So what was in the adPrep.log?
"Check the log file ADPrep.log, in the C:\Windows\debug\adprep\logs\20140207153306 directory for more information."

What is your schema version number? 
http://www.itguydiaries.net/2012/09/how-to-find-current-active-directory.html

Hi,

I am receiving an error when trying to promote a Windows 2008 R2 or a Windows 2012 R2 server to be a Domain Controller in an existing Windows 2003 (SP2) domain. I have tried both 2008 R2 and 2012 R2 and receiving the same error.

Existing Environment:

2 x Windows 2003 SP2 Domain Controllers
Several "External" trusts
Windows Server 2003 functional level
New Windows 2008 R2 and Windows Server 2012 R2 servers (with DNS pointing to existing 2003 DC's which are DNS servers)

The error:

The promotion errors with the following in the ADPREP.LOG file.

Adprep was unable to complete because the call back function failed.
[Status/Consequence]
Error message: Unable to access the computer "DomainControllerName.domain.com.au". Access is denied.
  (0x80070005).
[User Action]
Check the log file ADPrep.log, in the C:\Windows\debug\adprep\logs\20140207153306 directory for more information.

DSID Info:
DSID: 0x1811132a
winerror = 0x1f
NT BUILD: 9600
NT BUILD: 16384

[2014/02/07:15:33:06.648]
Adprep was unable to update forest information.

What have I tried so far?:

• Ensured account being used was part of Enterprise Admins group, Domain Admins Group and Schema Admins group. Also created a new AD account that ONLY belonged to those 3 groups.
• Disabled antivirus on source domain controller (the one referenced in the error)
• Ensured Windows Firewall was turned off on the source and target DC's
• Ensured AD account being used was part of the Administrators group in the domain
• Ensured Administrators had trusted delegation rights in Domain Controller Policy
• Ran ADPREP /forestprep and /domainprep /gpprep using Windows 2008 R2 media on the existing 2003 DC (successful)
• Tried doing DCPROMO (using Server Manager) on both a Windows 2008 R2 and a Windows 2012 R2 server. Same error on both servers.
• Checked Event Logs for anything obvious, but nothing I could see.
• Searched the net high and low for something to go on but can't find anything!!

Hope someone can help here! Luckily I cloned all these servers and am doing this in a test environment. (Both 2003 DC's which are also DNS servers, 2008 R2 target DC, 2012 R2 target DC, Exchange 2003 server and target Exchange 2010 server that will happen after DCPROMO).

is the server you are promoting already a member of the domain you are promoting it in?

are you using default domain controllers and default domain policies - or have they been modified (apart from password settings)

is the adprep log showing any additional errors?

is this happening during the promotion wizard or when you run adprep manually?

are you specifying the credentials for your domain admin account during the promotion wizard?

Yes the target domain controller is a member of the domain and I have tried both specifying the domain admin credentials during the promotion and also just using the logged in user credentials (domain admin too).

The error occurs when running the promotion wizard. I ran the 2008 R2 adprep32.exe utility on the Windows 2003 server and it went fine. But whenever I run the promotion wizard I get the error.

The actual error I receive during promotion in the wizard is "A device attached to the system is not functioning" and refers me to check the ADPREP.log file. The only error I see in it is the one I mentioned in my first post.

Schema version is: 45

As far as i'm aware, i'm using the default domain controller and domain policy.

Schema version is 45.

I'm having trouble getting details of the ADPREP.LOG pasted here due to it being a VM lab environment and just realised copy and paste doesn't work in the VM (thanks VMware). If I get a chance to shutdown the VM and enable it i'll post back. But didn't see any other errors in the log other than the one I posted already.

I just noticed that the Domain Controllers OU has policy inheritance blocked!! So the Default Domain Policy is not applying to the domain controllers! I certainly didn't do that.

How will this affect it? Not sure that I should just link the policy or not, don't know what might break!

Are there particular settings in the Default Domain Policy that would cause this error to occur that you know of?

Thanks.

 Here's a little more of the log prior and after the error:

[2014/02/08:09:32:29.885]
Adprep verified the state of operation cn=00232167-f3a4-43c6-b503-9acb7a81b01c,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=domain,DC=com,DC=au. 
[Status/Consequence]
The operation has not run or is not currently running. It will be run next.
[2014/02/08:09:32:29.936]
Adprep was unable to complete because the call back function failed. 
[Status/Consequence]
Error message: Unable to access the computer "SERVER.domain.com.au". Access is denied.
 (0x80070005).
[User Action]
Check the log file ADPrep.log, in the C:\Windows\debug\adprep\logs\20140208093229 directory for more information.


DSID Info:
DSID: 0x1811132a
winerror = 0x1f
NT BUILD: 9600
NT BUILD: 16384

[2014/02/08:09:32:29.936]
Adprep was unable to update forest information. 
[Status/Consequence]
Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.
[User Action]
Check the log file, ADPrep.log, in the C:\Windows\debug\adprep\logs\20140208093229 directory for more information. 

I removed inheritance blocking on the Domain Controllers OU (its a lab environment after all). Reboot both DC's and tried the promotion wizard again. Still no go. Same error in the wizard and in the ADPREP.log file.

What's going on!!!

Is the server you are running ad prep the schema master? Can you run dcdiag on the server and check for any errors.

Also Iim trying to see what schema version 45 relates too, not sure if this is linked to exchange as I'm only aware of the following. 13 Windows 2000 Server 30 Windows Server 2003 31 Windows Server 2003 R2 44 Windows Server 2008 47 Windows Server 2008 R2 56 Windows Server 2012 69 Windows Server 2012 R2 Preview Active Directory Lightweight Directory Services (AD LDS) 30 Active Directory Application Mode (ADAM) 30 Windows Server 2008 31 Windows Server 2008 R2 31 Windows Server 2012

Well when I run the promo wizard, that is running it on the new (target) domain controller.

When I ran adprep32.exe as part of trying to see if Windows 2008 R2 had the same issue, I ran that on the schema master itself and it was successful.

I'll try and get a DCDIAG done today and post back any errors.

As a test (as its a lab), I ran DCGPOFIX for both DC and Domain policies. Rebooted the DC's. Made no difference. Same error.

Only error I see in the DCDIAG is below, except for some DNS forwarders unreachable 9expected as I did not close those as they are other domains). Error in the DCDIAG log:

Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 02/09/2014   11:06:25
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 02/09/2014   11:07:32
            Event String: A Kerberos Error Message was received:
         on logon session 
 Client Time: 
 Server Time: 1:7:32.0000 2/9/2014 Z
 Error Code: 0xd KDC_ERR_BADOPTION
 Extended Error: 0xc00000bb KLIN(0)
 Client Realm: 
 Client Name: 
 Server Realm: DOMAIN.COM.AU
 Server Name: host/server.domain.com.au
 Target Name:
host/server.domain.com.au@DOMAIN.COM.AU
 Error Text: 
 File: 9
 Line: b22
 Error Data is in record data. 
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 02/09/2014   11:10:04
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 02/09/2014   11:10:25
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 02/09/2014   11:10:46
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 02/09/2014   11:11:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 02/09/2014   11:18:43
            Event String: A Kerberos Error Message was received:
         on logon session 
 Client Time: 
 Server Time: 1:18:43.0000 2/9/2014 Z
 Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
 Extended Error: 
 Client Realm: 
 Client Name: 
 Server Realm: DOMAIN.COM.AU
 Server Name: TermServLicensing
 Target Name:
TermServLicensing@DOMAIN.COM.AU
 Error Text: 
 File: 9
 Line: b22
 Error Data is in record data. 
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 02/09/2014   11:22:32
            Event String: A Kerberos Error Message was received:
         on logon session 
 Client Time: 
 Server Time: 1:22:32.0000 2/9/2014 Z
 Error Code: 0xd KDC_ERR_BADOPTION
 Extended Error: 0xc00000bb KLIN(0)
 Client Realm: 
 Client Name: 
 Server Realm: DOMAIN.COM.AU
 Server Name: host/server.domain.com.au
 Target Name:
host/server.domain.com.au@DOMAIN.COM.AU
 Error Text: 
 File: 9
 Line: b22
 Error Data is in record data. 
         An Error Event occured.  EventID: 0x00000010
            Time Generated: 02/09/2014   11:27:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 02/09/2014   11:36:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 02/09/2014   11:37:32
            Event String: A Kerberos Error Message was received:
         on logon session 
 Client Time: 
 Server Time: 1:37:32.0000 2/9/2014 Z
 Error Code: 0xd KDC_ERR_BADOPTION
 Extended Error: 0xc00000bb KLIN(0)
 Client Realm: 
 Client Name: 
 Server Realm: DOMAIN.COM.AU
 Server Name: host/server.domain.com.au
 Target Name:
host/server.domain.com.au@DOMAIN.COM.AU
 Error Text: 
 File: 9
 Line: b22
 Error Data is in record data. 
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 02/09/2014   11:47:24
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x80000003
            Time Generated: 02/09/2014   11:52:32
            Event String: A Kerberos Error Message was received:
         on logon session 
 Client Time: 
 Server Time: 1:52:32.0000 2/9/2014 Z
 Error Code: 0xd KDC_ERR_BADOPTION
 Extended Error: 0xc00000bb KLIN(0)
 Client Realm: 
 Client Name: 
 Server Realm: DOMAIN.COM.AU
 Server Name: host/server.domain.com.au
 Target Name:
host/server.domain.com.au@DOMAIN.COM.AU
 Error Text: 
 File: 9
 Line: b22
 Error Data is in record data. 
         ......................... SERVER failed test systemlog

Hi,

Here is an article below for troubleshooting Adprep.exe errors:

Troubleshooting Adprep Errors

http://social.technet.microsoft.com/wiki/contents/articles/1269.troubleshooting-adprep-errors.aspx

Are you using antivirus software on the schema master or infrastructure master holder (DC)?

If yes, please disable it before Adprep command completes.

Also, there is an Access Denied error, please make sure that you are using Schema Admin/Enterprise Admin account to perform these procedures.

Best Regards,

Amy Wang