adprep /domainprep /gpprep fails

Discussion in 'Active Directory' started by ryguy, Jun 24, 2008.

  1. ryguy

    ryguy Guest

    Hey there, thanks for reading my question. I am having problems adding a new
    Server 2008 x64 as domain controller in an existing 2003 forest.

    The entire situation is a bit embaressing, so I should tell you ahead of
    time that I am new to IT, and I've likely made mistakes. Please bear with me.

    We have an old 2003 server that functioned as dc. It is not valid, and we
    can no longer log into it. (I should mention that I do no support piracy, and
    as such, have worked very hard to bring everything here to a professional
    level)

    We have invested in a brand new 2008 server which I want to replace the 2003
    completely. The 2003 is an old unreliable computer, and I do not want it
    performing any domain level function anymore.

    Since I cannot log into the old 2003 to run adprep, I can't promote the 2008
    to dc. My idea to work around this was create a hyper-v virtual machine with
    2003, transfer roles to the 2003 virtual machine, and run adprep from there.
    I did this, but am stuck with a couple differant issues:

    1) After forestprep succeeded, domainprep /gpprep fails
    log says
    Adprep unable to update domain information
    Adprep requires access to existing domain-wide information from the
    infrastructure master in order to complete this operation.

    notes:
    -I made sure the sysvol reg key is correct
    -this virtual machine dc is infrastructure master, as well as all other fsmo
    roles

    2) Ignoring this error, I attempted to use dcpromo on 2008 anyway, however
    warnings that I do not understand convinced me not to continue without asking
    for help. The warning I received says: A delegation for this DNS server
    cannot be created because the authoritative parent zone cannot be found or it
    does not run Windows DNS server. To enable reliable DNS name resolution from
    outside the domain *FQDN*, you should create a delegation to this DNS server
    manually in the parent zone. Do you want to continue?

    What do I do now???? The old 2003 is still running, serving up dc, and now
    I've got a virtual machine 2003 running as another, neither of which are
    valid, and I need to get rid of, and 2008 sitting here, just waiting to get a
    peice of the action.

    Any help is well appreciated! Thanks
     
    ryguy, Jun 24, 2008
    #1

    1. Advertisements

  2. ryguy

    Jorge Silva Guest

    Hi

    Can you login in the old server and run the dcdiag and netdiag tools from MS
    Support Tools?

    --
    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
     
    Jorge Silva, Jun 24, 2008
    #2

    1. Advertisements

  3. ryguy

    Jorge de Almeida Pinto [MVP - DS] Guest

    Since I cannot log into the old 2003 to run adprep, I can't promote the
    why are you not able to logon to the DC, but you are able to promote an
    additional DC? Both require domain admin permissions, so that is kinda
    strange to me

    I would make the environment as healthy as possible, install new HW/SW and
    kick out the old stuff

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
     
    Jorge de Almeida Pinto [MVP - DS], Jun 24, 2008
    #3
  4. ryguy

    Ryguy Guest

    Thank you Jorge, but I do not believe you understood me completely, so I will
    clarify.

    I cannot log into the desktop of the original DC because wpa is invalid. To
    work around this I installed another 2003 server as a virtual machine on
    another computer to run forestprep and domainprep. But domainprep produced
    errors.

    I can use this virtual machine to do anything now, but errors are occuring.
    I need assitance with the errors that I listed in the original message re:
    domainprep. The errors are what I need help with now. I have access to a DC
    to perform the required steps.
     
    Ryguy, Jun 24, 2008
    #4
  5. ryguy

    Ryguy Guest

    dcdiag results:
    Starting test: NetLogons
    Unable to connect to the NETLOGON share! (\\AT-6CE49F618025\netlogon)
    [AT-6CE49F618025] An net use or LsaPolicy operation failed with
    error 1
    203, No network provider accepted the given network path..
    ......................... AT-6CE49F618025 failed test NetLogons
    Starting test: Advertising
    Warning: DsGetDcName returned information for
    \\server-room.ambutrans.l
    ocal, when we were trying to reach AT-6CE49F618025.
    Server is not responding or is not considered suitable.
    ......................... AT-6CE49F618025 failed test Advertising

    Starting test: frsevent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may
    cause
    Group Policy problems.
    ......................... AT-6CE49F618025 failed test frsevent
     
    Ryguy, Jun 24, 2008
    #5
  6. ryguy

    Ryguy Guest

    netdiag results:
    Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the
    local
    machine. This machine is not working properly as a DC.
     
    Ryguy, Jun 24, 2008
    #6
  7. ryguy

    Jorge de Almeida Pinto [MVP - DS] Guest

    ahhhhh. now I understand

    ok, try the following

    introduce a NEW w2k3 DC into the existing domain (which is just 1 DC) and
    also make it a GC and a DNS server. After the promotion the domain will have
    two DCs, one unhealthy and one healthy
    from the healthy DC start exporting stuff that needs to be exported (.e.g
    DHCP stuff, etc.)
    Shutdown the UNhealthy DC
    on the healthy DC clean the AD metadata of the UNhealhty DC
    on the healthy DC seize ALL FSMO to the healthy DC

    use the following commands to check the health of the healthy DC:
    DCDIAG /C /D /V
    GPOTOOL /CheckAcl /Verbose

    if thats OK do:
    ADPREP /FORESTPREP
    ADPREP /RODCPREP (if you want to use RODCs, does not hurt if you do this!)
    ADPREP /DOMAINPREP /GPPREP

    Install the W2K8 DC, make it a GC, a DNS server and transfer the FSMO roles
    to the W2K8 DC
    demote the healthy w2k3 DC and remove from domain

    it should be something like this

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
     
    Jorge de Almeida Pinto [MVP - DS], Jun 24, 2008
    #7
  8. ryguy

    Ryguy Guest

    things have become pretty desperate for me

    i can't get a healthy dc to replicate from the unhealthy. strange though,
    cause i've promoted the new 2008 server already, and it's also running a vm
    of 2003 server, also a dc. all three dc's are unhealthy! the first one, the
    one I'm trying to replace, I can't log into it, but it continues to run. The
    second one in the vm, and the third, the 2008, neither of which are charing
    sysvol, so replication isn't successfull?! the event logs mention a few
    things, but nothing concrete. Anyone have any suggestions?

    Please see two messages i've replied to this one. The first message contains
    event log entries, and the second one the results of dcdiag
     
    Ryguy, Jun 26, 2008
    #8
  9. ryguy

    Ryguy Guest

    Directory Server Diagnosis

    Performing initial setup:
    Trying to find home server...
    Home Server = ATSERV
    * Identified AD Forest.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\ATSERV
    Starting test: Connectivity
    ......................... ATSERV passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\ATSERV
    Starting test: Advertising
    Warning: DsGetDcName returned information for
    \\server-room.atdomain.local, when we were trying to reach ATSERV.
    SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
    ......................... ATSERV failed test Advertising
    Starting test: FrsEvent
    There are warning or error events within the last 24 hours after the
    Group Policy problems. Failing SYSVOL replication problems may cau
    ......................... ATSERV passed test FrsEvent
    Starting test: DFSREvent
    There are warning or error events within the last 24 hours after the
    Group Policy problems. Failing SYSVOL replication problems may cau
    ......................... ATSERV failed test DFSREvent
    Starting test: SysVolCheck
    ......................... ATSERV passed test SysVolCheck
    Starting test: KccEvent
    ......................... ATSERV passed test KccEvent
    Starting test: KnowsOfRoleHolders
    ......................... ATSERV passed test KnowsOfRoleHolders
    Starting test: MachineAccount
    ......................... ATSERV passed test MachineAccount
    Starting test: NCSecDesc
    Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
    Replicating Directory Changes In Filtered Set
    access rights for the naming context:
    DC=ForestDnsZones,DC=atdomain,DC=local
    Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
    Replicating Directory Changes In Filtered Set
    access rights for the naming context:
    DC=DomainDnsZones,DC=atdomain,DC=local
    ......................... ATSERV failed test NCSecDesc
    Starting test: NetLogons
    Unable to connect to the NETLOGON share! (\\ATSERV\netlogon)
    [ATSERV] An net use or LsaPolicy operation failed with error 67,
    Win32 Error 67.
    ......................... ATSERV failed test NetLogons
    Starting test: ObjectsReplicated
    ......................... ATSERV passed test ObjectsReplicated
    Starting test: Replications
    ......................... ATSERV passed test Replications
    Starting test: RidManager
    ......................... ATSERV passed test RidManager
    Starting test: Services
    ......................... ATSERV passed test Services
    Starting test: SystemLog
    An Warning Event occurred. EventID: 0x80040020
    Time Generated: 06/25/2008 19:40:53
    EvtFormatMessage failed, error 15100 Win32 Error 15100.
    (Event String (event log = System) could not be retrieved, error
    0x3afc)
    An Warning Event occurred. EventID: 0x80040020
    Time Generated: 06/25/2008 19:40:53
    EvtFormatMessage failed, error 15100 Win32 Error 15100.
    (Event String (event log = System) could not be retrieved, error
    0x3afc)
    An Warning Event occurred. EventID: 0x80040020
    Time Generated: 06/25/2008 19:40:53
    EvtFormatMessage failed, error 15100 Win32 Error 15100.
    (Event String (event log = System) could not be retrieved, error
    0x3afc)
    An Warning Event occurred. EventID: 0x8000001D
    Time Generated: 06/25/2008 19:41:23
    EvtFormatMessage failed, error 15100 Win32 Error 15100.
    (Event String (event log = System) could not be retrieved, error
    0x3afc)
    An Warning Event occurred. EventID: 0x00000C18
    Time Generated: 06/25/2008 19:41:30
    EvtFormatMessage failed, error 15100 Win32 Error 15100.
    (Event String (event log = System) could not be retrieved, error
    0x3afc)
    An Warning Event occurred. EventID: 0x80001421
    Time Generated: 06/25/2008 19:41:51
    EvtFormatMessage failed, error 15100 Win32 Error 15100.
    (Event String (event log = System) could not be retrieved, error
    0x3afc)
    An Warning Event occurred. EventID: 0x8000A000
    Time Generated: 06/25/2008 19:41:53
    EvtFormatMessage failed, error 15100 Win32 Error 15100.
    (Event String (event log = System) could not be retrieved, error
    0x3afc)
    An Error Event occurred. EventID: 0xC0001B81
    Time Generated: 06/25/2008 19:42:08
    EvtFormatMessage failed, error 15100 Win32 Error 15100.
    (Event String (event log = System) could not be retrieved, error
    0x3afc)
    An Error Event occurred. EventID: 0xC0001B58
    Time Generated: 06/25/2008 19:42:08
    EvtFormatMessage failed, error 15100 Win32 Error 15100.
    (Event String (event log = System) could not be retrieved, error
    0x3afc)
    An Error Event occurred. EventID: 0xC0001B81
    Time Generated: 06/25/2008 19:42:08
    EvtFormatMessage failed, error 15100 Win32 Error 15100.
    (Event String (event log = System) could not be retrieved, error
    0x3afc)
    An Error Event occurred. EventID: 0xC0001B58
    ************************************************************************************
    This repetition of errors continues for three pages!!!
    I am breaking here, and continuing, for the sanity of this thread!
    ************************************************************************************
    ......................... ATSERV failed test SystemLog
    Starting test: VerifyReferences
    Some objects relating to the DC ATSERV have problems:
    [1] Problem: Missing Expected Value
    Base Object:
    CN=NTDS
    Settings,CN=ATSERV,CN=Servers,CN=Default-First-Site-Name,CN=
    Sites,CN=Configuration,DC=atdomain,DC=local
    Base Object Description: "DSA Object"
    Value Object Attribute Name: serverReferenceBL
    Value Object Description: "SYSVOL FRS Member Object"
    Recommended Action: See Knowledge Base Article: Q312862

    ......................... ATSERV failed test VerifyReferences


    Running partition tests on : ForestDnsZones
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test
    CrossRefValidation

    Running partition tests on : DomainDnsZones
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test
    CrossRefValidation

    Running partition tests on : Schema
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation

    Running partition tests on : Configuration
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Configuration passed test
    CrossRefValidation
    Running partition tests on : atdomain
    Starting test: CheckSDRefDom
    ......................... atdomain passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... ATSERV failed test SystemLog
    Starting test: VerifyReferences
    Some objects relating to the DC ATSERV have problems:
    [1] Problem: Missing Expected Value
    Base Object:
    CN=NTDS
    Settings,CN=ATSERV,CN=Servers,CN=Default-First-Site-Name,CN=
    Sites,CN=Configuration,DC=atdomain,DC=local
    Base Object Description: "DSA Object"
    Value Object Attribute Name: serverReferenceBL
    Value Object Description: "SYSVOL FRS Member Object"
    Recommended Action: See Knowledge Base Article: Q312862

    ......................... ATSERV failed test VerifyReferences


    Running partition tests on : ForestDnsZones
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test
    CrossRefValidation

    Running partition tests on : DomainDnsZones
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test
    CrossRefValidation

    Running partition tests on : Schema
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation

    Running partition tests on : Configuration
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Configuration passed test
    CrossRefValidation
    Running partition tests on : atdomain
    Starting test: CheckSDRefDom
    ......................... atdomain passed test CheckSDRefDom
    Starting test: CrossRefValidation
     
    Ryguy, Jun 26, 2008
    #9
  10. ryguy

    Ryan T Guest

    Years later I stumbled upon this while googling, and I see that I neglected to inform you all of my solution!

    I used the task sceheduling service to remotely to execute the commands I couldn't execute locally. Finally I got that old DC off the network, and life there've been no issues since (3 years later).
     
    Ryan T, Jan 8, 2012
    #10
  11. ryguy

    Ryan T Guest

    Years later I stumbled upon this while googling, and I see that I neglected to inform you all of my solution!

    I used the task sceheduling service to remotely to execute the commands I couldn't execute locally. Finally I got that old DC off the network, and life there've been no issues since (3 years later).
     
    Ryan T, Jan 8, 2012
    #11

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. adprep /domainprep was rather quick ?

  2. Adprep /domainprep problem

  3. ADPREP /DOMAINPREP fails

  4. adprep /domainprep /gpprep

  5. ADPREP /DOMAINPREP /GPPREP

  6. adprep /domainprep fails

  7. Should I adprep /gpprep ?

Loading...