Having trouble promoting a server to a Child Domain Controller

Similar Messages

• Promoting Windows Server 2012 R2 to Domain Controller

  Hello!
  I have a domain called "company.com" and I have set my public/router IP "361.250.148.222" on GoDaddy account A (Host) section, and currently Windows server has one NIC with Static IP "192.168.1.100" from same router. Now I am
  going to add a new forest for "company.com".
  My question: do I have to set the same public IP set in DNS zone file of GoDaddy on a another NIC on my server OR same local IP received from router will suffice?!
  Thanks!

  Hi Hamed,
  The router should be fine, but you will need then then NAT any inbound traffic aimed at that address to the IP of the internal Server.
  If you setup internal DNS, you will need to configure that with a split DNS so that internally your DNS resolves to the internal address and external to the external address. However if GoDaddy is dealing with your external DNS then your internal DNS will
  only require the internal IP addresses.
  Kind Regards
  Michael Coutanche
  Blog:   
  Twitter:   LinkedIn:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Installing a New Windows Server 2008 R2 Child Domain by Using the Command Line

  Installing a New Windows Server 2008 R2 Child Domain by Using the Command Line:
  http://technet.microsoft.com/en-us/library/cc731873%28v=ws.10%29.aspx
  dcpromo /unattend /InstallDns:yes /ParentDomainDNSName:mysite.com /replicaOrNewDomain:domain /newDomain:child /newDomainDnsName:gridview.mysite.com /childName:gridview /DomainNetbiosName:gridview
  /databasePath:"c:\Windows\ntds" /logPath:"c:\Windows\ntds" /sysvolpath:"c:\Windows\SYSVOL" /safeModeAdminPassword:pass1 /forestLevel:4 /domainLevel:4 /rebootOnCompletion:yes
  Error Code:
  The specific argument 'childName' is not recognized.
  I am trying to insert gridview as a childname.

  Hi,
  Before going further, can we try another domain name to see what will happen?
  Besides, if the issue persists, we can try installing a new child domain by using the GUI.
  Installing a New Child Domain by Using the Graphical User Interface (GUI)
  http://technet.microsoft.com/en-us/library/cc771856(v=ws.10).aspx
  Best regards,
  Frank Shen

• Error determining whether the target server is already a domain controller: Failed to open the runspace pool

  Hi there , i already have some others DC running w2k12 R2 on the env, but when i was promoting another new DC running w2k12 R2 on the middle of the AD sync , the server encounter an error and rebooted it self ; after the server came back online , it keep
  saying that a configuration is required for AD Domain Services , like the step when you are about to promote the server , but when you try to promote it , the error "Error determining whether the target server is already a domain controller: Failed
  to open the runspace pool. The server manager winrm plug-in might be corrupted or missing."

  Hi,
  Thanks for your post.
  Please waitting for the replication is finished and rerun the domain prep command  to check the result.
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Error determining whether the target server is already a domain controller: The target server is already a Domain Controller.

  So basically, I was promoting a new server to a DC.  It said the promotion failed.  I rebooted the server and low and behold, it is acting like a domain controller.  It is moved to the domain controller OU, it is replicating fine, it knows
  who has the FSMO roles and I see no other problems. However, server manager is still telling me to promote the machine to be a DC as can be seen here:
  If I click the link to run DC Promo, I get this:
  Is there any way to just tell the server that "yes this is a working DC" to get rid of the task in server manager? Or is there something else I should do to correct this?

  Hi Vinny,
  There are others who have encountered similar scenarios as yours, clicking the Post-deployment Configuration message is enough to make the message disappear for good.
  Although I am more worried about that you mentioned the promotion failed, I suggest you run DCdiag.exe on this machine to examine if the DC is healthy.
  More information for you:
  Server 2012 DC Promotion Bug
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/221ed1ff-fc16-4c5d-ae05-edea7a9076be/server-2012-dc-promotion-bug?forum=winserverDS
  Troubleshooting Domain Controller Deployment
  http://technet.microsoft.com/en-us/library/jj592690.aspx
  Best Regards,
  Amy

• Why cant download the cc trial? When I try the site said is having trouble with the server

  Why cant download the cc trial? When I try the site said is having trouble with the server

  Some links that may help
  -http://helpx.adobe.com/creative-cloud/kb/error-downloading-cc-apps.html
  -http://forums.adobe.com/community/download_install_setup
  -http://helpx.adobe.com/creative-cloud/kb/troubleshoot-cc-installation-download.html
  -http://helpx.adobe.com/x-productkb/global/errors-or-unexpected-behavior-websites.html
  -http://helpx.adobe.com/creative-cloud/kb/unknown-server-error-launching-cc.html
  -Server won't connect https://forums.adobe.com/thread/1233088

• Mail now having trouble with exchange server

  Hi There,
  We use a hosted exhange server for email which has been working fine for the last year but all of a sudden we seem to be having issues copnnecting - Mail just sits there with the spining animation and the Activity window displaying a variety of messages such as:
  "Syncing Inbox"
  "Requesting latest information"
  "Traversing mailbox hierarchy"
  "Adding messages"
  I've talked to our provider and they say nothing's changed their end but we're seeing this issue several times a day accross both 10.7 and 10.6 macs and in different locations (work, home and when traveling).
  Normally a restart will fix the issue but I know have a Mac that is just stuck - and a restart doesn't work.
  Does anyone know how I might trouble shoot this issue and how I can help our provider to understand what might be happening on the Mac side?
  Any help would be much appreciated.
  Cheers
  Ben

  So it looks like the issue was an untrusted certificate as overnight, all my email is back.
  However, any messages that came in during that time can't be filed or even deleted - I see this error:
  The message “Re:message subject"” could not be moved to the mailbox “Actioned — [email protected]”
  An error occurred while moving messages to mailbox “Actioned — [email protected]”
  Does any one know what the problem might be?
  Cheers
  Ben

• Why cant i log into my icloud accout, keeps saying having trouble connecting to server. I have tried on two different computers in two different locations. I am new to this and just learning, getting very frustrated with the whole smart phone thing!

  why am i having so much trouble trying to log into my icloud account. I have been trying for 2 days now on two different computers in 2 different locations. I can get to the log in screen, type in my apple id and password, then keep getting screen saying icloud showed an error connecting to server. I am very new at all this smart phone stuff and just want to check my icloud account to make sure my back ups are working and to import some photos off my phone to make some more room? Getting very frustratied, HELP am I doing something wrong?

  Hello wolfpupmp,
  Thank you for using Apple Support Communities.
  For more information, take a look at:
  iCloud: Troubleshooting web browser issues with iCloud.com
  http://support.apple.com/kb/TS4050
  Have a nice day,
  Mario

• Having trouble with calendar server with SSO in communication express

  I have configured communication express with components calendar, messaging and access manager. I am able to login that but when i click on calendar ,it says "Aplication Error" NULL pointer Exception. I am able to access address book and options for all of them. i checked the am_sso.log , it has statement
  com.sun.uwc.UWCMainViewBean <init>
  SEVERE: UWCMainViewBean:forwardToURL(forwardtodefview) - null
  Can anybody tell me how to fix that problem?
  Thanks

  A similar problem was discussed over in the Calendar Server forum: http://forum.sun.com/jive/thread.jspa?threadID=101320 Check out the answers there (and the Calendar Server forum is probably a better place to ask this anyway since it looks pretty specific...)

• Windows Server 2012 Standard - HP OfficeJet Pro 8600 Plus printer not working after promoting to Domain Controller / AD Services

  An associate and myself installed the built-in drivers for the HP OfficeJet Pro 8600 Plus multi-function (network) printer on a Windows Server 2012 Standard server installation and everything worked fine whenever I want to print anything directly from the
  Windows Server machine (there's a reason for this, so please understand that ;)  ).
  We were able to print without any problems from the Windows Server 2012 machine, using the drivers from Microsoft.  Mainly, because HP has not listed any specific support for Windows Server 2012, only Windows Server 2008 R2, however, the drivers that
  came with Windows 2012 seem to work very well.
  PROBLEM: I later had to promote the Windows Server 2012 to a Domain Controller, and created the Active Directory configurations, even enabled the Print Services.  After doing all of that, the HP printer will not print anything.  It's like all print
  requests directly from the Windows Server go to Nil.
  Has anyone encountered a problem like this before? The only thing I can think of is that after perhaps something affected printing directly once we promoted the server to being a DC, and added other features / roles.  I even tried installing the
  HP drivers for Windows Server 2008 R2, and the results are still the same...nothing prints.  Trust me, the printer is set as the Default Printer and even when choosing to print, we make sure the HP OfficeJet Pro is selected, and is on, as other Windows
  Client PC's can print to it directly.
  Does anyone have any suggestions we could try?  Thanks in advance.

  While it is quite a while since this was posted - I can concur a similar issue exists.
  We have spent the better part of a day trying to work out why other HP printers work fine but our 8620 prints are not printing and going to Nil.  The print server is hosted on a shared DC.  Comparing to the initial posters details, for some reason
  it seems to be most commonly related to the OfficeJet Pro 8600/8610/8620/8630 series printers.
  I ended up doing a print server migration from the domain controller to stand alone host and all printers now work from a single server rather than a mix.  Domain controller OSes varied from 2008, 2012, 2012 R2 (tested with multiple) and only after
  all of those failed then tried a stand alone server os machine as a last resort which worked fine.  Printing directly from Win 7 / 8 /8.1 clients to the IP always worked.

• Lync 2013 Clients in Child Domain Log "The server returned HTTP status code '403 (0x193)' with text 'Forbidden'."

  Hey All, I am really stumped on this one. 
  Environment - Is using split DNS
  Forest Root Domain - Contains new Lync 2013 Server Standard, ADDS, DNS, Enterprise CA, Workstations
  Clients in this domain connect and work beautifully. No errors. 
  Child Domain - ADDS, DNS, Workstation, Lync 2013 client
  Client autodiscovers, and then asks for a password. Enter the password and this comes up...
  Can't sign in to Lync, You didnt get signed in, It might be your sign-in address or logon credentials..  blah blah blah" 
  Client log shows 
  Error:
  There was an error communicating with the endpoint at 'https://domainlync13srv.Domain.net/WebTicket/WebTicketService.svc'.
  The server returned HTTP status code '403 (0x193)' with text 'Forbidden'.
  The server understood the request, but cannot fulfill it.
  As far as i can tell certificates are correctly configured with all the SAN's possible in my forest. The user is correctly set up in Lync control panel. Autodiscovery seems to be working as it should. EWS is working correctly. 
  Repaired client, removed cached creds, has all lync 2013 updates no dice
  Thank you all! 

  I am an IDIOT. 
  I did not prepare the child domain with the LYNC setup tool. Logged on to a file server in the child domain with domain admin rights and sure enough the setup said the domain was "partial". Ran the setup and bam it all started working. 

• Child domain loss Exchange server permission

  One of my child domain missed Exchange role security permission, anyone know how to restore it back?  Please give me advice, thx a lot

  Hi waiyeung,
  Thank you for your question.
  We could use ADsiedit.msc in child domain controller to check if the missed permission is existed:
  Run ADsiedit.msc in Run
  Navigate Default naming context[domain.com]>Microsoft Exchange Security Groups
  If the missed permission has been existed, we could check sync between child Domain Controller and Exchange server.
  If the missed permission has been not existed, we could follow Andy’s suggestion to update domain schema .
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim

• Using the Ntdsutil utility to remove the only (tombstoned) DC along with an orphaned child domain

  Hello experts,
  before working on a server consolidation project for a new customer the situation was:
  Headquarter (I will not mention file and application servers)
  ==================================================
  - One physical server running Windows Server 2003 R2 Standard Edition acting as a Domain Controller and Global
  Catalog, holding the Five FSMO roles and running Microsoft Exchange Server 2003.
  ==================================================
  Branch office (connected to the corporate office by using a persistent site-to-site VPN)
  ==================================================
  - One physical server running Windows Server 2003 R2 Standard Edition acting as a file server and a Domain Controller
  in a child domain. Before we started work on the server consolidation project, this Domain controller at the remote site already was tombstoned.
  ==================================================
  After working on the server consolidation project the situation is:
  Headquarter
  ==================================================
  - We have added a new VM running Windows Server 2003 R2 Standard Edition acting as a Domain Controller.
  - We have added a new VM running Windows Server 2008 R2 Standard Edition running Exchange 2007 Service Pack 3
  and successfully migrated Exchange 2003 to 2007. We are ready to remove Exchange 2003 from the old physical server running Windows Server 2003 R2 Standard Edition.
  ==================================================
  Branch office
  ==================================================
  - We have added a new VM running Windows Server 2003 R2 and promoted it to be a new Domain Controller in a new
  forest.
  - We have turned off the tombstoned Domain Controller after migrating the applications and users to the new domain.
  We haven't tried to demote it gracefully because it is totally screwed up
  ==================================================
  In order to decommission the two remaining physical servers (the one acting as a Domain Controller and Global
  Catalog, holding the Five FSMO roles and running Microsoft Exchange Server 2003 in the Headquarter and the tombstoned Domain Controller in the Branch office) our plan is to:
  ==================================================
  1. Use the Ntdsutil.exe utility to manually remove the tombstoned Domain Controller in the Branch office.
  2. After manually removing the tombstoned Domain Controller in the Branch office (step above), use the Ntdsutil.exe utility
  to manually remove the orphaned child domain from Active Directory.
  3. Transfer the role of the global catalog and all FSMO roles to the new VM we have added in the Headquarter (It is already
  acting as a Domain Controller).
  4. Remove Exchange 2003 from and gracefully demote the old physical server running in the Headquarter. ==================================================
  Does our plan above make sense to you ? Can someone please explain or provide instructions for step 1 & 2 above ?
  I would be very grateful if someone could kindly share some thoughts.
  Any help/information will be greatly appreciated.
  Regards,
  Massimiliano

  To remove an orphaned child domain: http://support.microsoft.com/en-us/kb/230306
  To do a metadata cleanup: https://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx
  Your plan is okay. Just make sure that your DCs are in healthy state and AD replication is fine using
  dcdiag and repadmin commands before proceeding with demoting. Also, take system state backups before proceeding.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile
  Hello Ahmed,
  thank you for your reply to my question.
  I have analyzed the replication status for all domain controllers in the Active Directory forest using the Active
  Directory Replication Status Tool (ADREPLSTATUS). All DCs are in healthy state and AD replication is fine.
  The only replication errors shown in the Active Directory Replication Status Tool are those involving the tombstoned
  Domain Controller in the Branch office, so I think it should be safe to go ahead.
  It is my understanding that before removing the orphaned child domain I should remove the tombstoned Domain Controller
  in the Branch office. Can I refer to the instructions on the following webpage:
  ==================================================
  http://www.petri.com/delete_failed_dcs_from_ad.htm ==================================================
  Thank you,
  Massimiliano

• Can I add a WinServer 2012 into a mix child Domain with 2008 and 2003?

  The founctionall level is 2003 and the main domain is mix with 2008 and 2003. The user need the templete of Server 2012 and use the "new" group policy so that they are able to use the "new" feature in windows 8 (which I totally
  do Not think is much useful). I've a plan that join the 2012 server into a child domain as a DC but I don't know if that will cause any problems. Can I do so?
  Thanks all.
  Gary

  @Darren: http://technet.microsoft.com/en-us/library/jj592683.aspx
  For Windows 8 a change to how the TPM owner authorization value is stored in AD DS was implemented in the AD DS schema. The TPM owner authorization value is now stored in a separate object which is linked to the Computer object. This value was stored as
  a property in the Computer object itself for the default Windows Server 2008 R2 schemas.
  To take advantage of this integration, you must upgrade your domain controllers to Windows Server 2012 or extend the Active Directory schema and configure BitLocker-specific Group Policy objects.
  Windows Server 2012 domain controllers have the default schema to backup TPM owner authorization information in the separate object. If you are not upgrading your domain controller to Windows Server 2012 you need to extend the schema to support this change.
  To support Windows 8 computers that are managed by a Windows Server 2003 or Windows 2008 domain controller
  There are two schema extensions that you can copy down and add to your AD DS schema:
  TpmSchemaExtension.ldf 
  This schema extension brings parity with the Windows Server 2012 schema. With this change, the TPM owner authorization information is stored in a separate TPM object linked to the corresponding computer object. Only the Computer object that has created
  the TPM object can update it. This means that any subsequent updates to the TPM objects will not succeed in dual boot scenarios or scenarios where the computer is reimaged resulting in a new AD computer object being created. To support such scenarios, an update
  to the schema was created.
  TpmSchemaExtensionACLChanges.ldf 
  This schema update modifies the ACLs on the TPM object to be less restrictive so that any subsequent operating system which takes ownership of the computer object can update the owner authorization value in AD DS. However, this is less secure as any computer
  in the domain can now update the OwnerAuth of the TPM object (although it cannot read the OwnerAuth) and DOS attacks can be made from within the enterprise. The recommended mitigation in such a scenario is to do regular backup of TPM objects and enable auditing
  to track changes for these objects. 
  To download the schema extensions, see Schema Extensions for Windows Server 2008 R2 to support AD DS backup of TPM information from
  Windows 8 clients.
  If you have a Windows Server 2012 domain controller in your environment, the schema extensions are already in place and do not need to be updated.
  Also, if you check the GPO's in 2012, there are specific templates for Windows8/2012 and specific (legacy) templates for Windows 7.
  MCITP:SA:EA:EMA2010:VA2008R2

• Exchange mailbox creation for child domain

  Hi Friend,'
  I want to add a child domain,some thing like group.domain.com. We have an exchange 2013 in the network, my requirement is to create 50 users in the child domain and create mail accounts for this child domain users. 
  My main challenge is to create the CDC and my exchange have the name space domain.com and my CDC is group.domain.com,but i want to add users in mailserver for the CDC users as [email protected]
  I know how to add additional suffix in exchange and AD :
  http://www.sysguru.in/2014/09/creating-additional-suffixname-space-in.html
  Is it possible to use the same scenario for my CDC users also?
  Regards

  Hi,
  In your case, if you want to add additional suffix in your Exchange server in the child domain, you need to add the root domain as an accepted domain.
  Here is an article about accepted domain for your reference.
  Accepted domains
  https://technet.microsoft.com/en-us/library/bb124423(v=exchg.150).aspx
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support