Windows 2012 Verification of prerequisites for Domain Controller promotion failed
Windows 2012 Verification of prerequisites for Domain Controller promotion failed and gave the below error(In computer management local group and user option is not there as suggested by a solution!)
"Verification of prerequisites for Domain Controller promotion failed. The local Administrator account becomes the domain Administrator account when you create a new domain. The new domain cannot be created because the local Administrator account password
does not meet requirements.
Currently, the local Administrator password is blank, which might lead to security issues. We recommend that you press Ctrl+Alt+Delete, use the net user command-line tool, or use Local Users and Groups to set a strong password for the local Administrator
account before you create the new domain."
OK, the reason you see this error is because when you set up and configured your Windows R2 environment you may have logged into the OS with an account other than Administrator. So, if you created your log in account named Bob, this is throwing off the Server.
So, hit Ctrl-Alt-Delete, and look who you are logged in as, and then change the account you are logging in as and use the local Administrator account. What you may find is that the default Admin account password has not been set.
Check that out and see if that is what you are experiencing.
Best wishes
Similar Messages
-
Verification of prerequisites for Active Directory preparation failed
We currently have Windows Server 2003 SBS, SP2, Domain Controller. Would like to add Windows Server 2012, Standard, 64-bit as a backup domain controller.
"Verification of prerequisites for Active Directory preparation failed. Unable to perform Exchange schema conflict check for domain sxxxx.local.
Exception: The RPC server is unavailable.
Adprep could not retrieve data from the server name.xxxxx.local through Windows Managment Instrumentation (WMI).
[User Action]
Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130417103902-test directory for possible cause of failure."
What the log says is really:
"Adprep encountered a Win32 error. Error code: 0x6ba Error messa The RPC server is unavailable."
Can anyone has similar experience shred some lights to troubleshoot this? Have reviewed
other links that have similar probems but that doesn't help.
Many Thanks!Of course I CANNOT remove Symnatec as Meinolf suggests. That would be out of my mind!! I tried to stop all their services though which doesn't help. I know this has nothing to do with Symantec. Here comes another test, the final one:
Test 8
This article is really good as it concludes very thoroughly about the problems about "800706BA - RPC Server Is Unavailable" and other WMI query issues:
http://goo dot gl/l2iha
I started looking at he ISA 2004 on our SBS 2003.
Tried to disable the RPF Filter:
a. Open Microsoft Internet Security and Acceleration Server 2004
b. Go to Configuration > Add-in and location RPC Filter on the right side, right-click on it and select Properties, uncheck 'Enable this filter'
c. Hit Apply....
d. Now I go back to Windows 7 and test the WMI query.
The result: it WORKS!
e. Next, I tried that on the Windows Server 2012 like so:
c:>wmic /node:sbs2003servername computersystem list brief /format:list
It also works!
f. Next also on Windows Server 2012, I continued on what was left over. I did the "Rerun prerequisites check " and no surprise - "All prerequisite checks passed successfully. Click 'Install' to begin installation"!
Well that concludes the problem of installing Windows Server 2012 (standard) as a backup domain controller to a Windows SBS 2003 domain controller and the troubleshooting process that finally led to a solution that solves my problem. Thanks for all
the discussions over the web. Every bit counts!
Well if this helps you in some way, give me some points to buy beer! I am going to have a drink with Bill, Cheers! -
Can we run domain controller windows 2008 32 bit and additional domain controller on 2003 server
im my environment we are trying to upgrade from server 2k3 to 2k8, out testing done on server 2k3 to 2k8, but can we run domain controller windows 2008 32 bit and additional domain controller on 2003 server ...kindly suggest
Nitin Gaurav
[email protected]Yes you can. If you have two 2003 AD servers currently and upgrade one of them to 2008 AD then they'll continue to be able to work together. The domains functional level will remain as 2003 across both servers so at this stage you won't get any benefit from
the new AD functionality available in 2008.
Once you've then upgraded the second 2003 server to 2008 you can then upgrade the functionality levels in AD to make it 2008. It's been a while, but I believe it doesn't happen automatically, so once all AD servers have been upgraded you have to go into
AD and upgrade the functionality levels yourself. -
Pricing for VM running WS 2012 E R2 primarily as domain controller for ~5 clients
Hi
I am starting a small medical clinic, with only about 6 client PCs. However, I would like a domain network structure for security purposes moving forward rather than a workgroup.
I'm looking at either purchasing a modest server (ie HP Proliant ml310) with windows server 2012 essentials r2 and using it locally (total cost ~$1500) or using a Windows Azure virtual machine to run the domain controller over a VPN. We already use
office 365 e3, so don't really need a local server for email, storage etc. I already have an old synology NAS that could be used for disk images etc that we would lose out on with the hosted server solution.
Can someone verify my calculations for monthly cost estimate I tried using the calculator --1 small VM + 225 GB storage for the OS came to $65/month
Would I be able to run it on the small virtual machine or would I need to go up to medium just for the OS? If the later is the case it would definitely not be cost effective.
Thanks for the help
TMhi tdiddy,
Thanks for posting!
About VM and azure storage pricing , I suggest you could refer to this pricing details page and calculations fee:
http://azure.microsoft.com/en-us/pricing/details/virtual-machines/
http://azure.microsoft.com/en-us/pricing/details/storage/
Also, for this billing question Please contact azure billing support team via
http://www.windowsazure.com/en-us/support/contact/
Hope it helps.
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Certificate for Domain Controller Will not import
Hi,
I am having an issue importing a Certificate .crt file on a Windows Server 2008 R2 Domain Controller. The Certiificate is needed for migrating our 2003 Domain Controllers to 2008r2. When I try to use the command line to import the certificate
using the following:
I receive the following output:
Cannot find object or property. 0x80092004 (-2146885628)
I also tried this command
certreq.exe -accept hostname.crt -machine and received the same error.
When I try to import the Certificate using the GUI it works but there is no "private key" found.
The Certificate was issued from Digicert.
Does anyone know how to resolve this so my certificate imports correctly with a private key intact?
Thanks,
Kevin C.Here are the steps as explained by Digicert:
How to Import and Export your SSL Certificate
https://www.digicert.com/import-export-ssl-certificate.htm
Note that I've used Digicert and haven't had a problem with the private key. If the private key's missing, there will be missing functionality. And also note, that Digicert's tech support is free and they are actually pretty good and can help almost immediately
as soon as you call them. They've helped me a number of times.
Give them a call 24/7: 1.801.701.9600
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
Which Server Version for Domain Controller do I Need
Hello
We are currently running two domain controllers with Server 2003 on them. We have a standard TCP/IP star topology networking including web servers, files servers, sql, iis etc.
We are upgrading 5 of our servers to 2012r2 and are using them as "host" servers for upgraded IIS (2012r2) and WebGrabber (2008r2) servers and these servers will be set up as virtual machines (the IIS and web grabbers) on the hosts.
My question is will using Windows Server 2003 domain controllers cause issues in the advanced settings in 2012r2 and Hyper-V? Should we upgrade our Domain Controllers and if so to what version? 2008r2 or 2012r2?
Thanks!
Theresa Greene
Theresa GreeneMy question is will using Windows Server 2003 domain controllers cause issues in the advanced settings in 2012r2 and Hyper-V? Should we upgrade our Domain Controllers and if so to what version? 2008r2 or 2012r2?
At least Windows Server 2012
I highly recommend to upgrade the Domain Controllers to at least Windows Server 2012.
Besides the new functionality described by others in this thread, Windows Server 2012-based Domain Controllers (and beyond) offer virtualization safeguards, building on the VM-GenerationID offered by your new virtualization platform. This functionality helps
to protect your Domain Controllers from USN rollbacks and Lingering Objects. It also unlocks the Domain Controller Cloning functionality, that may help you deploy your five Domain Controllers faster and more streamlined.
More information:
New features in AD DS in Windows Server 2012, Part 12: Virtualization-safe
Active Directory
New features in AD DS in Windows Server 2012, Part 13: Domain Controller
Cloning
Cases where VM-GenerationID doesn’t help make Active Directory virtualization-safe, Part
1
Cases where VM-GenerationID doesn’t help make Active Directory virtualization-safe, Part
2
Getting to Windows Server 2012
In terms of getting your Active Directory to Windows Server 2012, there's good news and slightly bad news. The bad news is you can't in-place upgrade your Domain Controllers to Windows Server 2012. The good news: This makes the transition scenario
more appealing.
Instead of upgrading your Domain Controllers on their physical hardware, and, then, convert them to virtual machines, you can build new virtual Windows Server 2012 Domain Controllers, while your Windows Server 2003 Domain Controllers remain running.
Then, when you're ready to get rid of your Windows Server 2003 Domain Controllers, you simply demote them and remove them from your network. I've written a detailed step-by-step on this:
Transitioning your Windows Server
2003 Domain Controllers to Windows Server 2012 -
Windows Server 2008 - Group policy for domain client to start/stop services installed on it
Hello Experts
I am a newbie to windows server administration , though did a Google , but ended up with these question with my requirements
I have created a new domain and 2 client/computer (A & B namely) to domain . Now A & B has tomcat server running with port 8080 , 9090 which i have installed
domain ADMIN account .
&& now i am want to start/stop/restart services enabled for domain users !! How do i achieve this !!
basic question : How can i access A & B tomcat services on DOMAIN CONTROLLER server to create a GPO and that are on (A & B)
what is the easiest way to achieve the same , (if not using GPO)???
similarly I am looking for many features : where I want to control the permission to user on (A & B ) like : If the binaries of tomcat is available on machine say : A , if the user can install (now
it ask for ADMIN credentials)
Thanks
Mike~EdControlling services with Group Policy is done under Computer Configuration\Policies\Windows Settings\Security Settings\System Services.
The limitation is that system services can only see the services the computer running the Group Policy management console. To access other services, you will either need to create the services on your computer (install the software the adds the service)
or install the remote server administration toolkit (RSAT) on the computer with the service already on it.
If my answer helped you, check out my blog:
Deploy Happiness -
Windows 2012 Getting files ready for installation.....zzzzz
Hi,
I am using a windows 8.1 management workstation to manage my hyper-v 2012 R2 core server via Hyper-V manager.
So I went to create my first Windows 2012 R2 STD with GUI, selected the Dell bootable ISO (6GB) and the installation has started.
I wait 50 minutes and it has only done 33% of the install and it is sitting on "Getting files ready for installation":
Is this normal?
If it were being install on a physcial server I think it would be quicker.
Can anyone explain to me how long this should take?
My hyper-v server core runs on a Dell R720 quad core Intel CPU 2.4GHZ, it has SAS drives.
My management workstation has an I7 2.2Ghz.
Thanks in advance.
Regards
AlfredHi Eric,
thanks for your reply.
As I am writing to you I am making a copy of an exported virtual machine and my windows 8 file explorer is telling my that it is copying it between 16-22 MB per second.
I think it is slow.
Once again here is the config on the PERC H310 controller on the Dell Poweredge R720 server with Hyper-V core 2012 R2:
1 RAID 0 Virtual Disk with 1 x 7200RPM 2TB SAS drive (This is where the Hypervisor is installed)
1 RAID 5 Virtual Disk with 3 x 7200RPM 2TB SAS drives (3.7TB storage used for VMs and VHDs)
I read that the Dell Perc H310 raid controller is sort of OK in a RAID 1 config.
But I also have a RAID 5 config which may suffer performance.
I am coming to the conclusion I should have obtained a Dell Perc H710 raid controller because it has battery backup as well as 512 MB of cache that the H310 does not have.
Thanks.
Regards
Alfred -
Joining Windows 2012 Server to SBS 2011 Domain
Hi All,
I have been trying to get a new Windows 2012 Server to join a SBS 2011 domain. The error message I am getting is:
The following error occurred attempting to join the domain: xxxx. The specified domain does not exist or could not be contacted.
I have a bunch of other Windows 7/XP workstations that have joined successfully. I have also tried disabling TCP/IP v6 on the 2012 server and joining the domain with the netdom command. The SBS 2011 server is listed as the primary DNS server on the 2012
server.
What else can I try here?
Thanks,
DR.I am having the same issue has the OP. I have my DNS settings pointing to the sbs server that hosts the domain and DNS. I am receiving the same error.
Server 2012 R2 Standard
SBS 2011 Essentials
Jerry T -
Windows 2012 server security checklist for corporate company standard/recommended check-list
Hello All,
Good Day.
I am looking for Windows 2012 server security checklist (standard hardening
settings), would you kindly assist me by providing Wintel 2012 standard/recommended check-list ASAP?
Thanks in advance.Hi,
The Microsoft Security Compliance Manager 3.0 tool is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor security baselines for computers running Windows Server 2012 in your environment.
For more detailed information, please refer to the articles below:
Windows Server 2012 Security Baseline
http://technet.microsoft.com/en-us/library/jj898542.aspx
Security Hardening Tips and Recommendations
http://social.technet.microsoft.com/wiki/contents/articles/18931.security-hardening-tips-and-recommendations.aspx
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
SCCM 2012 is not listing the domain controller servers in the "All Systems" collection
How can I change that? Do I need to move the system from the domain controllers group to computers in AD?
If you intend to use client push for domain controllers the client push account must be a domain admin account. I suggest just manually installing the client on the domain controllers instead.
John Marcum | Microsoft MVP - Enterprise Client Management
My blog: System Center Admin | Twitter:
@SCCM_Marcum | Linkedin:
John Marcum -
I have a small computer with just an embedded drive instead of a sata port. It seemed perfect for a small domain controller, since it has 32G's which is more than enough space, and with a gigabit Ethernet, and 1.6Ghz dual core cpu, seemed more than enough
for what I needed.
Windows 2012, or Windows Server Technical Preview, both install fine on it, but when I run dcpromo to create the domain It fails on selecting the location for files. The error is that the path is not a hard drive. The machine only has USB ports so I can't
add a SATA drive just to store these logs/configs, even if I wanted to.
The actual computer I was trying to use: http://www.ecs.com.tw/LIVA/
Thanks for any help.On the Windows Server Technical Preview,
Install-ADDSForest -SkipPreChecks -DomainName DOMAIN.CONTOSO.COM -DomainMode Win2008 -ForestMode Win2008R2 –DatabasePath "C:\Windows\NTDS" –SYSVOLPath "C:\Windows\NTDS" –LogPath "C:\Windows\NTDS\Logs"
gives me the error "No NTFS 5 drives exit." (note exit, not exist)
I'll reinstalling windows 2012 and see if I get a different message there.
This was just a standard install, so the drive is definitely NTFS. -
Domain Controller Authentication Fail Since Upgrade
When I boot my Mac Pro at the office, the network's domain controller prompts me for my domain login. Since upgrading to Yosemite, the domain controller rejects my credentials. However, I can go to "Connect To Server" and browser the entire network despite the domain controller not authenticating me as a user.
To summarize, since switching to Yosemite:
1. Can't login to the network when I submit my credentials
2. Can browse the network without my credentials
My theory is that the only reason #2 works is because #1 is working but Yosemite is just mistakenly telling me I wasn't authenticated.
So what's the problem you may ask if I can browse the network anyway? The problem is that I can't mount any of the network drives to my desktop because Yosemite doesn't think I'm authenticated to do such. If I can solve this authentication problem, then I should get my mounted network drives back.
Thanks in advance.Hi,
TEST: Basic (Basc)
Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
(can be a misconfiguration)
Do you have any NIC conifgured to get dynamic IP on your DC which is having issue? If yes, please disable that NIC. Also, please provide me the result of the below
1) On your DC which is having issue, run "ipconfig /all"
2) Repadmin /showrepl
Thanks,
Umesh.S.K
Thanks, there is only 1 nic card. It is getting a dhcp address because this is an AZURE Hyper-v machine and I have set an IP reservation for it. I have no way to hardcode the IP because it gets shut off/on all the time
C:\Users\Administrator>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\GP2010-A
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 007c755c-f56c-4e51-a211-fd4431f63927
DSA invocationID: 007c755c-f56c-4e51-a211-fd4431f63927 -
Enable the UAC settings for Domain Controller / Member servers and for end user systems
Hi
We are working on hardening the security for all Domain Controllers / Member Servers and end users systems. As part of it we would like to know the best practice for UAC settings for each of these servers. There are 8 settings related to UAC and as of now
we configured just "User Account Control: Behavior of the elevation prompt for standard users" as disabled for the servers OU. Also not sure about other settings and how it affect the normal operations like installing Windows updates / applications
through SCCM or manually on servers or end user systems and other stuffs.
We are looking for experts opinion on this. Thanks in advance
LMSHi LMS,
Would you please let us know the current situation? Just check if Martin’s suggestion was helpful for you.
If any updates, please feel free to let us know.
Just additional. Please refer to the
User Account Control Grouping in the following article. It will provide some links about those different UAC settings. Please click those links and read related articles. In these articles, will provide
Security considerations that may help you to configure those settings.
Security Options
http://technet.microsoft.com/en-us/library/jj852268.aspx
Hope this helps.
Best regards,
Justin Gu -
iTunes wont download to my laptop,its an MSI and has windows 7, its works for everything else. Please help
Do you get an error message when you try to download iTunes? If so, what does it say? (Precise text, please.)
Maybe you are looking for
-
My iPhone 5 will not let me download Apps it keeps saying timed out, why is this?
How come this happens?
-
F.27 account statement clearing column
hi, i do not understand what is this clearing column in the account statement. can anyone explain. does it mean if the document number is shown, it is still open item that yet to be moved to cleared item during the account statement key date? let say
-
11g change an event name on an ADF OperationBinding
Hi, In the main page I have an eventmap where I defined some events with their consumer and producers. Now in a task flow I want to change the event name in a particular situation so it fires a different event in the main page eventmap how can I do t
-
Problem with my Ipod 4...always hanging and not able to surf anything ???what should I do??
-
TS3274 How can I get the volume to work?
We have an iPad but can't get the volume to work?