Unable to perform Exchange Schema conflict check for domain mydomain.local.
 Exception: Access is denied.
 Adprep could not retrieve data from the server server2003.mydomain.local through Windows Management Instrumentation (WMI).

I've verified that both servers Windows Firewall's are disabled, the Network Service has has logon right, and everyone has full permissions to WMI via WMIMGMT.MSC. I've also run commands to rebuild the WMI store and re-register.

We cannot connect to any PC via WMIMGMT.MSC on the LAN, so I'm starting to think its our Sonicwall TZ120. Everything else is working including DFS replication.
1
Comment
Question by:qualityip
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39884746
A firewall issue will throw an unable to connect or similarly worded warning. "Access Denied" as very explicitly reserved for a successful connection, but the OS denying access because of permissions. Make sure you are logged in as a member of all necessary admin groups (schema admin being notable) and if you've ever set up delegated permissions in AD and removed default permissions, re-add them or add the user account to the delegated groups as well.
0
 
LVL 9

Expert Comment

by:VirastaR
ID: 39885484
0
 

Accepted Solution

by:
qualityip earned 0 total points
ID: 39892040
I found that the issue was fixed by checking "Enable Distributed Com" for My Computer under component services on the Server 2003 server.
0
 

Author Closing Comment

by:qualityip
ID: 39902804
Found the answer by researching myself
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question