Looking for help promoting a VM to a domain controller.

[Guest /u/DesignerScientist165]

I've been trying to figure this issue out for a while and can't get a good response from any sort of Microsoft support groups/forums.

 

We had a pre-existing physical server, which was a domain controller (10.0.0.250). I was able to promote a different physical server (10.0.0.241) to a domain controller on my network. 10.0.0.241 is now my only domain controller. It is also our only internal DNS server. Both of these servers are/were Server 2016 standard. 10.0.0.250 is no longer on our network. It seems 10.0.0.241 is working great.

 

I have purchased a new server (Server 2022 standard) and gave it an IP address of 10.0.0.240. I installed Hyper-V on it and created a virtual machine.

 

My virtual machine is also running Server 2022 standard and has an IP address of 10.0.0.242. Whenever I try to promote this server to a domain controller, I receive an error. I will paste this error below. I have reviewed my DNS settings for all of my servers and have made sure they're set to point at 10.0.0.241. I will also attach the logs mentioned in the error message below. I can send the entire adprep log to anyone who needs it and I will provide any other information needed. Note: I tried promoting a physical server (running Server 2022) to a domain controller and faced the same issue.

 

 

Old DC: 10.0.0.250 (Server 2016 standard - No longer on our network)

 

Current DC: 10.0.0.241 (Server 2016 standard) (not a VM)

 

Current hypervisor: 10.0.0.240 (Server 2022 standard) (physical machine)

 

Current VM I am trying to promote to a domain controller: 10.0.0.242 (Server 2022 standard)

 

 

*All server adapters DNS settings set to point at 10.0.0.241

 

*I can ping 10.0.0.241 from 10.0.0.242

 

*I was able to test the NPS role on 10.0.0.242. It worked without issue. It seems like all devices are talking on the network.

 

 

Failure to promote to domain controller error:

 

ADPrep execution failed --> Microsoft.DirectoryServices.Deployment.ADPrepLdapException: No Such Object. Server extended error: 8333. Server extended message: 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:

'DC=contoso,DC=com'

.

Adprep was unable to modify the security descriptor on object CN=Keys,DC=contoso,DC=com.

[status/Consequence]

ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE).

[user Action]

Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20240531093839 directory for more information..

Check the log files in the C:\Windows\debug\adprep\logs\20240531093839 directory for detailed information.

 

 

Here is a small sample of the adprep log:

The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.[2024/05/31:09:38:40.404]Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=c81fc9cc-0130-f4d1-b272-634d74818133,cn=Operations,cn=DomainUpdates,cn=System,DC=contoso,DC=com.[2024/05/31:09:38:40.405]LDAP API ldap_search_s() finished, return code is 0x20 [2024/05/31:09:38:40.405]Adprep verified the state of operation cn=c81fc9cc-0130-f4d1-b272-634d74818133,cn=Operations,cn=DomainUpdates,cn=System,DC=contoso,DC=com. [status/Consequence]The operation has not run or is not currently running. It will be run next.[2024/05/31:09:38:40.405]Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Keys,DC=contoso,DC=com.[2024/05/31:09:38:40.406]LDAP API ldap_search_s() finished, return code is 0x20 [2024/05/31:09:38:40.406]Adprep was unable to modify the security descriptor on object CN=Keys,DC=contoso,DC=com.[status/Consequence]ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE).[user Action]Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20240531093839 directory for more information.[2024/05/31:09:38:40.406]Adprep encountered an LDAP error. Error code: 0x20. Server extended error code: 0x208d, Server error message: 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:'DC=contoso,DC=com' DSID Info:DSID: 0x180e0a0aldap error = 0x20NT BUILD: 20348NT BUILD: 2461

 

I can provide full logs to anyone who is willing to help. Feel free to ask any questions. I appreciate anyone and everyone who can help.

 

submitted by /u/DesignerScientist165

[link] [comments]

 

Continue reading...