MPLJasper
asked on
Unable to Promote Windows 2012 R2 Domain Controller in 2008 Domain
I am trying to promote a Windows Server 2012 R2 to a domain controller in an existing
domain containing two Windows 2008 domain controllers. The current domain functional level is Windows Server 2008. When I run the Wizard on the Win2012r2 server it creates this Powershell script:
#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Install-ADDSDomainControll
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$fals
-CriticalReplicationOnly:$
-DatabasePath "C:\Windows\NTDS" `
-DomainName "mydomain.local" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$fal
-SiteName "Default-First-Site-Name" `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true
When the prerequisite check runs it returns the following error:
Windows Server 2012 domain controllers have a default for the security setting named
"Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker
cryptography algorithms when establishing security channel sessions.
For more information about this setting, see Knowledge Base article 942564
(http://go.microsoft.com/fwlink/?LinkId=104751).
A delegation for this DNS server cannot be created because the authoritative parent zone
cannot be found or it does not run Windows DNS server. If you are integrating with an
existing DNS infrastructure, you should manually create a delegation to this DNS server
in the parent zone to ensure reliable name resolution from outside the domain
"mydomain.local". Otherwise, no action is required.
Verification of prerequisites for Active Directory preparation failed. Unable to perform
Exchange schema conflict check for domain mydomain.local.
Exception: Server execution failed.
Adprep could not retrieve data from the server PDC.mydomain.local through Windows
Managment Instrumentation (WMI).
[User Action]
Check the log file ADPrep.log in the C:\Windows\debug\adprep\lo
directory for possible cause of failure.
Prerequisites Check Completed
One or more prerequisites failed. Please fix these issues and click "Rerun
prerequisites check"
The important failure is the "unable to perform Exchange schema conflict check", as it
will not let me continue with the server promotion.
The ADPrep.log:
[2014/12/11:09:16:57.426]
Adprep created the log file 'C:\Windows\debug\adprep\l
\ADPrep.log'
[2014/12/11:09:16:57.426]
Adprep successfully initialized global variables.[Status/Conseque
continuing.
[2014/12/11:09:16:57.435]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=Schema,CN=Configuration
[2014/12/11:09:16:57.436]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.436]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=PDC,CN=Servers,CN=Defau
Name,CN=Sites,CN=Configura
[2014/12/11:09:16:57.436]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.436]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=Schema,CN=Configuration
[2014/12/11:09:16:57.437]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.439]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=Infrastructure,DC=mydom
[2014/12/11:09:16:57.440]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.440]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=PDC,CN=Servers,CN=Defau
Name,CN=Sites,CN=Configura
[2014/12/11:09:16:57.441]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.453]
Adprep discovered the schema FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.457]
Adprep connected to the schema FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.457]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.457]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.457]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2014/12/11:09:16:57.457]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is DC=mydomain,DC=local.
[2014/12/11:09:16:57.458]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.458]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.459]
LDAP API ldap_search_ext_s finished, return code is 0x0
[2014/12/11:09:16:57.459]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.459]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.469]
Adprep discovered the Infrastructure FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.473]
Adprep connected to the Infrastructure FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.473]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.474]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.474]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2014/12/11:09:16:57.474]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is DC=mydomain,DC=local.
[2014/12/11:09:16:57.475]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.475]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.475]
LDAP API ldap_search_ext_s finished, return code is 0x0
[2014/12/11:09:16:57.475]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.476]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.500]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.501]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.501]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2014/12/11:09:16:57.501]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=UID,CN=Schema,CN=Config
[2014/12/11:09:16:57.512]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.512]
Adprep successfully determined whether Microsoft Windows Services for UNIX (SFU) is
installed or not. If adprep detected SFU, adprep also verified that Microsoft hotfix
Q293783 for SFU has been applied.
[2014/12/11:09:17:27.623]
Adprep could not retrieve data from the server PDC.mydomain.local through Windows
Managment Instrumentation (WMI).[User Action]Check the log file ADPrep.log in the C:
\Windows\debug\adprep\logs
[2014/12/11:09:17:27.623]
Adprep encountered an error. Error code: 0x80080005 Error message: Server execution
failed
DSID Info:
DSID: 0x181001a6
HRESULT = 0x80080005
NT BUILD: 9200
NT BUILD: 16384
[2014/12/11:09:17:27.623]
Adprep failed while performing Exchange schema check.[Status/Consequence]
Directory Domain Services schema is not upgraded.[User Action]Check the log file
ADPrep.log in the C:\Windows\debug\adprep\lo
possible cause of failure.
[2014/12/11:09:17:27.623]
Adprep encountered an error. Error code: 0x80080005 Error message: Server execution
failed
DSID Info:
DSID: 0x181001a6
HRESULT = 0x80080005
NT BUILD: 9200
NT BUILD: 16384
Windows firewall on the servers is disabled and there is no network firewall between the servers. I am logged in as a Domain Admin/Enterprise Admin/Schema Admin.
domain containing two Windows 2008 domain controllers. The current domain functional level is Windows Server 2008. When I run the Wizard on the Win2012r2 server it creates this Powershell script:
#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Install-ADDSDomainControll
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$fals
-CriticalReplicationOnly:$
-DatabasePath "C:\Windows\NTDS" `
-DomainName "mydomain.local" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$fal
-SiteName "Default-First-Site-Name" `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true
When the prerequisite check runs it returns the following error:
Windows Server 2012 domain controllers have a default for the security setting named
"Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker
cryptography algorithms when establishing security channel sessions.
For more information about this setting, see Knowledge Base article 942564
(http://go.microsoft.com/fwlink/?LinkId=104751).
A delegation for this DNS server cannot be created because the authoritative parent zone
cannot be found or it does not run Windows DNS server. If you are integrating with an
existing DNS infrastructure, you should manually create a delegation to this DNS server
in the parent zone to ensure reliable name resolution from outside the domain
"mydomain.local". Otherwise, no action is required.
Verification of prerequisites for Active Directory preparation failed. Unable to perform
Exchange schema conflict check for domain mydomain.local.
Exception: Server execution failed.
Adprep could not retrieve data from the server PDC.mydomain.local through Windows
Managment Instrumentation (WMI).
[User Action]
Check the log file ADPrep.log in the C:\Windows\debug\adprep\lo
directory for possible cause of failure.
Prerequisites Check Completed
One or more prerequisites failed. Please fix these issues and click "Rerun
prerequisites check"
The important failure is the "unable to perform Exchange schema conflict check", as it
will not let me continue with the server promotion.
The ADPrep.log:
[2014/12/11:09:16:57.426]
Adprep created the log file 'C:\Windows\debug\adprep\l
\ADPrep.log'
[2014/12/11:09:16:57.426]
Adprep successfully initialized global variables.[Status/Conseque
continuing.
[2014/12/11:09:16:57.435]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=Schema,CN=Configuration
[2014/12/11:09:16:57.436]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.436]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=PDC,CN=Servers,CN=Defau
Name,CN=Sites,CN=Configura
[2014/12/11:09:16:57.436]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.436]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=Schema,CN=Configuration
[2014/12/11:09:16:57.437]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.439]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=Infrastructure,DC=mydom
[2014/12/11:09:16:57.440]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.440]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=PDC,CN=Servers,CN=Defau
Name,CN=Sites,CN=Configura
[2014/12/11:09:16:57.441]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.453]
Adprep discovered the schema FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.457]
Adprep connected to the schema FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.457]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.457]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.457]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2014/12/11:09:16:57.457]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is DC=mydomain,DC=local.
[2014/12/11:09:16:57.458]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.458]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.459]
LDAP API ldap_search_ext_s finished, return code is 0x0
[2014/12/11:09:16:57.459]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.459]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.469]
Adprep discovered the Infrastructure FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.473]
Adprep connected to the Infrastructure FSMO: PDC.mydomain.local.
[2014/12/11:09:16:57.473]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.474]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.474]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2014/12/11:09:16:57.474]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is DC=mydomain,DC=local.
[2014/12/11:09:16:57.475]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.475]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.475]
LDAP API ldap_search_ext_s finished, return code is 0x0
[2014/12/11:09:16:57.475]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.476]
LDAP API ldap_search_s finished, return code is 0x0
[2014/12/11:09:16:57.500]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is (null).
[2014/12/11:09:16:57.501]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.501]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2014/12/11:09:16:57.501]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to
start the search is CN=UID,CN=Schema,CN=Config
[2014/12/11:09:16:57.512]
LDAP API ldap_search_s() finished, return code is 0x0
[2014/12/11:09:16:57.512]
Adprep successfully determined whether Microsoft Windows Services for UNIX (SFU) is
installed or not. If adprep detected SFU, adprep also verified that Microsoft hotfix
Q293783 for SFU has been applied.
[2014/12/11:09:17:27.623]
Adprep could not retrieve data from the server PDC.mydomain.local through Windows
Managment Instrumentation (WMI).[User Action]Check the log file ADPrep.log in the C:
\Windows\debug\adprep\logs
[2014/12/11:09:17:27.623]
Adprep encountered an error. Error code: 0x80080005 Error message: Server execution
failed
DSID Info:
DSID: 0x181001a6
HRESULT = 0x80080005
NT BUILD: 9200
NT BUILD: 16384
[2014/12/11:09:17:27.623]
Adprep failed while performing Exchange schema check.[Status/Consequence]
Directory Domain Services schema is not upgraded.[User Action]Check the log file
ADPrep.log in the C:\Windows\debug\adprep\lo
possible cause of failure.
[2014/12/11:09:17:27.623]
Adprep encountered an error. Error code: 0x80080005 Error message: Server execution
failed
DSID Info:
DSID: 0x181001a6
HRESULT = 0x80080005
NT BUILD: 9200
NT BUILD: 16384
Windows firewall on the servers is disabled and there is no network firewall between the servers. I am logged in as a Domain Admin/Enterprise Admin/Schema Admin.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Windows Server 2008
Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER