I spent over five hours now to solve a failure during the process of Promoting a freshly installed Windows Server 2016 Standard-Server to a domain controller in our Server 2008 R2 level network.
Here is the problem: If I try to add the 2016 Server as a domain controller and choose to replicate from the DC2 (has all FSMO-Roles) it prompts the following failure message when
I choose the DC2:
Error determining whether the target environment require adprep:
Validation error Validation error: Unable to make an LDAP connection
to server DC2.company.lan
Exception: The specified server cannot
perform the requested operation
Details:
Test.VerifyForestUpgradeStatus.ADPrep.Win32Exception.-2147467259
Screenshot Failure Message DC2
If I choose the DC1:
Error determining whether the target environment require adprep:
Validation error Validation error: Unable to check forest upgrade
status for server DC1.company.lan
Exception: The specified server
cannot perform the requested operation
Details:
Test.VerifyForestUpgradeStatus.ADPrep.Win32Exception.-2147467259
Screenshot Failure Message DC1
During my research on the web - I have to confess I am an advanced beginner in Windows Network Administration and may miss some basic knowledge - I found a similiar topic on serverfault:
Fix error determining whether the target environment requires adprep in windows server 2012, during domain controller promotion
But I have checked that and DC2 is scheme master.
My second approach was that I have missing admin privileges because I only was a domain administrator. So I wrote our main administrator to set my account to a scheme administrator. He has done that. But I still do get these failure messages... they are the same. I even tried a restart, but nothing changed. Unfortunatley our main administrator even has no further idea...
What ideas do you have? Am I missing something essential like the scheme administration privileges?
By the way it is confusing that the DC2 failure message is about ldap, but we don't knowingly use LDAP in our network... or is it part of the Active Directory? (I thought it has Kerberos or something like that for authentication...)
FSOM (netdom query fsom)
Scheme-Master:
DC2.company.lan
Domain-Master:
DC2.company.lan
PDC:
DC2.company.lan
RID-Pool-Manager:
DC2.company.lan
Infrastrukturmaster
DC2.company.lan
Answer
Active Directory uses LDAP. You should start by verifying that you can reach the existing domain controllers from the new server and that nothing, including firewalls on the existing dc's, is blocking the ports used by LDAP/AD.
No comments:
Post a Comment