Unable to promote virtual machine to domain controller

Copper Contributor

Hello,

 

We had a pre-existing physical server, which was a domain controller (10.0.0.250). I was able to promote a different physical server (10.0.0.241) to a domain controller on my network. 10.0.0.241 is now my only domain controller. It is also our only DNS server. Both of these servers are/were Server 2016 standard. 10.0.0.250 is no longer on our network. It seems 10.0.0.241 is working great.

 

I have purchased a new server (Server 2022 standard) and gave it an IP address of 10.0.0.240. I installed Hyper-V on it and created a virtual machine.

My virtual machine is also running Server 2022 standard and has an IP address of 10.0.0.242. Whenever I try to promote this server to a domain controller, I receive an error. I will paste this error below. It seems like I only receive this error on my virtual machine. I have reviewed my DNS settings for all of my servers and have made sure they're set to point at 10.0.0.241. I will also attach the logs mentioned in the error message below. I can send the entire adprep log to anyone who needs it and I will provide any other information needed.

 

Old DC: 10.0.0.250 (Server 2016 standard - No longer on our network)

Current DC: 10.0.0.241 (Server 2016 standard)

Current hypervisor: 10.0.0.240 (Server 2022 standard)

Current VM I am trying to promote to a domain controller: 10.0.0.242 (Server 2022 standard)

 

*All server adapters DNS settings set to point at 10.0.0.241

*I can ping 10.0.0.241 from 10.0.0.242

*I was able to test the NPS role on 10.0.0.242. It worked without issue. It seems like all devices are talking on the network.

 

Failure to promote to domain controller error:

 

ADPrep execution failed --> Microsoft.DirectoryServices.Deployment.ADPrepLdapException: No Such Object. Server extended error: 8333. Server extended message: 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=contoso,DC=com'
.
Adprep was unable to modify the security descriptor on object CN=Keys,DC=contoso,DC=com.
[Status/Consequence]
ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE).
[User Action]
Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20240531093839 directory for more information..
Check the log files in the C:\Windows\debug\adprep\logs\20240531093839 directory for detailed information.

 

Here is a small sample of the adprep log:

 

The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.
[2024/05/31:09:38:40.404]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=c81fc9cc-0130-f4d1-b272-634d74818133,cn=Operations,cn=DomainUpdates,cn=System,DC=contoso,DC=com.
[2024/05/31:09:38:40.405]
LDAP API ldap_search_s() finished, return code is 0x20 
[2024/05/31:09:38:40.405]
Adprep verified the state of operation cn=c81fc9cc-0130-f4d1-b272-634d74818133,cn=Operations,cn=DomainUpdates,cn=System,DC=contoso,DC=com. 
[Status/Consequence]
The operation has not run or is not currently running. It will be run next.
[2024/05/31:09:38:40.405]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Keys,DC=contoso,DC=com.
[2024/05/31:09:38:40.406]
LDAP API ldap_search_s() finished, return code is 0x20 
[2024/05/31:09:38:40.406]
Adprep was unable to modify the security descriptor on object CN=Keys,DC=contoso,DC=com.
[Status/Consequence]
ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE).
[User Action]
Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20240531093839 directory for more information.
[2024/05/31:09:38:40.406]
Adprep encountered an LDAP error. 
Error code: 0x20. Server extended error code: 0x208d, Server error message: 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=contoso,DC=com'
 
 
 
DSID Info:
DSID: 0x180e0a0a
ldap error = 0x20
NT BUILD: 20348
NT BUILD: 2461
0 Replies