May 17 2018 08:10 AM
I am trying to test an in place upgrade of a Server 2016 domain controller in my lab but I first need to update the AD schema, When I try to run adprep /forestprep from any on the last 3 builds I am getting a failed to verify file signature error on the sch88.ldf file. This is a ceean server 2016 install that only has ADDS and DNS server roles installed.
Anyone else having the same problem?
May 22 2018 10:24 PM - edited May 22 2018 10:26 PM
SolutionI was able to solve this by adding the root certificate to trusted root authorities. Right click schupgrade.cat (in the support\adprep folder) and click properties then go to the Digital Signatures tab. Click on the only signature listed and hit Details. Then hit View Certificate. Go to the Certification Path tab and hit the top certificate, it should have a red x on it and the status should say something about it not being trusted. Then View Certificate on this top cert, and click Install Certificate. Install to Local Machine, and specify to install into the Trusted Root Certificate Authorities store.
After that the cert should be trusted and adprep should work. If you close all the properties windows and reopen the red x should be gone and the signature valid.
May 22 2018 11:52 PM
Thanks Dillon, that worked exactly as you described.
May 30 2018 04:12 PM
Same issue with adprep /forestprep while preparing for inplace upgrade from 2012 r2 standard. Went the certificate trusted route... says import was successful ...but red "x" remains , even after a restart.
May 31 2018 08:34 AM
Awesome! Thanks Dillon! Well done!
May 31 2018 09:16 AM
When you are importing the certificate, you will see there are more than one in the hierarchy. Make sure you inport the top (root) one since it is required for the cert chain dependencies
May 31 2018 04:25 PM
Thanks John! I had tried several times, but was likely missing the same step each time. This time I had your earlier post open in a window next my explorer window as I proceeded. Voila!
Lesson learned: If another "insider" has taken the time to document the required steps, I should pay MUCH more attentions to the details.
Again, thanks so much for helping out a newbie (but old person) 🙂
Apr 16 2024 07:08 PM
May 22 2018 10:24 PM - edited May 22 2018 10:26 PM
SolutionI was able to solve this by adding the root certificate to trusted root authorities. Right click schupgrade.cat (in the support\adprep folder) and click properties then go to the Digital Signatures tab. Click on the only signature listed and hit Details. Then hit View Certificate. Go to the Certification Path tab and hit the top certificate, it should have a red x on it and the status should say something about it not being trusted. Then View Certificate on this top cert, and click Install Certificate. Install to Local Machine, and specify to install into the Trusted Root Certificate Authorities store.
After that the cert should be trusted and adprep should work. If you close all the properties windows and reopen the red x should be gone and the signature valid.