Announcement

Collapse
No announcement yet.

Urgent Help Needed with DCPROMO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Urgent Help Needed with DCPROMO

    Hello all,

    I have a problem promoting a new server to become a dc. I only have one dc and it is slowly dying and I want to get AD off it and put on another server.

    The new server is on the domain and is looking at the correct DNS server.

    I am getting the following error during the Dcpromo setup.
    The operation failed because: Failed to modify the necessary properties for the machine account Server$
    "Access is denied. "Text

    I have also tried to delagate trust in AD but get a error saying the following error.

    "Your security settings do not allow you to specify whether or not this computer can be trusted for delegation"

    I have tired to check the the DC security policy and get a error about the path not being found for group policy. Access may be denied?

    Sorry about my first post being so long but I really need some help with this one.

    Thanks very much!

    Simon
    Last edited by Si_Pe; 13th June 2006, 13:08. Reason: Incorrect Title
    Kind Regards,
    Simon

  • #2
    Re: Urgent Help Needed with DCPROMO

    Si_Pe,

    Assuming you have administrative privilege on the domain try to check the time between the two servers.

    I prefer to disjoin the new server from the domain, in the preferred DNS put the IP of the existing DC and try to promote again.

    BR,

    Comment


    • #3
      Re: Urgent Help Needed with DCPROMO

      Thanks for your very quick response.

      On the dc that is slowly failing i have tried to go in to local domain security policy and its has come up with a permmisons error.

      Its seems that the administrator has no access? but everything else is running ok?

      Dciag comes back with the following:

      Domain Controller Diagnosis

      Performing initial setup:
      * Verifying that the local machine gardserv01, is a DC.
      * Connecting to directory service on server gardserv01.
      * Collecting site info.
      * Identifying all servers.
      * Found 1 DC(s). Testing 1 of them.
      Done gathering initial info.

      Doing initial required tests

      Testing server: Default-First-Site\GARDSERV01
      Starting test: Connectivity
      * Active Directory LDAP Services Check
      * Active Directory RPC Services Check
      ......................... GARDSERV01 passed test Connectivity

      Doing primary tests

      Testing server: Default-First-Site\GARDSERV01
      Starting test: Replications
      * Replications Check
      ......................... GARDSERV01 passed test Replications
      Starting test: Topology
      * Configuration Topology Integrity Check
      * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=GARDNET,DC=local.
      * Performing upstream (of target) analysis.
      * Performing downstream (of target) analysis.
      * Analyzing the connection topology for CN=Configuration,DC=GARDNET,DC=local.
      * Performing upstream (of target) analysis.
      * Performing downstream (of target) analysis.
      * Analyzing the connection topology for DC=GARDNET,DC=local.
      * Performing upstream (of target) analysis.
      * Performing downstream (of target) analysis.
      ......................... GARDSERV01 passed test Topology
      Starting test: CutoffServers
      * Configuration Topology Aliveness Check
      * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=GARDNET,DC=local.
      * Performing upstream (of target) analysis.
      * Performing downstream (of target) analysis.
      * Analyzing the alive system replication topology for CN=Configuration,DC=GARDNET,DC=local.
      * Performing upstream (of target) analysis.
      * Performing downstream (of target) analysis.
      * Analyzing the alive system replication topology for DC=GARDNET,DC=local.
      * Performing upstream (of target) analysis.
      * Performing downstream (of target) analysis.
      ......................... GARDSERV01 passed test CutoffServers
      Starting test: NCSecDesc
      * Security Permissions Check for
      CN=Schema,CN=Configuration,DC=GARDNET,DC=local
      * Security Permissions Check for
      CN=Configuration,DC=GARDNET,DC=local
      * Security Permissions Check for
      DC=GARDNET,DC=local
      ......................... GARDSERV01 passed test NCSecDesc
      Starting test: NetLogons
      * Network Logons Privileges Check
      ......................... GARDSERV01 passed test NetLogons
      Starting test: Advertising
      The DC GARDSERV01 is advertising itself as a DC and having a DS.
      The DC GARDSERV01 is advertising as an LDAP server
      The DC GARDSERV01 is advertising as having a writeable directory
      The DC GARDSERV01 is advertising as a Key Distribution Center
      The DC GARDSERV01 is advertising as a time server
      The DS GARDSERV01 is advertising as a GC.
      ......................... GARDSERV01 passed test Advertising
      Starting test: KnowsOfRoleHolders
      Role Schema Owner = CN=NTDS Settings,CN=GARDSERV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=GARDNET,DC=local
      Role Domain Owner = CN=NTDS Settings,CN=GARDSERV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=GARDNET,DC=local
      Role PDC Owner = CN=NTDS Settings,CN=GARDSERV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=GARDNET,DC=local
      Role Rid Owner = CN=NTDS Settings,CN=GARDSERV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=GARDNET,DC=local
      Role Infrastructure Update Owner = CN=NTDS Settings,CN=GARDSERV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=GARDNET,DC=local
      ......................... GARDSERV01 passed test KnowsOfRoleHolders
      Starting test: RidManager
      * Available RID Pool for the Domain is 1605 to 1073741823
      * gardserv01.GARDNET.local is the RID Master
      * DsBind with RID Master was successful
      * rIDAllocationPool is 1105 to 1604
      * rIDNextRID: 1158
      * rIDPreviousAllocationPool is 1105 to 1604
      ......................... GARDSERV01 passed test RidManager
      Starting test: MachineAccount
      * SPN found :LDAP/gardserv01.GARDNET.local/GARDNET.local
      * SPN found :LDAP/gardserv01.GARDNET.local
      * SPN found :LDAP/GARDSERV01
      * SPN found :LDAP/gardserv01.GARDNET.local/GARDNET
      * SPN found :LDAP/2b38c396-dd29-4336-8689-8caf719bb41e._msdcs.GARDNET.local
      * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/2b38c396-dd29-4336-8689-8caf719bb41e/GARDNET.local
      * SPN found :HOST/gardserv01.GARDNET.local/GARDNET.local
      * SPN found :HOST/gardserv01.GARDNET.local
      * SPN found :HOST/GARDSERV01
      * SPN found :HOST/gardserv01.GARDNET.local/GARDNET
      * SPN found :GC/gardserv01.GARDNET.local/GARDNET.local
      ......................... GARDSERV01 passed test MachineAccount
      Starting test: Services
      * Checking Service: Dnscache
      * Checking Service: NtFrs
      * Checking Service: IsmServ
      * Checking Service: kdc
      * Checking Service: SamSs
      * Checking Service: LanmanServer
      * Checking Service: LanmanWorkstation
      * Checking Service: RpcSs
      * Checking Service: RPCLOCATOR
      * Checking Service: w32time
      * Checking Service: TrkWks
      * Checking Service: TrkSvr
      * Checking Service: NETLOGON
      * Checking Service: Dnscache
      * Checking Service: NtFrs
      ......................... GARDSERV01 passed test Services
      Starting test: OutboundSecureChannels
      * The Outbound Secure Channels test
      ** Did not run Outbound Secure Channels test
      because /testdomain: was not entered
      ......................... GARDSERV01 passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
      GARDSERV01 is in domain DC=GARDNET,DC=local
      Checking for CN=GARDSERV01,OU=Domain Controllers,DC=GARDNET,DC=local in domain DC=GARDNET,DC=local on 1 servers
      Object is up-to-date on all servers.
      Checking for CN=NTDS Settings,CN=GARDSERV01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=GARDNET,DC=local in domain CN=Configuration,DC=GARDNET,DC=local on 1 servers
      Object is up-to-date on all servers.
      ......................... GARDSERV01 passed test ObjectsReplicated
      Starting test: frssysvol
      * The File Replication Service Event log test
      The SYSVOL has been shared, and the AD is no longer
      prevented from starting by the File Replication Service.
      ......................... GARDSERV01 passed test frssysvol
      Starting test: kccevent
      * The KCC Event log test
      Found no KCC errors in Directory Service Event log in the last 15 minutes.
      ......................... GARDSERV01 passed test kccevent
      Starting test: systemlog
      * The System Event log test
      An Error Event occured. EventID: 0xC0040009
      Time Generated: 06/12/2006 16:40:13
      Event String: The device, \Device\Ide\IdePort0, did not respond
      within the timeout period.
      ......................... GARDSERV01 failed test systemlog

      Running enterprise tests on : GARDNET.local
      Starting test: Intersite
      Skipping site Default-First-Site, this site is outside the scope
      provided by the command line arguments provided.
      ......................... GARDNET.local passed test Intersite
      Starting test: FsmoCheck
      GC Name: \\gardserv01.GARDNET.local
      Locator Flags: 0xe00001fd
      PDC Name: \\gardserv01.GARDNET.local
      Locator Flags: 0xe00001fd
      Time Server Name: \\gardserv01.GARDNET.local
      Locator Flags: 0xe00001fd
      Preferred Time Server Name: \\gardserv01.GARDNET.local
      Locator Flags: 0xe00001fd
      KDC Name: \\gardserv01.GARDNET.local
      Locator Flags: 0xe00001fd
      ......................... GARDNET.local passed test FsmoCheck

      Thanks for your help!
      Kind Regards,
      Simon

      Comment


      • #4
        Re: Urgent Help Needed with DCPROMO

        Sorry I noticed I haven't followed the posting rules correctly.

        I am running one domain controller using 2000 advance server.

        DCdiag has come back ok. I seem to be having problems when running a few snap in's on the Current dc with permission denied errors. I guess this is why I can't promote the new server as the administraor account is happy. I have tried to create a new account and give them the same permissons but that hasn't worked either.

        All help would be greatly appreciated!

        Thanks
        Kind Regards,
        Simon

        Comment


        • #5
          Re: Urgent Help Needed with DCPROMO

          Remove the new server from the domain (move to workgroup), delete it's computer account from the AD and run dcpromo again.

          The error you are getting is usually related to setting userAccountControl atrribute value of the new DC's computer account. Could be a result of GPO's applied to OU the computer account of the server was before running dcpromo.
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment

          Working...
          X