G
Guest
I've been trying to fix this problem for almost two weeks
now and I decided to post it here.
I'm trying to add a DC in my existing AD W2k Advanced,
Native mode in a child domain modeL and i'm getting this
error whenever I'm running DCpromo!
"Failed to modify the properties of the computer account
mydc$ "Access is denied."
I have done the following to find a solution:
-I went to all my event viewer for all my three existing
DCs to look for any error None..
-I ensure that all my GPO are fine! All Policies are
applying no problme! and replicating!, check my DNS all
correct with all srv etc etc.
-I tried the following workarounds from MS ; restart all
my DCs but no luck after performing these KBID from MS
http://support.microsoft.com/?kbid=232070 and
http://support.microsoft.com/?kbid=250874
-I tried to rename the machine, put it into workgroup and
then rejoin in the domain using DCPROMO again, same!
-I verified my GPO are all replicating and double check my
DNS, FSMOholders, AD health using DCdiag.. all working
fine. but same problem.
-I rebuild the server come up with new name, Sp4, run a
diagnostics etc etc.I run DCPromo again same problem!
What are the cause for this?, Any workaround?
IT HAS SOMEHTING TO DO WITH CREDENTIALS BUT WHERE? MY
ADMINISTRATOR ACCOUNT IS ALREADY TRUSTED FOR DELEGATION!
WHERE IS THE PROBLEM?!!!!!!!!!!
I still have a trust still exist between my legacy
Domain Nt4 and my AD as I'm still doing migration. I
noticed that when when I set the trust and migration some
default policies are changed. But still the rights I
needed for delegation is still there. Any idea guys.
Appreciate your help since I have done everything to fix
this problem but no luck!
Part of the meessage that I copied from
WINNT\DEBUG\dcpromo.log is below
04/05 15:10:05 [INFO] Forcing time sync
04/05 15:10:05 [INFO] Forcing a time synch with \\xyz-
dc1.xyz.do.u.org
04/05 15:10:05 [INFO] Setting machine account to be DC
04/05 15:10:05 [INFO] Configuring the server account
04/05 15:10:05 [INFO] Searching for the machine account
for xyz-DC$ on \\xyzk-dc1.xyz.do.u.org...
04/05 15:10:05 [INFO] Configuring the server account
04/05 15:10:05 [INFO] NtdsSetReplicaMachineAccount
returned 5
04/05 15:10:05 [INFO] DsRolepSetMachineAccountType
returned 5
04/05 15:10:05 [INFO] Error - Failed to modify the
necessary properties for the machine account myDC$
More power guys!!
now and I decided to post it here.
I'm trying to add a DC in my existing AD W2k Advanced,
Native mode in a child domain modeL and i'm getting this
error whenever I'm running DCpromo!
"Failed to modify the properties of the computer account
mydc$ "Access is denied."
I have done the following to find a solution:
-I went to all my event viewer for all my three existing
DCs to look for any error None..
-I ensure that all my GPO are fine! All Policies are
applying no problme! and replicating!, check my DNS all
correct with all srv etc etc.
-I tried the following workarounds from MS ; restart all
my DCs but no luck after performing these KBID from MS
http://support.microsoft.com/?kbid=232070 and
http://support.microsoft.com/?kbid=250874
-I tried to rename the machine, put it into workgroup and
then rejoin in the domain using DCPROMO again, same!
-I verified my GPO are all replicating and double check my
DNS, FSMOholders, AD health using DCdiag.. all working
fine. but same problem.
-I rebuild the server come up with new name, Sp4, run a
diagnostics etc etc.I run DCPromo again same problem!
What are the cause for this?, Any workaround?
IT HAS SOMEHTING TO DO WITH CREDENTIALS BUT WHERE? MY
ADMINISTRATOR ACCOUNT IS ALREADY TRUSTED FOR DELEGATION!
WHERE IS THE PROBLEM?!!!!!!!!!!
I still have a trust still exist between my legacy
Domain Nt4 and my AD as I'm still doing migration. I
noticed that when when I set the trust and migration some
default policies are changed. But still the rights I
needed for delegation is still there. Any idea guys.
Appreciate your help since I have done everything to fix
this problem but no luck!
Part of the meessage that I copied from
WINNT\DEBUG\dcpromo.log is below
04/05 15:10:05 [INFO] Forcing time sync
04/05 15:10:05 [INFO] Forcing a time synch with \\xyz-
dc1.xyz.do.u.org
04/05 15:10:05 [INFO] Setting machine account to be DC
04/05 15:10:05 [INFO] Configuring the server account
04/05 15:10:05 [INFO] Searching for the machine account
for xyz-DC$ on \\xyzk-dc1.xyz.do.u.org...
04/05 15:10:05 [INFO] Configuring the server account
04/05 15:10:05 [INFO] NtdsSetReplicaMachineAccount
returned 5
04/05 15:10:05 [INFO] DsRolepSetMachineAccountType
returned 5
04/05 15:10:05 [INFO] Error - Failed to modify the
necessary properties for the machine account myDC$
More power guys!!