2012 Domain Prep fails in root domain

Similar Messages

• Exchange 2013 Domain Prep Fails: Setup /prepareschema, setup /PrepareAD, Setup /PrepareDomain

  Whenever I try to prep for a 2013 exchange install I always get:
  "earlier versions of the server roles that are installed were detected"
  whenever I try to run Setup /prepareschema OR setup /PrepareAD OR Setup /PrepareDomain
  I am working on a Server 2012 standard machine with Exchange 2010 currently installed. This server is a DC (bad I know), DNS, DHCP.
  I am trying to prep the domain so that I can install Exchange 2013 on a VM and eventually remove Exchange 2010 from the organization altogether.
  There are no other domain controlelrs in the domain. The domain started life as a SBS 2003 machine which was demoted and removed once the server 2012 box was up with exchange 2010 running.
  Any help would be greatly appreciated.
  Here is some info that may help:
  1. PrePare Schema
  Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
  Ran setup /PrepareSchema
  This command should perform the following tasks:
  A: Connects to the schema master and imports LDAP Data Interchange Format (LDIF) files to update the schema with 
  Exchange 2013 specific attributes. The LDIF files are copied to the Temp directory and then deleted after they are imported 
  into the schema.
  B: Sets the schema version (ms-Exch-Schema-Verision-Pt) to a Exchange 2013 value.
  This command fails with: Earlier versions of server roles that were installed were detected.
  First I confirmed that administrator account for domain is a member of schema admins and enterprise admins.
  Next I ran asdiedit.
  I navigated to: "CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,DC=BDA,DC=LAN"
  and reviewed the current "rangeUpper" attribute.
  The ms-Exch-Schema-Verision-Pt is not updated to CU3 range Upper setting.
  The current range upper 14734 which means its still at Exchange 2010 SP3 settings. 
  In short, updaing the schema fails.
  2. Prepare Active Directory
  Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
  setup /PrepareAD [/OrganizationName:<organization name>]
  This command fails with: Earlier versions of server roles that were installed were detected.
  schema update version 56
  I began reviewing the long, long list of the following containers and objects under
   CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
  which are required for Exchange 2013:
  missing cn=Auth Configuration
  missing CN=ExchangeAssistance
  missing CN=Monitoring Settings
  missing CN=Monitoring Settings
  missing CN=Monitoring Settings
  missing CN=Workload Management Settings
  Checked Management role groups within the Microsoft Exchange Security Groups OU
  missing Compliance Management group  --- Manually created this entry
  Step 3 Prepare Domain:
  Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
  Ran setup /PrepareDomain
  This command fails with: Earlier versions of server roles that were installed were detected.
  confirmed the following:
  ObjectVersion property fails as it is still set to Echange 2010 sp3 -  13040
  You have a new global group in the Microsoft Exchange System Objects container called Exchange Install Domain Servers-DONE
  The Exchange Install Domain Servers group is a member of the Exchange Servers USG in the root domain.-DONE
  On each domain controller in a domain in which you will install Exchange 2013, the Exchange Servers USG has permissions 
  on the Domain Controller Security Policy\Local Policies\User Rights Assignment\Manage Auditing and Security Log policy.-DONE
  Thanks.

  Whenever I try to prep for a 2013 exchange install I always get:
  "earlier versions of the server roles that are installed were detected"
  Hi,
  That tells us that you are trying to run the prep on your combined DC and Exchange 2010 Server - That will not work. Run it on the Server where you plan to install Exchange 2013.
  It is not mandatory to run this before the actuall Exchange install - It will run automatically for you, if it hasn't been done already and if you are logged on with an account with the proper permissions.
  Martina Miskovic

• Weblogic domain creation fails with "The domain location must have write permission."

  Hi
  I am trying to install and setup weblogic in Linux RHEL 5.4
  so I can test webservices . This is what i have done
  WLS Zip Distribution for Oracle WebLogic Server 12.1.1.0 - downloaded & installed.
  Followed the steps in README.
  - extract contents of tar, setup home, run installation-configuration script, setup wls environment
  Step 5:
  Create a new WLS domain and start WLS.  It is recommended that you create domains outside the MW_HOME.
       $ mkdir /home/myhome/mydomain
      $ cd /home/myhome/mydomain
      $ $JAVA_HOME/bin/java $JAVA_OPTIONS -Xmx1024m -XX:MaxPermSize=128m weblogic.Server
  -> returns the below error
  $JAVA_HOME/bin/java $JAVA_OPTIONS -Xmx1024m -XX:MaxPermSize=128m weblogic.Server  -Dweblogic.security.allowCryptoJDefaultJCEVerification=true
  <Jun 25, 2013 3:39:57 PM EDT> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
  <Jun 25, 2013 3:39:57 PM EDT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
  <Jun 25, 2013 3:39:58 PM EDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 23.21-b01 from Oracle Corporation.>
  /apps/Informatica/tdwdomain/config not found
  No config.xml was found.
  Would you like the server to create a default configuration and boot? (y/n): y
  <Jun 25, 2013 3:40:03 PM EDT> <Info> <Management> <BEA-140013> </apps/Informatica/tdwdomain/config not found>
  <Jun 25, 2013 3:40:03 PM EDT> <Info> <Security> <BEA-090065> <Getting boot identity from user.>
  Enter username to boot WebLogic server:admin  Enter password to boot WebLogic server:admin123
  For confirmation, please re-enter password required to boot WebLogic server:admin123
  <Jun 25, 2013 3:40:13 PM EDT> <Info> <Management> <BEA-141254> <Generating new domain directory in /apps/Informatica/tdwdomain.>
  <Jun 25, 2013 3:40:17 PM EDT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
  There are 1 nested errors:
  weblogic.management.ManagementException: Failure during domain creation
          at weblogic.management.internal.DomainGenerator.generateDefaultDomain(DomainGenerator.java:119)
          at weblogic.management.internal.DomainDirectoryService.start(DomainDirectoryService.java:82)
          at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:461)
          at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:166)
          at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:883)
          at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:570)
          at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:469)
          at weblogic.Server.main(Server.java:74)
  Caused by: com.oracle.cie.domain.script.ScriptException: The domain location must have write permission.
          at com.oracle.cie.domain.script.ScriptExecutor.writeDomain(ScriptExecutor.java:757)
          at com.oracle.cie.domain.script.ScriptParserClassic$StateMachine.processWrite(ScriptParserClassic.java:573)
          at com.oracle.cie.domain.script.ScriptParserClassic$StateMachine.execute(ScriptParserClassic.java:429)
          at com.oracle.cie.domain.script.ScriptParserClassic.parseAndRun(ScriptParserClassic.java:148)
          at com.oracle.cie.domain.script.ScriptParserClassic.doExecute(ScriptParserClassic.java:110)
          at com.oracle.cie.domain.script.ScriptParser.execute(ScriptParser.java:72)
          at com.oracle.cie.domain.DomainInfoHelper.executeSilentScript(DomainInfoHelper.java:854)
          at com.oracle.cie.domain.DomainInfoHelper.createDefaultDomain(DomainInfoHelper.java:1775)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          at java.lang.reflect.Method.invoke(Method.java:601)
          at weblogic.management.internal.CIEDomainGenerator.generateDefaultDomain(CIEDomainGenerator.java:62)
          at weblogic.management.internal.DomainGenerator.generateDefaultDomain(DomainGenerator.java:114)
       <Jun 25, 2013 3:40:17 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED.>
  <Jun 25, 2013 3:40:17 PM EDT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down.>
  <Jun 25, 2013 3:40:17 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.>
  - Any help appreciated.
  Thanks

  hi,
  the binaries available for download are all packaged with 32bit JVM. Please have a look at the link below
  WebLogic Server 12c (12.1.1), WebLogic Server 11g (10.3.6) and Previous Releases
  It also has binaries for linux available. I am quoting from the site verbatim for your reference:
  The following provides links to WebLogic Server 12.1.1 installers with 32-bit JVMs for Windows and
  Linux, the generic installer that can be used on any supported platform, and the zip distribution. The
  generic installer and the zip distribution do not include a JVM/JDK. For instructions on using the
  generic installer, see this document.
  In case you want to use your own latest version of JDK which can be a 32/64 bit version, you need to use the generic installer.
  The error which you are getting is due to permissions. Make sure you have a dedicated user for installing weblogic and the necessary permissions are granted to the user(linux) to the installation directories. May be the script is trying to install java at a particular location on your machine and failing. Hence the above error is displayed.
  Please have a look at the docs, you will find steps for weblogic installation on linux.
  Thanks,
  Souvik.

• Broken root domain without a valid backup. Any chance to get it back to work properly ?

  Hi guys,
  i came across the following issue:
  Imagine a standard enterprise environment with a forest. The root domain is called contoso.com and there is a subdomain called company.contoso.com. There are also subdomains of company.contoso.com, but they are not important for the problem description.
  The functional level of the forest is Windows 2003-interim & the domain level of the root domain is Windows 2003, as is the domain level of all subdomains. All Domain Controllers are Windows 2003 SP2.
  There have been people in the environment with too many rights, that used to promote DCs and then also just decommission them without properly demoting them. This left several unreachable domain controllers in both the root domain & the subdomain.
  I cleared all those DCs that are no longer available, which made company.contoso.com stable and reliable. All DCs within the subdomain are properly talking to each other and replicating fine.
  Then i discovered the main issue here. The replication in the root domain is broken. The is only one domain controller left in the root domain, nevertheless the server is suffering from USN rollback. Digging deeper i found out that the domain controllers
  have been virtualized years ago, but no one ever cared about the root domain. So i found out that replication stopped in 2006 when obv. the last healthy domain controller was removed from the root domain.
  So i have basically a crippled root domain with a crippled domain controller. I am not able to set the forest level to 2003 native, as the domain controller says that the domain contoso.com is still Windows 2000. This is not correct, i have checked msDS-Behaviour-Version
  and nTMixedDomain. They are properly set to 2 & 0.
  My idea was to introduce a new installed 2003 server and promote it to a DC. Then get rid of the broken one. Unfortunately the broken DC is not replicating. Due to USN rollback the netlogon service goes constantly to paused state & of course both inbound
  & outbound replication are disabled. Even when i reenable the replication it is just a matter of seconds before they get disabled again. I also tried to introduce a new 2012R2 DC, but that fails of course due to the forest level not beeing 2003.
  So i am a little stuck here. Any thoughts about how to continue to troubleshoot ?
  I have a final idea:
  Install a new forest with the same name contoso.com and set up a trust with company.contoso.com.
  The question would be, how can i convince company.contoso.com that the new installed forest and domain are its parent ?

  > Install a new forest with the same name contoso.com and set up a trust
  > with company.contoso.com.
  > The question would be, how can i convince company.contoso.com that the
  > new installed forest and domain are its parent ?
  You cannot. Sad, but true. If the forest root domain is dead, the forest
  is dead. In addition, you have no Naming Master and no Schema Master
  FSMOs. The only reliable solution is creating a new forest and new
  subdomains, then migrating all objects...
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Migrate Users from a child domain to a root domain in different forest

  Hello,
  it supported to migrate users from child source doman to target root domain?
  I established a trust, but i don't see child domain at ADMT installed on target domain DC. Source root domain is visible

  You should not be needed to establish a trust as all domains within the same forest already trust each other - are you sure those domains belong to the same forest? You can find out using the following command:
  nltest /DOMAIN_TRUSTS
  If ADMT dosen't show a partiuclar domain in the dropdown list, you can/have to type the domain name manually.
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• How to change the root domain name in window 2012 server

  Got a window 2012 server build up. My root domain name looks something like corp.marketing   Well I seems to have missed to add the last .com or .local.  How do I add the .com to my existing root domain name please. The server is new, will
  go online in few days time. Thanks for all the help.

  I have a similar question and not sure if this is the right place. I had set a server with corp.brighterworld.com but the install wizard anywhere access had me believe that microsoft's strongly preferred domain name prefix was remote.brighterworld.com so
  I contacted GoDaddy and had it reissued as remote. but when I went to reconfigure for the new name. I had already set the server for being a CA, and in that process it issued like 4 or 5 certificates. So I had tried to rebuild the machine from scratch, but
  the it didn't wipe everything, but rather saved previous state which left the old certificate stuff to be dealt with. Any hints or help out here for us having to learn this stuff the hard way?
  Thanks,
  Mark Saxton

• Cannot connect to SERVER. Login failed for user 'DOMAIN\user'. (Microsoft SQL Server, Error 18456) - SQL Server 2012 on Windows Server 2008 R2

  I've seen multiple blogs and forums with similar problems and SQL 2012 or 2008. But no solutions that work for me.
  I have installed SQL Server in mixed mode (SQL and Windows authentication). I can create new Login accounts in either mode. However, I cannot get an AD security group Login account to work. I am trying to add group 'DOMAIN\Domain Admins' or 'SERVER\Administrators'
  as a Login so that any of the domain's administrator accounts can open SQL Server Management Studio and act as an 'sa' account on this server.
  I have deleted the SQL account 'DOMAIN\Domain Admins'.
  I have restarted SQL.
  I have restarted the Win2K8r2 server.
  I have launched SSMS as Administrator from the desktop of SERVER.
  I have launched SSMS as another user (and used 'DOMAIN\user' to lauch it) from the desktop of SERVER.
  I can create a login account named 'DOMAIN\user' (who happens to be a member of the 'DOMAIN\Domain Admins' group) and give this account 'sa' security, and when I do that, this account works as expected...
  How do I add a security group as a Login account and give all members of that group the ability to be an 'sa' account?

  Hi geoperkins,
  Are you getting the following error message?
  Error: 18456, Severity: 14, State: 11
  Login failed for user <Domain\user>. Reason: Token-based server access validation failed with an infrastructure error.
  If that is the case, the issue could be due to that the Windows login has no profile or that permissions could not be checked due to UAC. Please disable UAC firstly and check if it is successful to log in SQL Server.
  Another reason could be that the domain controller could not be reached. You may need to resort to re-creating the login. Create a new group in AD, add users to the new group, then add the group to the local admin group and create login for the group in SQL
  Server.
  There is a connect item describing similar issue for your reference.
  https://connect.microsoft.com/SQLServer/feedback/details/680705/cant-login-to-sql-using-windows-authentication-when-user-is-in-a-domain-security-group
  For more details about above error, please review the following blog.
  http://sqlblogcasts.com/blogs/simons/archive/2011/02/01/solution-login-failed-for-user-x-reason-token-based-server-access-validation-failed-and-error-18456.aspx
  Thanks,
  Lydia Zhang
  Lydia Zhang
  TechNet Community Support

• Windows 2012 Domain Controller: Failed to open the runspace pool. The Server Manager WinRM plug-in might be corrupted or missing

  Hi all,
  We have been battling a problem for the last couple of days when we try to add the first windows server 2012 DC to an already existing Domain.
  The Server installation goes smoothly and we can add the computer to the domain and its all green.
  After we promote the server to a domain controller the WinRM service starts acting up (not responding anymore).
  The server manager console shows Remote Management as disabled, and when we try to enable it via the console or Powershell it freezes up.
  The AD DS part of the console is saying that there are post-promotion tasks that need to be completed but once we click on the task it takes us to the promotion wizard again, that basically complains that: Failed to open the runspace pool. The Server Manager
  WinRM plug-in might be corrupted or missing.
  In the Remote Management Event log we see the following entry: "The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)" Event ID 138
  We are unable to do anything with the server (demote, add roles, remotely manage...). We tryed the following already:
  1. Recreate from scratch
  2. Checking the GPOs to see if there is anything setup about RM -> came up with nothing
  We just ran out of ideas so HELP PLEASE !
  BR
  Tomaz Praprotnik

  Hi Cicely,
  Yes the error from the Windows Remote Management event log contains (I took out the User and FQDN of the Computer):
  Log Name:      Microsoft-Windows-WinRM/Operational
  Source:        Microsoft-Windows-WinRM
  Date:          3/29/2013 1:38:53 PM
  Event ID:      138
  Task Category: Response handling
  Level:         Error
  Keywords:      Client
  User:         
  Computer:     
  Description:
  The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
      <EventID>138</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>10</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000002</Keywords>
      <TimeCreated SystemTime="2013-03-29T12:38:53.786357100Z" />
      <EventRecordID>6876</EventRecordID>
      <Correlation ActivityID="{18FCFBD2-2B38-0003-D261-FD18382BCE01}" />
      <Execution ProcessID="1084" ThreadID="2924" />
      <Channel>Microsoft-Windows-WinRM/Operational</Channel>
      <Computer></Computer>
      <Security UserID="" />
    </System>
    <EventData>
    </EventData>
  </Event>
  There is also another entry that sometimes comes up:
  Log Name:      Microsoft-Windows-WinRM/Operational
  Source:        Microsoft-Windows-WinRM
  Date:          3/29/2013 1:36:34 PM
  Event ID:      142
  Task Category: Response handling
  Level:         Error
  Keywords:      Client
  User:         
  Computer:     
  Description:
  WSMan operation Invoke failed, error code 2150859046
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
      <EventID>142</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>10</Task>
      <Opcode>2</Opcode>
      <Keywords>0x4000000000000002</Keywords>
      <TimeCreated SystemTime="2013-03-29T12:36:34.076973400Z" />
      <EventRecordID>6869</EventRecordID>
      <Correlation ActivityID="{18FCFBD2-2B38-0001-F328-FD18382BCE01}" />
      <Execution ProcessID="4888" ThreadID="4392" />
      <Channel>Microsoft-Windows-WinRM/Operational</Channel>
      <Computer></Computer>
      <Security UserID="" />
    </System>
    <EventData>
      <Data Name="operationName">Invoke</Data>
      <Data Name="errorCode">2150859046</Data>
    </EventData>
  </Event>
  Best regards
  Tomaz Praprotnik

• SCCM 2012 in child domain unable to publish to root domain

  I have an sccm 2012 (no sp) in a child domain (am.corp) and have given the sccm server computer object full control of the system management folder in ADSI on the root domain (corp.local) but continue to get the error in the Active Directory Forests portion
  of the console that I have insufficient access rights to publish to the root domain (corp.local).
  I have sccm management distribution points in the other child domains of the root.
  Any suggestions on how to get this to stop erroring.

  The discovery log tells me it's found 27 sites and 166 subnets. It has problems identifying the forest of some of the other SCCM servers but doesn't give any warning or error (that I see) about publishing.
  See below: (truncated so it fits)
  SMS_EXECUTIVE started SMS_AD_FOREST_DISCOVERY_MANAGER
  as thread ID 3996 (0xF9C).  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:34.311+240><thread=2924 (0xB6C)>
  =========================================================== 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:34.321+240><thread=3996 (0xF9C)>
  Beginning Active Directory Forest Discovery Manager  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:34.321+240><thread=3996 (0xF9C)>
  Entering function ThreadMain()  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:34.321+240><thread=3996 (0xF9C)>
  Entering function CActiveDirectoryForestDiscovery::Initialize() 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:34.321+240><thread=3996 (0xF9C)>
  Component SMS_AD_FOREST_DISCOVERY_MANAGER
  is marked active.~  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:34.333+240><thread=3996 (0xF9C)>
  Log verbosity level = 0~  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:34.346+240><thread=3996 (0xF9C)>
  Entering function CActiveDirectoryForestDiscovery::Process() 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:34.346+240><thread=3996 (0xF9C)>
  Entering function CActiveDirectoryForestDiscovery::ShouldRun() 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:34.346+240><thread=3996 (0xF9C)>
  Entering function CActiveDirectoryForestDiscovery::CheckIfRunCountValueChanged() 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:34.346+240><thread=3996 (0xF9C)>
  Admin requested to run discovery now.  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:34.346+240><thread=3996 (0xF9C)>
  Entering function ReportForestDiscoverySuccessStatusMessage() 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:39.018+240><thread=3996 (0xF9C)>
  Raising discovery success status message for forest corp.acme.com,
  in which we discovered 27 site(s) and 166 subnet(s).~  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:39.018+240><thread=3996 (0xF9C)>
  Calling ReportStatus, keys= SMS_AD_FOREST_DISCOVERY_MANAGER,
  1073750724, 0~  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:39.018+240><thread=3996 (0xF9C)>
  STATMSG: ID=8900 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AD_FOREST_DISCOVERY_MANAGER"
  SYS=SCCMADMPRGL01.am.corp.acme.comSITE=GDC
  PID=2524 TID=3996 GMTDATE=Wed Mar 20 15:43:39.018 2013 ISTR0="corp.acme.com"
  ISTR1="" ISTR2="" ISTR3="" ISTR4="166" ISTR5="27" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:39.018+240><thread=3996 (0xF9C)>
  Entering function CActiveDirectoryForestDiscovery::UpdateForestNamesForAllSiteSystems() 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:39.496+240><thread=3996 (0xF9C)>
  Trying to update forest fqdn for all site systems associated with site GDC  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:39.500+240><thread=3996 (0xF9C)>
  Entering function CActiveDirectoryForestDiscovery::UpdateForestNamesForSiteSystems() 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:39.500+240><thread=3996 (0xF9C)>
  Entering function CActiveDirectoryForestDiscovery::GetForestName() 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:39.543+240><thread=3996 (0xF9C)>
  ~Trying to discover forest name for server MSPRNPRTW01.au.corp.acme.com. 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:39.543+240><thread=3996 (0xF9C)>
  Server MSPRNPRTW01.au.corp.acme.com belongs
  to forest corp.acme.com.~  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:41.037+240><thread=3996 (0xF9C)>
  Entering function CActiveDirectoryForestDiscovery::GetForestName() 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:42.756+240><thread=3996 (0xF9C)>
  ~Trying to discover forest name for server SCCMADMPRGL01.am.corp.acme.com. 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:42.757+240><thread=3996 (0xF9C)>
  Server SCCMADMPRGL01.am.corp.acme.com belongs
  to forest corp.acme.com.~  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:42.757+240><thread=3996 (0xF9C)>
  Entering function CActiveDirectoryForestDiscovery::GetForestName() 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:42.815+240><thread=3996 (0xF9C)>
  ~Trying to discover forest name for server SCCMDPPRAP01.au.corp.acme.com. 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:42.815+240><thread=3996 (0xF9C)>
  Server SCCMDPPRAP01.au.corp.acme.com belongs
  to forest corp.acme.com.~  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:43.689+240><thread=3996 (0xF9C)>
  Entering function CActiveDirectoryForestDiscovery::GetForestName() 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:43.756+240><thread=3996 (0xF9C)>
  ~Trying to discover forest name for server SCCMDPPRAU01.au.corp.acme.com. 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:43.757+240><thread=3996 (0xF9C)>
  Server SCCMDPPRAU01.au.corp.acme.com belongs
  to forest corp.acme.com.~  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:45.040+240><thread=3996 
  (0xF9C)>
  Finishing Active Directory Forest Discovery Manager thread.  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:57.044+240><thread=3996 (0xF9C)>
  =========================================================== 
  $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
  11:43:57.044+240><thread=3996 (0xF9C)>

• SCCM 2012 root domain client management from child domain

  Hi All,
  We have SCCM 2012 environment in Child domain and we would like to manage the root domain clients as well. we are using https mode. What all configuration do we need to make for root domain clients to monitor successfully from child domain.  
  Is it mandatory to create System Management container for the Root domain? if yes what all permission i need to give for that System Management container. 
  Do we need to enable Active directory forest discovery?
  Regards,
  Bhaskar K

  No, you do not need to create the System Management container or publish info into it and no you do not need to enable forest discovery.
  ConfigMgr ultimately does not care about AD. AD can be used by clients to help them locate services and configure themselves, but this can also be accomplished in other ways in ConfigMgr.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Server 2012 std not able to see Domain, DC and DNS on Win SBS 2008 std Domain

  Hi There
  I have a HP ML 110 G5 SBS 2008 std server as my DC on my network. I recently added a HP Microserver running Server 2012 std (with no roles or features installed) to act solely as a file server for a 3rd party program as the program was not running efficiently
  on the main server.
  The problem I am having now is that the 2012 server keeps falling off the domain and cannot contact DNS server. I have also had to re-enable remote desktop several times. It also shows the 2012 Server as being on a private firewall profile and not on the
  domain firewall profile but I suspect that this is part of the same problem. 
  the resulting problem that this is causing is that the local machines that need to contact an SQL database on the 2012 fileserver intermittently either time out or are very slow to connect.  
  So far I have tried: 
  Switching from Static IP to DHCP. 
  Re-adding the server to the domain. 
  Stopping and restarting DNS services on the DC.
  Checking physical Network connections and routing.
  Putting the 2012 server into the same Organizational Unit as the 2008 DC. 
  Has anyone else encountered this problem when adding a 2012 server to a 2008 domain?  I have a feeling that the solution is probably something simple that I've overlooked, but I can't think what.  Any help would be greatly appreciated. 
  Regards
  Russ
  Also, as some additional info -
  Event viewer gives the following errors:
  Group Policy Error:
  Log Name:      System
  Source:        Microsoft-Windows-GroupPolicy
  Date:          2015-04-27 01:17:51 PM
  Event ID:      1129
  Task Category: None
  Level:         Error
  Keywords:      
  User:          SYSTEM
  Computer:      [SERVERNAME].[DOMAIN].local
  Description:
  The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has
  successfully processed. If you do not see a success message for several hours, then contact your administrator.
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
  <EventID>1129</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8000000000000000</Keywords>
  <TimeCreated SystemTime="2015-04-27T11:17:51.111942100Z" />
  <EventRecordID>19056</EventRecordID>
  <Correlation ActivityID="{C0CBAF2B-1E93-49C0-B910-069AE43F74B2}" />
  <Execution ProcessID="732" ThreadID="1336" />
  <Channel>System</Channel>
  <Computer>[SERVERNAME].[DOMAIN].local</Computer>
  <Security UserID="S-1-5-18" />
  </System>
  <EventData>
  <Data Name="SupportInfo1">1</Data>
  <Data Name="SupportInfo2">1548</Data>
  <Data Name="ProcessingMode">0</Data>
  <Data Name="ProcessingTimeInMilliseconds">0</Data>
  <Data Name="ErrorCode">1222</Data>
  <Data Name="ErrorDescription">The network is not present or not started. </Data>
  </EventData>
  </Event>
  DNS Error:
  Log Name:      System
  Source:        Microsoft-Windows-DNS-Client
  Date:          2015-04-27 04:54:58 PM
  Event ID:      8015
  Task Category: (1028)
  Level:         Warning
  Keywords:      
  User:          NETWORK SERVICE
  Computer:      [SERVERNAME].[DOMAIN].local
  Description:
  The system failed to register host (A or AAAA) resource records (RRs) for network adapter with settings:
             Adapter Name : {3DDD0E46-D879-48C0-9DF6-5FAC0F1A56C4}
             Host Name : [SERVERNAME]
             Primary Domain Suffix : [DOMAIN].local
             DNS server list :
  192.168.2.10
             Sent update to server : <?>
             IP Address(es) :
               192.168.2.15
  The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running
  at this time. You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
  <EventID>8015</EventID>
  <Version>0</Version>
  <Level>3</Level>
  <Task>1028</Task>
  <Opcode>0</Opcode>
  <Keywords>0x4000000000000000</Keywords>
  <TimeCreated SystemTime="2015-04-27T14:54:58.599130300Z" />
  <EventRecordID>19105</EventRecordID>
  <Correlation />
  <Execution ProcessID="856" ThreadID="952" />
  <Channel>System</Channel>
  <Computer>[SERVERNAME].[DOMAIN].local</Computer>
  <Security UserID="S-1-5-20" />
  </System>
  <EventData>
  <Data Name="AdapterName">{3DDD0E46-D879-48C0-9DF6-5FAC0F1A56C4}</Data>
  <Data Name="HostName">[SERVERNAME]</Data>
  <Data Name="AdapterSuffixName">[DOMAIN].local</Data>
  <Data Name="DnsServerList"> 192.168.2.10</Data>
  <Data Name="Sent UpdateServer">&lt;?&gt;</Data>
  <Data Name="Ipaddress">192.168.2.15</Data>
  <Data Name="ErrorCode">1460</Data>
  </EventData>
  </Event>

  Can you post an ipconfig /all from the server and the DC?
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• DFS Replication failed to contact Domain Controller.....

  I have seen this error since the inception of this stand alone AD PDC instance of Windows server 2012 R2 Essentials. I understand that Essentials does not support other Domain Controllers ; Member servers ; or trust between Domains of any kind. I also
  understand that DSF Replication is a service that replicates files between other servers and other domain servers that Essentials dose not want to talk to.
  So my question is why am I seeing this DFSR error 1202  in my event log, if Essentials does not support communication to other servers and domain servers? Maybe a better question is why does Essentials even try to implement this
  service? Do I even need to try to resolve this issue or should I just disable it and move on? 
  Contents of Error:
  Log Name:      DFS Replication
  Source:        DFSR
  Date:          2/6/2014 1:57:57 PM
  Event ID:      1202
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      Hxxx2.xxxxxxxxxxxxx.local
  Description:
  The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused
  by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
  Additional Information:
  Error: 160 (One or more arguments are not correct.)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="DFSR" />
      <EventID Qualifiers="49152">1202</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-02-06T19:57:57.000000000Z" />
      <EventRecordID>194</EventRecordID>
      <Channel>DFS Replication</Channel>
      <Computer>Hxxx2.Hxxxxxxxxxxxxx.local</Computer>
      <Security />
    </System>
    <EventData>
      <Data>
      </Data>
      <Data>60</Data>
      <Data>160</Data>
      <Data>One or more arguments are not correct.</Data>
    </EventData>
  </Event>

  Hi, 
  Did you mean that you did not configure a DFS server in the new DC but you get the DFSR error 1202 in your event log? Then the issue is not related to the existing SBS domain. 
  Please try to turn off the Windows Firewall to check if it causes the issue. You could also refer to the articles below to troubleshoot the issue:
  Newly Promoted Win2K8 DC is not advertising as Domain Controller.
  http://blogs.technet.com/b/niraj_kumar/archive/2009/04/23/newly-promoted-win2k8-dc-is-not-advertising-as-domain-controller.aspx
  Restrictions for Unauthenticated RPC Clients: The group policy that punches your domain in the face
  https://blogs.technet.com/b/askds/archive/2011/04/08/restrictions-for-unauthenticated-rpc-clients-the-group-policy-that-punches-your-domain-in-the-face.aspx
  Regards, 
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• DFSR failed to contact domain controller

  Im having an odd problem with DFSR group we created to replicate web content between two of our web servers.
  In event viewer we have this event 1202 for DFSR.
  "The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can
  be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
  Additional Information:
  Error: 160 (One or more arguments are not correct.)"
  In the DFSR logs I see this.
  20140303 12:18:27.874 1404 CFAD 8300 Config::AdConfig::GetLocalComputerNameWithDns Computer's fully-qualified DNS name: DFSRSERVER.domain.tld
  20140303 12:18:27.920 1404 CFAD 311 Config::AdConnection::Connect Binding to dcAddr:\\1.1.1.1 dcDnsName:\\MYDC.domain.tld
  20140303 12:18:27.936 1404 CFAD 143 Config::AdConnection::BindToAd Trying to connect. hostName:MYDC.domain.tld
  20140303 12:18:28.467 1404 CFAD 162 Config::AdConnection::BindToAd Bound. hostName:MYDC.domain.tld
  20140303 12:18:28.467 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\MYDC.domain.tld domainName:<null>
  20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\MYDC.domain.tld domainName:<null> Error:5
  20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\MYDC.domain.tld domainName:<null> Error:[Error:5(0x5) Config::DsSession::Bind ad.cpp:3380 1404 W Access is denied.]
  20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\1.1.1.1 domainName:<null>
  20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\1.1.1.1 domainName:<null> Error:87
  20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\1.1.1.1 domainName:<null> Error:[Error:87(0x57) Config::DsSession::Bind ad.cpp:3380 1404 W The parameter is incorrect.]
  20140303 12:18:28.514 1404 SCFS 150 [WARN] ServiceConfig::DsPollIsDue Failed to enable lightweight polling. Error:
  + [Error:160(0xa0) Config::AdConfig::ConnectToLocalDc ad.cpp:8365 1404 W One or more arguments are not correct.]
  + [Error:160(0xa0) Config::AdConfig::Connect ad.cpp:8113 1404 W One or more arguments are not correct.]
  + [Error:160(0xa0) Config::AdConnection::Connect adconnection.cpp:377 1404 W One or more arguments are not correct.]
  + [Error:160(0xa0) Config::AdConnection::BindToDc adconnection.cpp:226 1404 W One or more arguments are not correct.]
  20140303 12:18:28.514 1404 CREG 1419 Config::RegReader::IsSysVolCommitFlagSet key: System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Demoting SysVols valueName:'SysVol Information is Committed' result:0
  20140303 12:18:28.514 1404 W2CH 266 ConfigurationHelper::PollAdConfigNow Trying to connect to AD
  20140303 12:18:28.514 1404 CFAD 311 Config::AdConnection::Connect Binding to dcAddr:\\1.1.1.1 dcDnsName:\\MYDC.domain.tld
  20140303 12:18:28.514 1404 CFAD 143 Config::AdConnection::BindToAd Trying to connect. hostName:MYDC.domain.tld
  20140303 12:18:28.514 1404 CFAD 162 Config::AdConnection::BindToAd Bound. hostName:MYDC.domain.tld
  20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\MYDC.domain.tld domainName:<null>
  20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\MYDC.domain.tld domainName:<null> Error:5
  20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\MYDC.domain.tld domainName:<null> Error:[Error:5(0x5) Config::DsSession::Bind ad.cpp:3380 1404 W Access is denied.]
  20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\1.1.1.1 domainName:<null>
  20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\1.1.1.1 domainName:<null> Error:87
  20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\1.1.1.1 domainName:<null> Error:[Error:87(0x57) Config::DsSession::Bind ad.cpp:3380 1404 W The parameter is incorrect.]
  20140303 12:18:28.514 1404 EVNT 1194 EventLog::Report Logging eventId:1202 parameterCount:4
  20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter1:
  20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter2:60
  20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter3:160
  20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter4:One or more arguments are not correct.
  20140303 12:18:28.530 1404 W2CH 318 [ERROR] ConfigurationHelper::PollAdConfigNow (Ignored) Failed to connect to AD. Error:
  + [Error:160(0xa0) Config::AdConfig::ConnectToLocalDc ad.cpp:8365 1404 W One or more arguments are not correct.]
  + [Error:160(0xa0) Config::AdConfig::Connect ad.cpp:8113 1404 W One or more arguments are not correct.]
  + [Error:160(0xa0) Config::AdConnection::Connect adconnection.cpp:377 1404 W One or more arguments are not correct.]
  + [Error:160(0xa0) Config::AdConnection::BindToDc adconnection.cpp:226 1404 W One or more arguments are not correct.]
  When I run "dfsrdiag pollad":
  [ERROR] PollDsNow method executed unsuccessfully. ReturnValue: 12 (0xc)
  [ERROR] Failed to execute PollAD command Err: -2147217407 (0x80041001)
  However I can run "dfsrdiag dumpadcfg" and it outputs everything fine.
  We don't have any other problems with AD.  It seems like this started after we installed KB2467173 & KB2538242.  We are going to uninstall those and see if it works.

  I can successfully run "dfsrdiag.exe dumpadcfg" and it outputs the entire config.  Why does "dfsrdiag pollad" fail then if the config can be read.
  Why did it work before I rebooted the server?  In both cases it broke after rebooting.
  PS C:\Windows\system32> dfsrdiag dumpadcfg
  LDAP Bind : mydc.domain.tld
  SitesDn : cn=sites,cn=configuration,dc=domain,dc=tld
  ServicesDn : cn=services,cn=configuration,dc=domain,dc=tld
  SystemDn : cn=system,dc=domain,dc=tld
  DefaultNcDn : dc=domain,dc=tld
  ComputersDn : cn=computers,dc=domain,dc=tld
  DomainCtlDn : ou=domain controllers,dc=domain,dc=tld
  SchemaDn : CN=Schema,CN=Configuration,dc=domain,dc=tld
  COMPUTER: web1
  DN : cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
  GUID : 152E849C-4D7B-4AE8-B034-83747DBC1E89
  DNS : web1.domain.tld
  Server Ref : (null)
  USN Changed : 10862129
  When Created : Friday, January 31, 2014 8:41:06 PM
  When Changed : Tuesday, March 4, 2014 2:54:36 PM
  LOCAL SETTINGS: DFSR-LOCALSETTINGS
  DN : cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
  GUID : 3FD696E7-6598-4CDB-B2AB-98F148C0D2F7
  Version : 1.0.0.0
  USN Changed : 10932017
  When Created : Thursday, March 6, 2014 2:11:12 PM
  When Changed : Thursday, March 6, 2014 2:15:25 PM
  SUBSCRIBER: FF88A312-A0EB-44CC-A614-7A3D06DCC0AB
  DN : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
  GUID : 1119B663-F02A-4F1F-A904-23A87CFC93C3
  Member Ref : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  USN Changed : 10931931
  When Created : Thursday, March 6, 2014 2:11:12 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  SUBSCRIPTION: 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
  DN : cn=6783dde1-c795-4e8b-b07d-4ea8d7d0317f,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
  GUID : 3737B1F2-7E38-47E2-90E7-E57D82B145F1
  ContentSetGuid: 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
  Root Path : c:\inetpub\internetsites
  Root Size : 10240 (MB)
  Staging Path : c:\inetpub\internetsites\dfsrprivate\staging
  Staging Size : 4096 (MB)
  Conflict Path : c:\inetpub\internetsites\dfsrprivate\conflictanddeleted
  Conflict Size : 4096 (MB)
  USN Changed : 10931919
  When Created : Thursday, March 6, 2014 2:11:13 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  SUBSCRIPTION: F2F1F3A2-B36F-4170-B371-8E8043DF73F4
  DN : cn=f2f1f3a2-b36f-4170-b371-8e8043df73f4,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
  GUID : 57E7F8D7-1121-4334-BC81-74226ADF8969
  ContentSetGuid: F2F1F3A2-B36F-4170-B371-8E8043DF73F4
  Root Path : c:\internet_data
  Root Size : 10240 (MB)
  Staging Path : c:\internet_data\dfsrprivate\staging
  Staging Size : 4096 (MB)
  Conflict Path : c:\internet_data\dfsrprivate\conflictanddeleted
  Conflict Size : 4096 (MB)
  USN Changed : 10931921
  When Created : Thursday, March 6, 2014 2:11:13 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  SUBSCRIPTION: D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
  DN : cn=d0438b52-b706-4e40-b4c3-fe7a1aca5fcf,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
  GUID : F8217091-F71A-4D4A-A676-097583171A63
  ContentSetGuid: D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
  Root Path : c:\php\phpsites
  Root Size : 10240 (MB)
  Staging Path : c:\php\phpsites\dfsrprivate\staging
  Staging Size : 4096 (MB)
  Conflict Path : c:\php\phpsites\dfsrprivate\conflictanddeleted
  Conflict Size : 4096 (MB)
  USN Changed : 10931923
  When Created : Thursday, March 6, 2014 2:11:13 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  GLOBAL SETTINGS: DFSR-GLOBALSETTINGS
  DN : cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  GUID : 2E98CE5E-5CC7-4322-B5EA-2B6B340C689F
  USN Changed : 12525
  When Created : Saturday, October 22, 2011 1:56:38 AM
  When Changed : Saturday, October 22, 2011 1:56:38 AM
  REPLICATION GROUP: WEB CONTENT
  DN : cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  GUID : 9C94A417-6F6C-4F6C-BBFA-B8F52854C4DF
  Type : 0 (UNKNOWN REPLICATION GROUP TYPE)
  Options : 0x1 [Local Time Schedule]
  USN Changed : 10931906
  When Created : Thursday, March 6, 2014 2:11:12 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  CONTENT: CONTENT
  DN : cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  GUID : 6714C533-E631-4E71-930D-E4934FB7BD7E
  USN Changed : 10931908
  When Created : Thursday, March 6, 2014 2:11:12 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  CONTENT SET: INTERNET_DATA
  DN : cn=internet_data,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  GUID : F2F1F3A2-B36F-4170-B371-8E8043DF73F4
  File Filter : ~*, *.bak, *.tmp
  Compression Excl : (null)
  Dir Filter : (null)
  USN Changed : 10931916
  When Created : Thursday, March 6, 2014 2:11:13 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  CONTENT SET: INTERNETSITES
  DN : cn=internetsites,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  GUID : 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
  File Filter : ~*, *.bak, *.tmp
  Compression Excl : (null)
  Dir Filter : (null)
  USN Changed : 10931915
  When Created : Thursday, March 6, 2014 2:11:13 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  CONTENT SET: PHPSITES
  DN : cn=phpsites,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  GUID : D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
  File Filter : ~*, *.bak, *.tmp
  Compression Excl : (null)
  Dir Filter : (null)
  USN Changed : 10931917
  When Created : Thursday, March 6, 2014 2:11:13 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  TOPOLOGY: TOPOLOGY
  DN : cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  GUID : 16053002-7B99-4DA7-BFE5-2A6418040640
  USN Changed : 10931907
  When Created : Thursday, March 6, 2014 2:11:12 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  MEMBER: FF88A312-A0EB-44CC-A614-7A3D06DCC0AB
  DN : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  GUID : 75A99277-C401-409F-A32D-6D8EE18E5D0C
  Server Ref : (null)
  Computer Ref : cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
  Keywords : (null)
  Computer DNS : web1.domain.tld
  USN Changed : 10931933
  When Created : Thursday, March 6, 2014 2:11:12 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  CXTION: 9ECE3EB7-FE97-4A1B-8DE3-47A77B2C625B
  DN : cn=9ece3eb7-fe97-4a1b-8de3-47a77b2c625b,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  GUID : 1D26B348-3875-4BD1-9473-E72506AFA222
  Inbound : true
  Partner DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  Enabled : TRUE
  Options : 0x1 [Local Time Schedule]
  USN Changed : 10931924
  When Created : Thursday, March 6, 2014 2:11:13 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  CXTION: 2BFA8BE2-0444-4AAF-8293-A5486CF8D7A3
  DN : cn=2bfa8be2-0444-4aaf-8293-a5486cf8d7a3,cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  GUID : A7203451-D95F-44D5-AC04-13056DCE5A89
  Inbound : false
  Partner DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  Enabled : TRUE
  Options : 0x1 [Local Time Schedule]
  USN Changed : 10931925
  When Created : Thursday, March 6, 2014 2:11:13 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  MEMBER: 46F913DB-8509-4581-A66D-D37E4EA3EF29
  DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
  GUID : 1BA26D07-45F5-44A0-8450-9274AFD99B1C
  Server Ref : (null)
  Computer Ref : cn=fccu01web,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
  Keywords : (null)
  Computer DNS : fccu01web.domain.tld
  USN Changed : 10931927
  When Created : Thursday, March 6, 2014 2:11:12 PM
  When Changed : Thursday, March 6, 2014 2:11:27 PM
  Operation Succeeded

• Error determining whether the target server is already a domain controller: Failed to open the runspace pool

  Hi there , i already have some others DC running w2k12 R2 on the env, but when i was promoting another new DC running w2k12 R2 on the middle of the AD sync , the server encounter an error and rebooted it self ; after the server came back online , it keep
  saying that a configuration is required for AD Domain Services , like the step when you are about to promote the server , but when you try to promote it , the error "Error determining whether the target server is already a domain controller: Failed
  to open the runspace pool. The server manager winrm plug-in might be corrupted or missing."

  Hi,
  Thanks for your post.
  Please waitting for the replication is finished and rerun the domain prep command  to check the result.
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• ReportViewer & IReportServerCredentials WORKS within Domain; FAILS with Cross-Domain request:HTTP status 401: Unauthorized

  The IReportServerCredentials approach with the ReportViewer control is working fine within a domain, but I get a 401 not authorized error for a Web IIS server trying to call a SSRS server in another domain. I've see plenty of helpful postings on the use
  of IReportServerCredentials but nothing that provides suggestions for this cross domain issue. Hope someone has some ideas on this one. Thanking you in advance for your response.
  Using VS 2008 VB.NET web app with ReportViewer control Version=8.0.0.0.
  Outside domainA Web Server IIS 8. OS = Windows NT 6.2;
  Inside domainA Windows 7 desktop; Inside domainA Windows Server 2003
  SSRS using windows authentication and on SQL Server 2012. OS = Windows NT 6.2
  The processing described below successfully produces a report when the web server app runs on a machine in the same domain as the SSRS server. For the "same domain" web app, both Win 7 desktop VS 2008 development server and Windows 2003 IIS 6 have
  been tested successfully.
  The report fails with error "The request failed with HTTP status 401: not authorized " when the web app is run from a windows IIS 8 machine (outward or Internet facing web server) that is not in the domain of the SSRS server. The ReportViewer control
  credentials (provided by IReportServerCredentials and taken from the web.config file) match a domain account in the same domain as the SSRS
  server and one that has browser permission on the report folder. The same credentials are used successfully for reports requested from within the SSRS domain.
  One interesting thing is that on the Internet facing web server, I can access the report via a browser request. So it is possible to have a user request coming from the Internet facing machine get through the SSRS windows authentication. Just does not
  work for the ReportViewer.
  Using IReportServerCredentials interface per example provided by Microsoft msdn site. Code listed below.
  IReportServerCredentials would appear to be a viable approach because it can pass credentials of a windows account known to the SSRS server, but not known to the client machine. By the way, database calls to SQL Server in domainA using a SQL Server
  native login account work fine. So the network support communication to a domain that the web server does not belong to.
  <Serializable()> _
  Public NotInheritable Class MyReportServerCredentials
      Implements IReportServerCredentials
      Public ReadOnly Property ImpersonationUser() As System.Security.Principal.WindowsIdentity _
          Implements IReportServerCredentials.ImpersonationUser
          Get
              'Use the default windows user.  Credentials will be
              'provided by the NetworkCredentials property.
              Return Nothing
          End Get
      End Property
      Public ReadOnly Property NetworkCredentials() As ICredentials _
              Implements IReportServerCredentials.NetworkCredentials
          Get
              'Read the user information from the web.config file. 
              'By reading the information on demand instead of storing
              'it, the credentials will not be stored in session,
              'reducing the vulnerable surface area to the web.config
              'file, which can be secured with an ACL.
              'User name
              Dim userName As String = _
                  ConfigurationManager.AppSettings("MyReportViewerUser")
              If (String.IsNullOrEmpty(userName)) Then
                  Throw New Exception("Missing user name from web.config file")
              End If
              'Password
              Dim password As String = _
                  ConfigurationManager.AppSettings("MyReportViewerPassword")
              If (String.IsNullOrEmpty(password)) Then
                  Throw New Exception("Missing password from web.config file")
              End If
              'Domain
              Dim domain As String = _
                  ConfigurationManager.AppSettings("MyReportViewerDomain")
              If (String.IsNullOrEmpty(domain)) Then
                  Throw New Exception("Missing domain from web.config file")
              End If
              Return New NetworkCredential(userName, password, domain)
          End Get
      End Property
      Public Function GetFormsCredentials(ByRef authCookie As Cookie, _
                     ByRef userName As String, _
                     ByRef password As String, _
                     ByRef authority As String) As Boolean _
          Implements IReportServerCredentials.GetFormsCredentials
          authCookie = Nothing
          userName = Nothing
          password = Nothing
          authority = Nothing
          'Not using form credentials
          Return False
      End Function
  End Class
  'Set the ReportViewer values and retrieve the report from the SSRS server into a pdf file on the client machine.
  ProposalRptViewer.ProcessingMode = Microsoft.Reporting.WebForms.ProcessingMode.Remote
  ' Set the ReportViewer ReportServerCredentials from the MyReportServerCredentials Class.
  ' Note the credentials are for a domain account defined in the same domain that the SSRS server belongs to and one that has browser permission on the report folder.
  ProposalRptViewer.ServerReport.ReportServerCredentials = _
       New MyReportServerCredentials()
  ProposalRptViewer.ServerReport.ReportServerUrl = New Uri(System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportServerURL))
  ProposalRptViewer.ServerReport.ReportPath = System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportPathProposal)
  ProposalRptViewer.ShowCredentialPrompts = False     ' disable prompting for data source credentials
  Dim paramList As New Generic.List(Of ReportParameter)
  Dim pInfo As ReportParameterInfoCollection
  pInfo = ProposalRptViewer.ServerReport.GetParameters()
  paramList.Add(New ReportParameter("ProposalID", ProposalID, True))paramList.Add(New ReportParameter("Entity", Entity, True))
  paramList.Add(New ReportParameter("intRatesPage", intRatesPage1, True))
  ProposalRptViewer.ServerReport.SetParameters(paramList)
  ' Process and render the report
  ProposalRptViewer.ServerReport.Refresh()
  Dim mimeType As String = Nothing
  Dim encoding As String = Nothing
  Dim streams As String() = Nothing
  Dim extension As String = Nothing
  Dim warnings As Microsoft.Reporting.WebForms.Warning() = Nothing
  Dim returnValue As Byte()
  ' Render the proposal Rate Page 1 report to a Byte Array output in pdf file format.
  returnValue = ProposalRptViewer.ServerReport.Render("PDF", Nothing, mimeType, encoding, extension, streams, warnings)
  An error only occurs for web server not in the domain of SSRS Server:
  The request failed with HTTP status 401: Unauthorized.
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
  Exception Details: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
  Source Error:
  An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack
  trace below.
  Stack Trace:
  [WebException: The request failed with HTTP status 401: Unauthorized.]
     Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.GetSecureMethods() +236
     Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.IsSecureMethod(String methodname) +58
     Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.SetConnectionSSLForMethod(String methodname) +16
     Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.LoadReport(String Report, String HistoryID) +226
     Microsoft.Reporting.WebForms.ServerReport.GetExecutionInfo() +192
     Microsoft.Reporting.WebForms.ServerReport.SetParameters(IEnumerable`1 parameters) +136
     DeltaRater.Web.ViewRates.btnCreateProposal_Click(Object sender, EventArgs e) in C:\alex\~~_____Rapid_Rater\SourceDir_VS2008_Jan17_2014\DRR\ViewRates.aspx.vb:911
     System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
     System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
     System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
     System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981
  Version Information: Microsoft .NET Framework Version:2.0.50727.8009; ASP.NET Version:2.0.50727.8010

  I got the answer to my question by following suggestions by Irb on another technical forum.
  From web server (not on same domain), I was passing credentials of a domain account on the SSRS server. Irb suggested I create a local account on the SSRS server and pass those credentials. I tried this but got the same results.
  This approach worked for web server in SSRS domain, but failed with 401 Unauthorized for web server outside the SSRS domain. Per suggestion for local account on SSRS server, I tried passing empty string "" as the domain via IReportServerCredentials.
  Again this works for web server in the same domain as SSRS. But I get the 401 Unauthorized error when the web server is outside the domain. In testing and checking similar posts, I discovered an additional piece was required for the report request to work
  across domains. The default user did not have authority to send the request and/or receive the report. Adding the following in <system.web> section of web.config file was needed.
  <identity impersonate="true" userName="localwindowsuser" password="#########"/>          where "localwindowsuser" is a windows user defined on the web server.
  I never needed this extra piece when the web server ran in the same domain as the SSRS server. I thank Irb for making me go through the details of additional tests because that is how I stumbled across an identity comment and ultimately got things working.