Announcement

Collapse
No announcement yet.

ADPREP Issues with W2k going to 2003 Server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ADPREP Issues with W2k going to 2003 Server

    Hi Guys,

    We are trying install Exchange 2010 but we know our AD has to be on 2003 or later Server. We tried to run ADPREP from Windows 2003 and got the following error

    [---cut---]
    Adprep attempts to merge the existing default security descriptors with the new
    access control entry (ACE).
    [User Action]
    Check the log file ADPrep.log in the C:\WINNT\debug\adprep\logs\20120312141730 d
    irectory for more information.
    Adprep encountered an LDAP error.
    Error code: 0x20. Server extended error code: 0x208d, Server error message: 0000
    208D: NameErr: DSID-031001BD, problem 2001 (NO_OBJECT), data 0, best match of:
    'CN=Schema,CN=Configuration,DC=mydomain,DC=com,DC= au'
    .

    Adprep was unable to update forest information.
    [Status/Consequence]
    Adprep requires access to existing forest-wide information from the schema maste
    r in order to complete this operation.
    [User Action]
    Check the log file, ADPrep.log, in the C:\WINNT\debug\adprep\logs\20120312141730
    directory for more information.
    [---cut---]

    After some googleing it was suggest to be security related from what we can see the rights are ok. We took away (demoted) our 2nd DC server (DC2) to see if that helped and it didn't.
    We created a new DC called DCNEW and then tried to promote it and got the following error

    [---cut---]
    The operation failed because:
    The Directory Service failed to replicate the partition CN=Schema,CN=Configuration,DC=mydomain,DC=com,DC=a u from remote server dc1.mydomain.com.au.
    "The replication system encountered an internal error. "
    [---cut---]


    Any one got any ideas/answers?

    Thanks in advance.
    Rgds
    Simon

  • #2
    Re: ADPREP Issues with W2k going to 2003 Server

    Where is your schema master???

    What does DCDIAG and netdiag show on your servers???

    Comment


    • #3
      Re: ADPREP Issues with W2k going to 2003 Server

      Schema is on DC1

      Here are the results from DCDIAG & NETDIA

      [---cut DCDIAG---]
      Domain Controller Diagnosis
      Performing initial setup:
      Done gathering initial info.
      Doing initial required tests

      Testing server: Default-First-Site-Name\DC1
      Starting test: Connectivity
      ......................... DC1 passed test Connectivity
      Doing primary tests

      Testing server: Default-First-Site-Name\DC1
      Starting test: Replications
      ......................... DC1 passed test Replications
      Starting test: NCSecDesc
      ......................... DC1 passed test NCSecDesc
      Starting test: NetLogons
      ......................... DC1 passed test NetLogons
      Starting test: Advertising
      ......................... DC1 passed test Advertising
      Starting test: KnowsOfRoleHolders
      ......................... DC1 passed test KnowsOfRoleHolders
      Starting test: RidManager
      ......................... DC1 passed test RidManager
      Starting test: MachineAccount
      ......................... DC1 passed test MachineAccount
      Starting test: Services
      ......................... DC1 passed test Services
      Starting test: ObjectsReplicated
      ......................... DC1 passed test ObjectsReplicated
      Starting test: frssysvol
      ......................... DC1 passed test frssysvol
      Starting test: kccevent
      ......................... DC1 passed test kccevent
      Starting test: systemlog
      ......................... DC1 passed test systemlog

      Running enterprise tests on : mydomain.com.au
      Starting test: Intersite
      ......................... mydomain.com.au passed test Intersite
      Starting test: FsmoCheck
      ......................... mydomain.com.au passed test FsmoCheck

      [---cut DCDIAG---]

      [---cut NETDIAG---]
      .....................................
      Computer Name: DC1
      DNS Host Name: dc1.mydomain.com.au
      System info : Windows 2000 Server (Build 2195)
      Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
      List of installed hotfixes :
      KB822343
      KB823182
      KB823559
      KB824105
      KB825119
      KB826232
      KB828035
      KB828749
      KB832353
      KB832359
      KB841356
      KB842773
      KB885836
      KB893756
      KB893803v2
      KB896358
      KB896422
      KB896423
      KB899587
      KB899589
      KB900725
      KB901017
      KB901214
      KB905414
      KB905749
      KB908531
      KB911564
      KB913580
      KB914388
      KB917008
      KB918118
      KB920213
      KB920670
      KB920683
      KB921398
      KB923191
      KB923980
      KB924270
      KB924667
      KB925398_WMP64
      KB925902
      KB926436
      KB927891
      KB928843
      KB935839
      KB937894
      KB938127-IE501SP4-20070626.120000
      KB938827
      KB943055
      KB943485
      KB944338
      KB950749
      KB950974
      KB951748-V2
      KB952004
      KB952954
      KB954600_WM41
      KB955759
      KB956802
      KB956844
      KB957097
      KB958644
      KB959426
      KB960225
      KB960803
      KB960859
      KB961063
      KB961501
      KB967715
      KB969059
      KB969947
      KB970238
      KB971468
      KB971961
      KB972260-IE501SP4-20090722.120000
      KB972270
      KB973037
      KB973507
      KB973869
      KB973904
      KB974112_WM41
      KB974318
      KB974392
      KB974571
      KB974783
      KB975560
      KB975713
      KB977290
      KB977816_WM9
      KB977914
      KB978037
      KB978542-OE55SP2-20100202.120000
      KB978601
      KB979309
      KB979482
      KB979683
      KB980218
      KB980232
      KB981350
      Q147222
      Update Rollup 1

      Netcard queries test . . . . . . . : Passed

      Per interface results:
      Adapter : Local Area Connection
      Netcard queries test . . . : Passed
      Host Name. . . . . . . . . : dc1
      IP Address . . . . . . . . : 192.168.5.19
      Subnet Mask. . . . . . . . : 255.255.255.0
      Default Gateway. . . . . . : 192.168.5.14
      Dns Servers. . . . . . . . : 192.168.5.19

      AutoConfiguration results. . . . . . : Passed
      Default gateway test . . . : Passed
      NetBT name test. . . . . . : Passed
      WINS service test. . . . . : Skipped
      There are no WINS servers configured for this interface.

      Global results:

      Domain membership test . . . . . . : Passed

      NetBT transports test. . . . . . . : Passed
      List of NetBt transports currently configured:
      NetBT_Tcpip_{598332FA-E254-467A-BE03-3E5A96F2A674}
      1 NetBt transport currently configured.

      Autonet address test . . . . . . . : Passed

      IP loopback ping test. . . . . . . : Passed

      Default gateway test . . . . . . . : Passed

      NetBT name test. . . . . . . . . . : Passed

      Winsock test . . . . . . . . . . . : Passed

      DNS test . . . . . . . . . . . . . : Passed
      PASS - All the DNS entries for DC are registered on DNS server '192.168.5.19' and other DCs also have some of the names registered.

      Redir and Browser test . . . . . . : Passed
      List of NetBt transports currently bound to the Redir
      NetBT_Tcpip_{598332FA-E254-467A-BE03-3E5A96F2A674}
      The redir is bound to 1 NetBt transport.
      List of NetBt transports currently bound to the browser
      NetBT_Tcpip_{598332FA-E254-467A-BE03-3E5A96F2A674}
      The browser is bound to 1 NetBt transport.

      DC discovery test. . . . . . . . . : Passed

      DC list test . . . . . . . . . . . : Passed

      Trust relationship test. . . . . . : Skipped

      Kerberos test. . . . . . . . . . . : Passed

      LDAP test. . . . . . . . . . . . . : Passed

      Bindings test. . . . . . . . . . . : Passed

      WAN configuration test . . . . . . : Skipped
      No active remote access connections.

      Modem diagnostics test . . . . . . : Passed
      IP Security test . . . . . . . . . : Passed
      IPSec policy service is active, but no policy is assigned.

      The command completed successfully
      [---cut NETDIAG---]

      Comment


      • #4
        Re: ADPREP Issues with W2k going to 2003 Server

        are you runing adprep as a user that has schemaadmin permissions?
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: ADPREP Issues with W2k going to 2003 Server

          Hi

          I'm logged on as the Domain Administrator

          Comment


          • #6
            Re: ADPREP Issues with W2k going to 2003 Server

            Yes but does your Domain Admin have Enterprise Admin rights???

            Comment


            • #7
              Re: ADPREP Issues with W2k going to 2003 Server

              Hi


              Just checked the Administrator Account and yes it belongs to Enterprise Admins

              Comment


              • #8
                Re: ADPREP Issues with W2k going to 2003 Server

                can you do a metadata cleanup, and see if there's any stale data floating around pls ?
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment


                • #9
                  Re: ADPREP Issues with W2k going to 2003 Server

                  Which server is your infrastructure master???

                  Comment


                  • #10
                    Re: ADPREP Issues with W2k going to 2003 Server

                    Yes the metadata cleanup shows only 1 server and the it's dc1


                    re: infrastructure master yes it is.

                    Comment


                    • #11
                      Re: ADPREP Issues with W2k going to 2003 Server

                      Hi guys,
                      I find some stuff on turning on logging to event log when doing a DCPROMO here is the entry in the event log

                      note: the OID.2.5.4.67=ms-Exch-Additional-DN-Map,CN=Schema,CN=Configuration,DC=mydoamin,DC=com, DC=au others via ADSIEDIT shows cn=ms-.......

                      Any ideas ?
                      Cheers

                      [---cut---]
                      Replication error: The directory replication agent (DRA) couldn't update object OID.2.5.4.67=ms-Exch-Additional-DN-Map,CN=Schema,CN=Configuration,DC=mydoamin,DC=com, DC=au (GUID 10bc2487-e078-4cbe-8a55-1453755bf73f) on this system with changes which have been received from source server dc1.mydoamin.com.au. An error occurred during the application of the changes to the directory database on this system.

                      The error message is:
                      The replication system encountered an internal error.

                      The directory will try to update the object later on the next replication cycle. Synchronization of this server with the source is effectively blocked until the update problem is corrected.
                      If this condition appears to be related to a resource shortage, please stop and restart this Windows Domain Controller.
                      If this condition is an internal error, a database error, or an object relationship or constraint error, manual intervention will be required to correct the database and allow the update to proceed. It is valuable to note that the problem is caused by the fact that the change on the remote system cannot be applied locally. Manually updating the objects on the local system in not recommended. Instead, on the source system (which has the changes already), try to reverse or back out the change. Then, on the next replication cycle, observe whether the change can now be applied locally.
                      The record data is the status code.

                      [---cut---]

                      Comment


                      • #12
                        Re: ADPREP Issues with W2k going to 2003 Server

                        Have you had an exchange server on your DC at one point???

                        Comment


                        • #13
                          Re: ADPREP Issues with W2k going to 2003 Server

                          dc1 has always been just a DC
                          dc2 has been a DC & Exchange (ver 5.5)

                          dc2 recently had the AD removed

                          Comment


                          • #14
                            Re: ADPREP Issues with W2k going to 2003 Server

                            Originally posted by sgronow View Post
                            dc1 has always been just a DC
                            dc2 has been a DC & Exchange (ver 5.5)

                            dc2 recently had the AD removed
                            That could be your problem. Installing exchange on a DC is generally frowned upon.

                            Have you checked and cleaned up your metadata???

                            http://www.petri.com/fix_unsuccessful_demotion.htm

                            Is exchange still used in your org???

                            http://support.microsoft.com/kb/822450

                            Comment


                            • #15
                              Re: ADPREP Issues with W2k going to 2003 Server

                              Hi


                              yes a metadata clean up has been done.

                              Yes exchange 5.5 is still running. If removing Exchange 5.5 help clean up the AD?

                              Comment

                              Working...
                              X