Unable to promote virtual machine to domain controller

Hello,

We had a pre-existing physical server, which was a domain controller (10.0.0.250). I was able to promote a different physical server (10.0.0.241) to a domain controller on my network. 10.0.0.241 is now my only domain controller. It is also our only DNS server. Both of these servers are/were Server 2016 standard. 10.0.0.250 is no longer on our network. It seems 10.0.0.241 is working great.

I have purchased a new server (Server 2022 standard) and gave it an IP address of 10.0.0.240. I installed Hyper-V on it and created a virtual machine.

My virtual machine is also running Server 2022 standard and has an IP address of 10.0.0.242. Whenever I try to promote this server to a domain controller, I receive an error. I will paste this error below. It seems like I only receive this error on my virtual machine. I have reviewed my DNS settings for all of my servers and have made sure they’re set to point at 10.0.0.241. I will also attach the logs mentioned in the error message below. I can send the entire adprep log to anyone who needs it and I will provide any other information needed.

Old DC: 10.0.0.250 (Server 2016 standard – No longer on our network)

Current DC: 10.0.0.241 (Server 2016 standard)

Current hypervisor: 10.0.0.240 (Server 2022 standard)

Current VM I am trying to promote to a domain controller: 10.0.0.242 (Server 2022 standard)

*All server adapters DNS settings set to point at 10.0.0.241

*I can ping 10.0.0.241 from 10.0.0.242

*I was able to test the NPS role on 10.0.0.242. It worked without issue. It seems like all devices are talking on the network.

Failure to promote to domain controller error:

ADPrep execution failed –> Microsoft.DirectoryServices.Deployment.ADPrepLdapException: No Such Object. Server extended error: 8333. Server extended message: 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:
‘DC=contoso,DC=com’
.
Adprep was unable to modify the security descriptor on object CN=Keys,DC=contoso,DC=com.
[Status/Consequence]
ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE).
[User Action]
Check the log file ADPrep.log in the C:Windowsdebugadpreplogs20240531093839 directory for more information..
Check the log files in the C:Windowsdebugadpreplogs20240531093839 directory for detailed information.

Here is a small sample of the adprep log:

The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.

[2024/05/31:09:38:40.404]

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=c81fc9cc-0130-f4d1-b272-634d74818133,cn=Operations,cn=DomainUpdates,cn=System,DC=contoso,DC=com.

[2024/05/31:09:38:40.405]

LDAP API ldap_search_s() finished, return code is 0x20

[2024/05/31:09:38:40.405]

Adprep verified the state of operation cn=c81fc9cc-0130-f4d1-b272-634d74818133,cn=Operations,cn=DomainUpdates,cn=System,DC=contoso,DC=com.

[Status/Consequence]

The operation has not run or is not currently running. It will be run next.

[2024/05/31:09:38:40.405]

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Keys,DC=contoso,DC=com.

[2024/05/31:09:38:40.406]

LDAP API ldap_search_s() finished, return code is 0x20

[2024/05/31:09:38:40.406]

Adprep was unable to modify the security descriptor on object CN=Keys,DC=contoso,DC=com.

[Status/Consequence]

ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE).

[User Action]

Check the log file ADPrep.log in the C:Windowsdebugadpreplogs20240531093839 directory for more information.

[2024/05/31:09:38:40.406]

Adprep encountered an LDAP error.

Error code: 0x20. Server extended error code: 0x208d, Server error message: 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:

‘DC=contoso,DC=com’

DSID Info:

DSID: 0x180e0a0a

ldap error = 0x20

NT BUILD: 20348

NT BUILD: 2461

Hello, We had a pre-existing physical server, which was a domain controller (10.0.0.250). I was able to promote a different physical server (10.0.0.241) to a domain controller on my network. 10.0.0.241 is now my only domain controller. It is also our only DNS server. Both of these servers are/were Server 2016 standard. 10.0.0.250 is no longer on our network. It seems 10.0.0.241 is working great. I have purchased a new server (Server 2022 standard) and gave it an IP address of 10.0.0.240. I installed Hyper-V on it and created a virtual machine.My virtual machine is also running Server 2022 standard and has an IP address of 10.0.0.242. Whenever I try to promote this server to a domain controller, I receive an error. I will paste this error below. It seems like I only receive this error on my virtual machine. I have reviewed my DNS settings for all of my servers and have made sure they’re set to point at 10.0.0.241. I will also attach the logs mentioned in the error message below. I can send the entire adprep log to anyone who needs it and I will provide any other information needed. Old DC: 10.0.0.250 (Server 2016 standard – No longer on our network)Current DC: 10.0.0.241 (Server 2016 standard)Current hypervisor: 10.0.0.240 (Server 2022 standard)Current VM I am trying to promote to a domain controller: 10.0.0.242 (Server 2022 standard) *All server adapters DNS settings set to point at 10.0.0.241*I can ping 10.0.0.241 from 10.0.0.242*I was able to test the NPS role on 10.0.0.242. It worked without issue. It seems like all devices are talking on the network. Failure to promote to domain controller error: ADPrep execution failed –> Microsoft.DirectoryServices.Deployment.ADPrepLdapException: No Such Object. Server extended error: 8333. Server extended message: 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:’DC=contoso,DC=com’.Adprep was unable to modify the security descriptor on object CN=Keys,DC=contoso,DC=com.[Status/Consequence]ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE).[User Action]Check the log file ADPrep.log in the C:Windowsdebugadpreplogs20240531093839 directory for more information..Check the log files in the C:Windowsdebugadpreplogs20240531093839 directory for detailed information. Here is a small sample of the adprep log: The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing.[2024/05/31:09:38:40.404]Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=c81fc9cc-0130-f4d1-b272-634d74818133,cn=Operations,cn=DomainUpdates,cn=System,DC=contoso,DC=com.[2024/05/31:09:38:40.405]LDAP API ldap_search_s() finished, return code is 0x20 [2024/05/31:09:38:40.405]Adprep verified the state of operation cn=c81fc9cc-0130-f4d1-b272-634d74818133,cn=Operations,cn=DomainUpdates,cn=System,DC=contoso,DC=com. [Status/Consequence]The operation has not run or is not currently running. It will be run next.[2024/05/31:09:38:40.405]Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Keys,DC=contoso,DC=com.[2024/05/31:09:38:40.406]LDAP API ldap_search_s() finished, return code is 0x20 [2024/05/31:09:38:40.406]Adprep was unable to modify the security descriptor on object CN=Keys,DC=contoso,DC=com.[Status/Consequence]ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE).[User Action]Check the log file ADPrep.log in the C:Windowsdebugadpreplogs20240531093839 directory for more information.[2024/05/31:09:38:40.406]Adprep encountered an LDAP error. Error code: 0x20. Server extended error code: 0x208d, Server error message: 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:’DC=contoso,DC=com’ DSID Info:DSID: 0x180e0a0aldap error = 0x20NT BUILD: 20348NT BUILD: 2461 Read More

Cart

Cart