A few more things to look at:
1. Make sure the existing DC is in the Domain Controllers OU.
2. check to make sure that you are not crossing arouter with an MTU packet
size of less than 1500
3.On the domain controllers, look at the files below and verify that they
are not set
to Read Only. If they are, remove the Read Only check mark from the
properties of
that object.
C:\WINNT\Security\Templates\Policies\gptXXXXX.dom
C:\WINNT\Security\Templates\Policies\gptXXXX1.inf
C:\WINNT\Security\Templates\Policies\tmpgptfl.inf
Having these files as Read-Only, or with too restrictive NTFS permissions,
can
prevent the Security Client-side extension (SceCli) from doing it's job in
applying
the security settings to the server.
4. Make sure you DC is not multi-homed and both NICS are being registered
in DNS
5. Configure Domain Controllers Group Policy
Computer Configuration \ Windows Settings \ Security Settings \ Local
Policies \
User Rights Assignment \ Enable computer and user accounts to be trusted
for
delegation.
Change policy setting to give right to administrators, run secedit to apply
policy.
(e-mail address removed)
This posting is provided "AS IS"
with no warranties, and confers no rights
--------------------
| Thread-Topic: Can not create addition domain controller
| thread-index: AcR6ekRa6CUKLv/tSbS0z/ldYvW/7w==
| X-WBNR-Posting-Host: 216.231.28.132
| From: =?Utf-8?B?TmV3Ymll?= <
[email protected]>
| References: <
[email protected]>
<
[email protected]>
| Subject: RE: Can not create addition domain controller
| Date: Wed, 4 Aug 2004 16:25:02 -0700
| Lines: 29
| Message-ID: <
[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:83395
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Thanks
|
| but 250874 can not solve my problem
|
|
|
| "Alex Martinez" wrote:
|
| > Hi,
| > I just ran into this problem myself. Check out knowledge
| > base article 250874.
| >
| > Good Luck...!
| > >-----Original Message-----
| > >Hello,
| > >
| > >When I tried to create new addition domain controller, I
| > always get the
| > >following message:
| > >
| > >The operation failed because: Failed to modify the
| > necessary properties for
| > >the machine account %computername%$ "Access Denied".
| > >
| > >
| > >Thanks
| > >.
| > >
| >
|
