DCPROMO accross WAN VPN

Discussion in 'Active Directory' started by ken, Jan 5, 2005.

  1. ken

    ken Guest

    When I try to run DCpromo at a site local I get;

    "The active Directory Installation Wizard was unable to convert the computer
    account computername$ to a domain contoller account."Access is denied."."

    Hardware VPN to Branch location
    1. main location has 2003 small business server
    2. local 1 has a 2003 dc
    3. local 2 has 2000 dc
    4. will be a 2003 (the problem child)

    I had this problem the local 2 and 3 but was able to promote at central and
    then place on site.

    I can get move this server to main site for promotion, I beleave it tobe vpn
    latency?

    Tried;
    dcpromo standard and dcpromo advance w/backup. Both have same error at the
    end.
     
    ken, Jan 5, 2005
    #1
    1. Advertisements

  2. ken

    Herb Martin Guest

    If it isn't a firewall problem it is likely a
    DNS issue (or DNS due to firewall etc.)

    Start by checking DNS and running DCDiag
    on the existing DCs. Then go to the new-to-be-DC
    and use NSlookup (or similar) to prove you can
    contact the existing DNS.

    DNS for AD
    1) Dynamic for the zone supporting AD
    2) All internal DNS clients NIC\IP properties must specify SOLELY
    that internal, dynamic DNS server (set.)
    3) DCs and even DNS servers are DNS clients too -- see #2

    Restart NetLogon on any DC if you change any of the above that
    affects a DC and/or use:

    nltest /dsregdns /server:DC-ServerNameGoesHere

    Ensure that DNS zones/domains are fully replicated to all DNS
    servers for that (internal) zone/domain.
     
    Herb Martin, Jan 5, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.