Problem with adprep before in place upgrade of domain controller

John Cogan · ‎May 17 2018

I am trying to test an in place upgrade of a Server 2016 domain controller in my lab but I first need to update the AD schema, When I try to run adprep /forestprep from any on the last 3 builds I am getting a failed to verify file signature error on the sch88.ldf file. This is a ceean server 2016 install that only has ADDS and DNS server roles installed.

Anyone else having the same problem?

John Cogan · ‎May 17 2018

John Cogan · ‎May 22 2018

I was able to solve this by adding the root certificate to trusted root authorities. Right click schupgrade.cat (in the support\adprep folder) and click properties then go to the Digital Signatures tab. Click on the only signature listed and hit Details. Then hit View Certificate. Go to the Certification Path tab and hit the top certificate, it should have a red x on it and the status should say something about it not being trusted. Then View Certificate on this top cert, and click Install Certificate. Install to Local Machine, and specify to install into the Trusted Root Certificate Authorities store.

After that the cert should be trusted and adprep should work. If you close all the properties windows and reopen the red x should be gone and the signature valid.

John Cogan · ‎May 22 2018

Thanks Dillon, that worked exactly as you described.

Eoin Colson · ‎May 30 2018

Same issue with adprep /forestprep while preparing for inplace upgrade from 2012 r2 standard. Went the certificate trusted route... says import was successful ...but red "x" remains , even after a restart.

Greg Kamer · ‎May 31 2018

Awesome! Thanks Dillon! Well done!

John Cogan · ‎May 31 2018

When you are importing the certificate, you will see there are more than one in the hierarchy. Make sure you inport the top (root) one since it is required for the cert chain dependencies

Eoin Colson · ‎May 31 2018

Thanks John! I had tried several times, but was likely missing the same step each time. This time I had your earlier post open in a window next my explorer window as I proceeded. Voila!

Lesson learned: If another "insider" has taken the time to document the required steps, I should pay MUCH more attentions to the details.

Again, thanks so much for helping out a newbie (but old person) :)

John Cogan · ‎May 22 2018

I was able to solve this by adding the root certificate to trusted root authorities. Right click schupgrade.cat (in the support\adprep folder) and click properties then go to the Digital Signatures tab. Click on the only signature listed and hit Details. Then hit View Certificate. Go to the Certification Path tab and hit the top certificate, it should have a red x on it and the status should say something about it not being trusted. Then View Certificate on this top cert, and click Install Certificate. Install to Local Machine, and specify to install into the Trusted Root Certificate Authorities store.

After that the cert should be trusted and adprep should work. If you close all the properties windows and reopen the red x should be gone and the signature valid.

View solution in original post

Problem with adprep before in place upgrade of domain controller

Problem with adprep before in place upgrade of domain controller

Re: Problem with adprep before in place upgrade of domain controller

Re: Problem with adprep before in place upgrade of domain controller

Re: Problem with adprep before in place upgrade of domain controller

Re: Problem with adprep before in place upgrade of domain controller

Re: Problem with adprep before in place upgrade of domain controller

Re: Problem with adprep before in place upgrade of domain controller

Re: Problem with adprep before in place upgrade of domain controller

Re: Problem with adprep before in place upgrade of domain controller

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Problem with adprep before in place upgrade of domain controller