Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Unable to Promote Windows 2012 R2 Domain Controller in 2008 Domain

Avatar of MPLJasper
MPLJasper asked on
Active DirectoryWindows Server 2008Windows Server 2012
2 Comments1 Solution9956 ViewsLast Modified:
I am trying to promote a Windows Server 2012 R2 to a domain controller in an existing

domain containing two Windows 2008 domain controllers. The current domain functional level is Windows Server 2008. When I run the Wizard on the Win2012r2 server it creates this Powershell script:

#
# Windows PowerShell script for AD DS Deployment
#

Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainName "mydomain.local" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SiteName "Default-First-Site-Name" `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true



When the prerequisite check runs it returns the following error:


Windows Server 2012 domain controllers have a default for the security setting named

"Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker

cryptography algorithms when establishing security channel sessions.
For more information about this setting, see Knowledge Base article 942564

(http://go.microsoft.com/fwlink/?LinkId=104751).

A delegation for this DNS server cannot be created because the authoritative parent zone

cannot be found or it does not run Windows DNS server. If you are integrating with an

existing DNS infrastructure, you should manually create a delegation to this DNS server

in the parent zone to ensure reliable name resolution from outside the domain

"mydomain.local". Otherwise, no action is required.

Verification of prerequisites for Active Directory preparation failed. Unable to perform

Exchange schema conflict check for domain mydomain.local.
Exception: Server execution failed.
Adprep could not retrieve data from the server PDC.mydomain.local through Windows

Managment Instrumentation (WMI).
[User Action]
Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20141211091657-test

directory for possible cause of failure.

Prerequisites Check Completed

One or more prerequisites failed.  Please fix these issues and click "Rerun

prerequisites check"


The important failure is the "unable to perform Exchange schema conflict check", as it

will not let me continue with the server promotion.

The ADPrep.log:

[2014/12/11:09:16:57.426]
Adprep created the log file 'C:\Windows\debug\adprep\logs\20141211091657-test

\ADPrep.log'
[2014/12/11:09:16:57.426]
Adprep successfully initialized global variables.[Status/Consequence]Adprep is

continuing.
[2014/12/11:09:16:57.435]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is CN=Schema,CN=Configuration,DC=mydomain,DC=local.
[2014/12/11:09:16:57.436]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.436]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is CN=PDC,CN=Servers,CN=Default-First-Site-

Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local.
[2014/12/11:09:16:57.436]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.436]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is CN=Schema,CN=Configuration,DC=mydomain,DC=local.
[2014/12/11:09:16:57.437]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.439]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is CN=Infrastructure,DC=mydomain,DC=local.
[2014/12/11:09:16:57.440]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.440]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is CN=PDC,CN=Servers,CN=Default-First-Site-

Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local.
[2014/12/11:09:16:57.441]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.453]
Adprep discovered the schema FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.457]
Adprep connected to the schema FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.457]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is (null).
[2014/12/11:09:16:57.457]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.457]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2014/12/11:09:16:57.457]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is DC=mydomain,DC=local.
[2014/12/11:09:16:57.458]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.458]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is (null).
[2014/12/11:09:16:57.459]
LDAP API ldap_search_ext_s finished, return code is 0x0
[2014/12/11:09:16:57.459]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is (null).
[2014/12/11:09:16:57.459]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.469]
Adprep discovered the Infrastructure FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.473]
Adprep connected to the Infrastructure FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.473]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is (null).
[2014/12/11:09:16:57.474]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.474]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2014/12/11:09:16:57.474]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is DC=mydomain,DC=local.
[2014/12/11:09:16:57.475]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.475]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is (null).
[2014/12/11:09:16:57.475]
LDAP API ldap_search_ext_s finished, return code is 0x0
[2014/12/11:09:16:57.475]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is (null).
[2014/12/11:09:16:57.476]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.500]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is (null).
[2014/12/11:09:16:57.501]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.501]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2014/12/11:09:16:57.501]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to

start the search is CN=UID,CN=Schema,CN=Configuration,DC=mydomain,DC=local.
[2014/12/11:09:16:57.512]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.512]
Adprep successfully determined whether Microsoft Windows Services for UNIX (SFU) is

installed or not. If adprep detected SFU, adprep also verified that Microsoft hotfix

Q293783 for SFU has been applied.
[2014/12/11:09:17:27.623]
Adprep could not retrieve data from the server PDC.mydomain.local through Windows

Managment Instrumentation (WMI).[User Action]Check the log file ADPrep.log in the C:

\Windows\debug\adprep\logs\20141211091657-test directory for possible cause of failure.
[2014/12/11:09:17:27.623]
Adprep encountered an error. Error code: 0x80080005 Error message: Server execution

failed

DSID Info:
DSID: 0x181001a6
HRESULT = 0x80080005
NT BUILD: 9200
NT BUILD: 16384

[2014/12/11:09:17:27.623]
Adprep failed while performing Exchange schema check.[Status/Consequence]The Active

Directory Domain Services schema is not upgraded.[User Action]Check the log file

ADPrep.log in the C:\Windows\debug\adprep\logs\20141211091657-test directory for

possible cause of failure.
[2014/12/11:09:17:27.623]
Adprep encountered an error. Error code: 0x80080005 Error message: Server execution

failed

DSID Info:
DSID: 0x181001a6
HRESULT = 0x80080005
NT BUILD: 9200
NT BUILD: 16384

Windows firewall on the servers is disabled and there is no network firewall between the servers. I am logged in as a Domain Admin/Enterprise Admin/Schema Admin.
ASKER CERTIFIED SOLUTION
Avatar of v_2abhis2
v_2abhis2

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 2 Comments.
See Answers