Forum Discussion

Karl-WE's avatar
Mar 20, 2024

b26080 - ISSUE - ADPrep for Windows Server 2025 schema fails due signature: error 0x800b010

Windows Server 2022 Datacenter GUI

target OS: Windows Server 2025 Datacenter b26080

 

e:\support\adprep\adprep.exe /forestprep

Executing this as domain\administrator with elevated PowerShell 5.1 shell

user is part of enterprise and schema admin groups

 

I miss to understand why it is failing.


net user administrator

 

Roles

 



 

Upgrading schema to version 91


Verifying file signature
Failed to verify file signature: error 0x800b0109.
ERROR: Import from file E:\support\adprep\sch89.ldf failed. Error file is saved in C:\Windows\debug\adprep\logs\20240320135812\ldif.err.89.

If the error is "Insufficient Rights" (Ldap error code 50), please make sure the specified user has rights to read/write objects in the schema and configuration containers, or log off and log in as an user with these rights and rerun forestprep. In most cases, being a member of both Schema Admins and Enterprise Admins is sufficient to run forestprep.


Adprep was unable to upgrade the schema on the schema master.
[Status/Consequence]
The schema will not be restored to its original state.
[User Action]
Check the Ldif.err log file in the C:\Windows\debug\adprep\logs\20240320135812 directory for detailed information.


Adprep was unable to update forest information.
[Status/Consequence]
Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.
[User Action]
Check the log file, ADPrep.log, in the C:\Windows\debug\adprep\logs\20240320135812 directory for more information.

 

 

  • Karl-WE 

    If you check your ldif.log file, you will find the root cause of your issue. Error says: Failed to verify file signature: error 0x800b0109.

    This is related to the signature on the schupgrade.cat file next to adprep.exe tool. Root CA (Microsoft Development Root Certificate Authority 2014) in that chain is not trusted on your server. If you go through the properties and find the root cert, you can install it in local “Trusted Root Certification Authorities” store, the error goes away - at least it did for me.

     

    Since I was not the only one that stumbled upon this, I decided to write short blog post about it. You can get more info including the base-64 cer for the root CA here: Windows Server 2025 (26080) – ADPrep error 0x800b010a

  • Joze_Markic's avatar
    Joze_Markic
    Copper Contributor

    Karl-WE 

    If you check your ldif.log file, you will find the root cause of your issue. Error says: Failed to verify file signature: error 0x800b0109.

    This is related to the signature on the schupgrade.cat file next to adprep.exe tool. Root CA (Microsoft Development Root Certificate Authority 2014) in that chain is not trusted on your server. If you go through the properties and find the root cert, you can install it in local “Trusted Root Certification Authorities” store, the error goes away - at least it did for me.

     

    Since I was not the only one that stumbled upon this, I decided to write short blog post about it. You can get more info including the base-64 cer for the root CA here: Windows Server 2025 (26080) – ADPrep error 0x800b010a

    • Karl-WE's avatar
      Karl-WE
      MVP

      Wonderful catch Joze_Markic. Appreciate your blogpost on this! Hope that the Microsoft Server team is aware about this regression and can fix it before release.

Resources