|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
adprep.exe /forestprep R2 on 2003 domain failscontroller is being setup that runs Windows Server 2003 R2. I attempted to add the R2 server as a domain controller and got the error leading me to run adprep.exe on the domain. \CMPNENTS\R2\ADPREP\adprep.exe /forestprep Everything seemed to go okay when I ran this on the current 2003 domain controller. When I check: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters the value on the System Schema Version is still 30, not 31 like it should be. Checking the error logs I noticed this two seconds after I ran the adprep: --------------------------------------------------------------ERROR START Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller. Domain controller: 6004e163-0d4e-47bb-a43f-4d527ed54291._msdcs.bnpmedia.com The call was denied. Communication with this domain controller might be affected. Additional Data Error value: 8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute. --------------------------------------------------------------ERROR END I checked in DNS for the 6004e163-0d4e-47bb-a43f-4d527ed54291 entry but I don't see it. We had a domain controller die in the past and had to do some ugly seizing the role stuff. Is this related? Any thoughts on why the active directory didn't upgrade to the R2 version? Hi
You need to run the forestprep switch in Schema master. You need to have Enterpise/Schema admin credentials to run the forestprep switch -- Show quoteHide quoteI hope that the information above helps you Good Luck Jorge Silva MCSA Systems Administrator "Hiro" <H***@discussions.microsoft.com> wrote in message news:A1531DC1-24A1-46E8-928F-F93312E6602E@microsoft.com... > We have two Windows Server 2003 domain controllers. An additional domain > controller is being setup that runs Windows Server 2003 R2. > > I attempted to add the R2 server as a domain controller and got the error > leading me to run adprep.exe on the domain. > > \CMPNENTS\R2\ADPREP\adprep.exe /forestprep > > Everything seemed to go okay when I ran this on the current 2003 domain > controller. > > When I check: > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters the > value on the System Schema Version is still 30, not 31 like it should be. > > Checking the error logs I noticed this two seconds after I ran the adprep: > --------------------------------------------------------------ERROR START > Active Directory failed to construct a mutual authentication service > principal name (SPN) for the following domain controller. > > Domain controller: > 6004e163-0d4e-47bb-a43f-4d527ed54291._msdcs.bnpmedia.com > > The call was denied. Communication with this domain controller might be > affected. > > Additional Data > Error value: > 8589 The DS cannot derive a service principal name (SPN) with which to > mutually authenticate the target server because the corresponding server > object in the local DS database has no serverReference attribute. > --------------------------------------------------------------ERROR END > > I checked in DNS for the 6004e163-0d4e-47bb-a43f-4d527ed54291 entry but I > don't see it. > > We had a domain controller die in the past and had to do some ugly seizing > the role stuff. Is this related? > > Any thoughts on why the active directory didn't upgrade to the R2 version? > Just a couple of questions about this whole process.
1) Can you run during the day without disturbing any users? 2) I assume you run on one of your current domain controllers? 3) Does this require a reboot of any of your domain controllers? I have two domain controllers Windows 2003 Standard and would like to add a third running Windows 2003 RS Standard. I would like to run it during business hours but don't want to affect business. Thanks for any responses. BPG Admin Show quoteHide quote "Jorge Silva" wrote: > Hi > > You need to run the forestprep switch in Schema master. You need to have > Enterpise/Schema admin credentials to run the forestprep switch > > -- > I hope that the information above helps you > > Good Luck > Jorge Silva > MCSA > Systems Administrator > > "Hiro" <H***@discussions.microsoft.com> wrote in message > news:A1531DC1-24A1-46E8-928F-F93312E6602E@microsoft.com... > > We have two Windows Server 2003 domain controllers. An additional domain > > controller is being setup that runs Windows Server 2003 R2. > > > > I attempted to add the R2 server as a domain controller and got the error > > leading me to run adprep.exe on the domain. > > > > \CMPNENTS\R2\ADPREP\adprep.exe /forestprep > > > > Everything seemed to go okay when I ran this on the current 2003 domain > > controller. > > > > When I check: > > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters the > > value on the System Schema Version is still 30, not 31 like it should be. > > > > Checking the error logs I noticed this two seconds after I ran the adprep: > > --------------------------------------------------------------ERROR START > > Active Directory failed to construct a mutual authentication service > > principal name (SPN) for the following domain controller. > > > > Domain controller: > > 6004e163-0d4e-47bb-a43f-4d527ed54291._msdcs.bnpmedia.com > > > > The call was denied. Communication with this domain controller might be > > affected. > > > > Additional Data > > Error value: > > 8589 The DS cannot derive a service principal name (SPN) with which to > > mutually authenticate the target server because the corresponding server > > object in the local DS database has no serverReference attribute. > > --------------------------------------------------------------ERROR END > > > > I checked in DNS for the 6004e163-0d4e-47bb-a43f-4d527ed54291 entry but I > > don't see it. > > > > We had a domain controller die in the past and had to do some ugly seizing > > the role stuff. Is this related? > > > > Any thoughts on why the active directory didn't upgrade to the R2 version? > > > > > Hi
> 1) Can you run during the day without disturbing any users? Not recommended, but you can.> 2) I assume you run on one of your current domain controllers? you need to run /forestprep swich on Schema master.Show quoteHide quote > 3) Does this require a reboot of any of your domain controllers? No. -- Show quoteHide quoteI hope that the information above helps you Good Luck Jorge Silva MCSA Systems Administrator "BPG Admin" <BPGAd***@discussions.microsoft.com> wrote in message news:BBF6A101-323F-4321-A079-2A71BD8CA43B@microsoft.com... > Just a couple of questions about this whole process. > > 1) Can you run during the day without disturbing any users? > 2) I assume you run on one of your current domain controllers? > 3) Does this require a reboot of any of your domain controllers? > > I have two domain controllers Windows 2003 Standard and would like to add > a > third running Windows 2003 RS Standard. > > I would like to run it during business hours but don't want to affect > business. > > Thanks for any responses. > > BPG Admin > > "Jorge Silva" wrote: > >> Hi >> >> You need to run the forestprep switch in Schema master. You need to have >> Enterpise/Schema admin credentials to run the forestprep switch >> >> -- >> I hope that the information above helps you >> >> Good Luck >> Jorge Silva >> MCSA >> Systems Administrator >> >> "Hiro" <H***@discussions.microsoft.com> wrote in message >> news:A1531DC1-24A1-46E8-928F-F93312E6602E@microsoft.com... >> > We have two Windows Server 2003 domain controllers. An additional >> > domain >> > controller is being setup that runs Windows Server 2003 R2. >> > >> > I attempted to add the R2 server as a domain controller and got the >> > error >> > leading me to run adprep.exe on the domain. >> > >> > \CMPNENTS\R2\ADPREP\adprep.exe /forestprep >> > >> > Everything seemed to go okay when I ran this on the current 2003 domain >> > controller. >> > >> > When I check: >> > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters >> > the >> > value on the System Schema Version is still 30, not 31 like it should >> > be. >> > >> > Checking the error logs I noticed this two seconds after I ran the >> > adprep: >> > --------------------------------------------------------------ERROR >> > START >> > Active Directory failed to construct a mutual authentication service >> > principal name (SPN) for the following domain controller. >> > >> > Domain controller: >> > 6004e163-0d4e-47bb-a43f-4d527ed54291._msdcs.bnpmedia.com >> > >> > The call was denied. Communication with this domain controller might be >> > affected. >> > >> > Additional Data >> > Error value: >> > 8589 The DS cannot derive a service principal name (SPN) with which to >> > mutually authenticate the target server because the corresponding >> > server >> > object in the local DS database has no serverReference attribute. >> > --------------------------------------------------------------ERROR END >> > >> > I checked in DNS for the 6004e163-0d4e-47bb-a43f-4d527ed54291 entry but >> > I >> > don't see it. >> > >> > We had a domain controller die in the past and had to do some ugly >> > seizing >> > the role stuff. Is this related? >> > >> > Any thoughts on why the active directory didn't upgrade to the R2 >> > version? >> > >> >> >> I added the Enterprise Admin and Schema Admin groups to the membership. I
also ran dsquery server -hasfsmo schema from the command line on the domain controller I'm trying to update. It returned the server that I am trying to do the adprep on. When I login with my account and run the adprep.exe /forestprep I get the prompt to hit C and then enter. I do this and the screen disappears but nothing else happens. When I check the registry key it's still at 30 and not 31 (R2). Show quoteHide quote "Jorge Silva" wrote: > Hi > > You need to run the forestprep switch in Schema master. You need to have > Enterpise/Schema admin credentials to run the forestprep switch > > -- > I hope that the information above helps you > > Good Luck > Jorge Silva > MCSA > Systems Administrator > > "Hiro" <H***@discussions.microsoft.com> wrote in message > news:A1531DC1-24A1-46E8-928F-F93312E6602E@microsoft.com... > > We have two Windows Server 2003 domain controllers. An additional domain > > controller is being setup that runs Windows Server 2003 R2. > > > > I attempted to add the R2 server as a domain controller and got the error > > leading me to run adprep.exe on the domain. > > > > \CMPNENTS\R2\ADPREP\adprep.exe /forestprep > > > > Everything seemed to go okay when I ran this on the current 2003 domain > > controller. > > > > When I check: > > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters the > > value on the System Schema Version is still 30, not 31 like it should be. > > > > Checking the error logs I noticed this two seconds after I ran the adprep: > > --------------------------------------------------------------ERROR START > > Active Directory failed to construct a mutual authentication service > > principal name (SPN) for the following domain controller. > > > > Domain controller: > > 6004e163-0d4e-47bb-a43f-4d527ed54291._msdcs.bnpmedia.com > > > > The call was denied. Communication with this domain controller might be > > affected. > > > > Additional Data > > Error value: > > 8589 The DS cannot derive a service principal name (SPN) with which to > > mutually authenticate the target server because the corresponding server > > object in the local DS database has no serverReference attribute. > > --------------------------------------------------------------ERROR END > > > > I checked in DNS for the 6004e163-0d4e-47bb-a43f-4d527ed54291 entry but I > > don't see it. > > > > We had a domain controller die in the past and had to do some ugly seizing > > the role stuff. Is this related? > > > > Any thoughts on why the active directory didn't upgrade to the R2 version? > > > > > Hi
What value do you get when you type on command prompt: schupgr -- Show quoteHide quoteI hope that the information above helps you Good Luck Jorge Silva MCSA Systems Administrator "Hiro" <H***@discussions.microsoft.com> wrote in message news:5E0053DA-6CF5-4C1E-ACFE-6ED7C39C7AC0@microsoft.com... >I added the Enterprise Admin and Schema Admin groups to the membership. I > also ran dsquery server -hasfsmo schema from the command line on the > domain > controller I'm trying to update. It returned the server that I am trying > to > do the adprep on. > > When I login with my account and run the adprep.exe /forestprep I get the > prompt to hit C and then enter. I do this and the screen disappears but > nothing else happens. When I check the registry key it's still at 30 and > not > 31 (R2). > > > "Jorge Silva" wrote: > >> Hi >> >> You need to run the forestprep switch in Schema master. You need to have >> Enterpise/Schema admin credentials to run the forestprep switch >> >> -- >> I hope that the information above helps you >> >> Good Luck >> Jorge Silva >> MCSA >> Systems Administrator >> >> "Hiro" <H***@discussions.microsoft.com> wrote in message >> news:A1531DC1-24A1-46E8-928F-F93312E6602E@microsoft.com... >> > We have two Windows Server 2003 domain controllers. An additional >> > domain >> > controller is being setup that runs Windows Server 2003 R2. >> > >> > I attempted to add the R2 server as a domain controller and got the >> > error >> > leading me to run adprep.exe on the domain. >> > >> > \CMPNENTS\R2\ADPREP\adprep.exe /forestprep >> > >> > Everything seemed to go okay when I ran this on the current 2003 domain >> > controller. >> > >> > When I check: >> > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters >> > the >> > value on the System Schema Version is still 30, not 31 like it should >> > be. >> > >> > Checking the error logs I noticed this two seconds after I ran the >> > adprep: >> > --------------------------------------------------------------ERROR >> > START >> > Active Directory failed to construct a mutual authentication service >> > principal name (SPN) for the following domain controller. >> > >> > Domain controller: >> > 6004e163-0d4e-47bb-a43f-4d527ed54291._msdcs.bnpmedia.com >> > >> > The call was denied. Communication with this domain controller might be >> > affected. >> > >> > Additional Data >> > Error value: >> > 8589 The DS cannot derive a service principal name (SPN) with which to >> > mutually authenticate the target server because the corresponding >> > server >> > object in the local DS database has no serverReference attribute. >> > --------------------------------------------------------------ERROR END >> > >> > I checked in DNS for the 6004e163-0d4e-47bb-a43f-4d527ed54291 entry but >> > I >> > don't see it. >> > >> > We had a domain controller die in the past and had to do some ugly >> > seizing >> > the role stuff. Is this related? >> > >> > Any thoughts on why the active directory didn't upgrade to the R2 >> > version? >> > >> >> >> C:\>schupgr
Opened Connection to *omit* SSPI Bind succeeded Current Schema Version is 31 Upgrading schema to version 31 The schema has already been upgraded. Rerun setup to upgrade this DC. That makes me think it's upgraded but the registry entry still says "System Schema Version" 30 Show quoteHide quote "Jorge Silva" wrote: > Hi > > What value do you get when you type on command prompt: > > schupgr > > -- > I hope that the information above helps you > > Good Luck > Jorge Silva > MCSA > Systems Administrator > > "Hiro" <H***@discussions.microsoft.com> wrote in message > news:5E0053DA-6CF5-4C1E-ACFE-6ED7C39C7AC0@microsoft.com... > >I added the Enterprise Admin and Schema Admin groups to the membership. I > > also ran dsquery server -hasfsmo schema from the command line on the > > domain > > controller I'm trying to update. It returned the server that I am trying > > to > > do the adprep on. > > > > When I login with my account and run the adprep.exe /forestprep I get the > > prompt to hit C and then enter. I do this and the screen disappears but > > nothing else happens. When I check the registry key it's still at 30 and > > not > > 31 (R2). > > > > > > "Jorge Silva" wrote: > > > >> Hi > >> > >> You need to run the forestprep switch in Schema master. You need to have > >> Enterpise/Schema admin credentials to run the forestprep switch > >> > >> -- > >> I hope that the information above helps you > >> > >> Good Luck > >> Jorge Silva > >> MCSA > >> Systems Administrator > >> > >> "Hiro" <H***@discussions.microsoft.com> wrote in message > >> news:A1531DC1-24A1-46E8-928F-F93312E6602E@microsoft.com... > >> > We have two Windows Server 2003 domain controllers. An additional > >> > domain > >> > controller is being setup that runs Windows Server 2003 R2. > >> > > >> > I attempted to add the R2 server as a domain controller and got the > >> > error > >> > leading me to run adprep.exe on the domain. > >> > > >> > \CMPNENTS\R2\ADPREP\adprep.exe /forestprep > >> > > >> > Everything seemed to go okay when I ran this on the current 2003 domain > >> > controller. > >> > > >> > When I check: > >> > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters > >> > the > >> > value on the System Schema Version is still 30, not 31 like it should > >> > be. > >> > > >> > Checking the error logs I noticed this two seconds after I ran the > >> > adprep: > >> > --------------------------------------------------------------ERROR > >> > START > >> > Active Directory failed to construct a mutual authentication service > >> > principal name (SPN) for the following domain controller. > >> > > >> > Domain controller: > >> > 6004e163-0d4e-47bb-a43f-4d527ed54291._msdcs.bnpmedia.com > >> > > >> > The call was denied. Communication with this domain controller might be > >> > affected. > >> > > >> > Additional Data > >> > Error value: > >> > 8589 The DS cannot derive a service principal name (SPN) with which to > >> > mutually authenticate the target server because the corresponding > >> > server > >> > object in the local DS database has no serverReference attribute. > >> > --------------------------------------------------------------ERROR END > >> > > >> > I checked in DNS for the 6004e163-0d4e-47bb-a43f-4d527ed54291 entry but > >> > I > >> > don't see it. > >> > > >> > We had a domain controller die in the past and had to do some ugly > >> > seizing > >> > the role stuff. Is this related? > >> > > >> > Any thoughts on why the active directory didn't upgrade to the R2 > >> > version? > >> > > >> > >> > >> > > > I successfully install Active Directory on the R2 machine. Not sure why the
registry key never changed. Brian Show quoteHide quote "Hiro" wrote: > C:\>schupgr > > Opened Connection to *omit* > SSPI Bind succeeded > Current Schema Version is 31 > Upgrading schema to version 31 > The schema has already been upgraded. Rerun setup to upgrade this DC. > > That makes me think it's upgraded but the registry entry still says "System > Schema Version" 30 > > > > "Jorge Silva" wrote: > > > Hi > > > > What value do you get when you type on command prompt: > > > > schupgr > > > > -- > > I hope that the information above helps you > > > > Good Luck > > Jorge Silva > > MCSA > > Systems Administrator > > > > "Hiro" <H***@discussions.microsoft.com> wrote in message > > news:5E0053DA-6CF5-4C1E-ACFE-6ED7C39C7AC0@microsoft.com... > > >I added the Enterprise Admin and Schema Admin groups to the membership. I > > > also ran dsquery server -hasfsmo schema from the command line on the > > > domain > > > controller I'm trying to update. It returned the server that I am trying > > > to > > > do the adprep on. > > > > > > When I login with my account and run the adprep.exe /forestprep I get the > > > prompt to hit C and then enter. I do this and the screen disappears but > > > nothing else happens. When I check the registry key it's still at 30 and > > > not > > > 31 (R2). > > > > > > > > > "Jorge Silva" wrote: > > > > > >> Hi > > >> > > >> You need to run the forestprep switch in Schema master. You need to have > > >> Enterpise/Schema admin credentials to run the forestprep switch > > >> > > >> -- > > >> I hope that the information above helps you > > >> > > >> Good Luck > > >> Jorge Silva > > >> MCSA > > >> Systems Administrator > > >> > > >> "Hiro" <H***@discussions.microsoft.com> wrote in message > > >> news:A1531DC1-24A1-46E8-928F-F93312E6602E@microsoft.com... > > >> > We have two Windows Server 2003 domain controllers. An additional > > >> > domain > > >> > controller is being setup that runs Windows Server 2003 R2. > > >> > > > >> > I attempted to add the R2 server as a domain controller and got the > > >> > error > > >> > leading me to run adprep.exe on the domain. > > >> > > > >> > \CMPNENTS\R2\ADPREP\adprep.exe /forestprep > > >> > > > >> > Everything seemed to go okay when I ran this on the current 2003 domain > > >> > controller. > > >> > > > >> > When I check: > > >> > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters > > >> > the > > >> > value on the System Schema Version is still 30, not 31 like it should > > >> > be. > > >> > > > >> > Checking the error logs I noticed this two seconds after I ran the > > >> > adprep: > > >> > --------------------------------------------------------------ERROR > > >> > START > > >> > Active Directory failed to construct a mutual authentication service > > >> > principal name (SPN) for the following domain controller. > > >> > > > >> > Domain controller: > > >> > 6004e163-0d4e-47bb-a43f-4d527ed54291._msdcs.bnpmedia.com > > >> > > > >> > The call was denied. Communication with this domain controller might be > > >> > affected. > > >> > > > >> > Additional Data > > >> > Error value: > > >> > 8589 The DS cannot derive a service principal name (SPN) with which to > > >> > mutually authenticate the target server because the corresponding > > >> > server > > >> > object in the local DS database has no serverReference attribute. > > >> > --------------------------------------------------------------ERROR END > > >> > > > >> > I checked in DNS for the 6004e163-0d4e-47bb-a43f-4d527ed54291 entry but > > >> > I > > >> > don't see it. > > >> > > > >> > We had a domain controller die in the past and had to do some ugly > > >> > seizing > > >> > the role stuff. Is this related? > > >> > > > >> > Any thoughts on why the active directory didn't upgrade to the R2 > > >> > version? > > >> > > > >> > > >> > > >> > > > > > > Strange I have Schema Version = 31 under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters You can also verify the operating system support level of the schema by using the Adsiedit.exe utility or the Ldp.exe utility to view the objectVersion attribute in the properties of the cn=schema,cn=configuration,dc=<domain> partition. The value of the System Schema Version registry subkey and the objectVersion attribute are in decimal. System Schema Version ObjectVersion values and corresponding operating system support level . 13=Microsoft Windows 2000 . 30=Original release version of Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 (SP1) . 31=Microsoft Windows Server 2003 R2 What value do you have in there -- Show quoteHide quoteI hope that the information above helps you Good Luck Jorge Silva MCSA Systems Administrator "Hiro" <H***@discussions.microsoft.com> wrote in message news:48694CBB-46E7-40F9-B42D-5D1196167CA5@microsoft.com... >I successfully install Active Directory on the R2 machine. Not sure why the > registry key never changed. > > Brian > > "Hiro" wrote: > >> C:\>schupgr >> >> Opened Connection to *omit* >> SSPI Bind succeeded >> Current Schema Version is 31 >> Upgrading schema to version 31 >> The schema has already been upgraded. Rerun setup to upgrade this DC. >> >> That makes me think it's upgraded but the registry entry still says >> "System >> Schema Version" 30 >> >> >> >> "Jorge Silva" wrote: >> >> > Hi >> > >> > What value do you get when you type on command prompt: >> > >> > schupgr >> > >> > -- >> > I hope that the information above helps you >> > >> > Good Luck >> > Jorge Silva >> > MCSA >> > Systems Administrator >> > >> > "Hiro" <H***@discussions.microsoft.com> wrote in message >> > news:5E0053DA-6CF5-4C1E-ACFE-6ED7C39C7AC0@microsoft.com... >> > >I added the Enterprise Admin and Schema Admin groups to the >> > >membership. I >> > > also ran dsquery server -hasfsmo schema from the command line on the >> > > domain >> > > controller I'm trying to update. It returned the server that I am >> > > trying >> > > to >> > > do the adprep on. >> > > >> > > When I login with my account and run the adprep.exe /forestprep I get >> > > the >> > > prompt to hit C and then enter. I do this and the screen disappears >> > > but >> > > nothing else happens. When I check the registry key it's still at 30 >> > > and >> > > not >> > > 31 (R2). >> > > >> > > >> > > "Jorge Silva" wrote: >> > > >> > >> Hi >> > >> >> > >> You need to run the forestprep switch in Schema master. You need to >> > >> have >> > >> Enterpise/Schema admin credentials to run the forestprep switch >> > >> >> > >> -- >> > >> I hope that the information above helps you >> > >> >> > >> Good Luck >> > >> Jorge Silva >> > >> MCSA >> > >> Systems Administrator >> > >> >> > >> "Hiro" <H***@discussions.microsoft.com> wrote in message >> > >> news:A1531DC1-24A1-46E8-928F-F93312E6602E@microsoft.com... >> > >> > We have two Windows Server 2003 domain controllers. An additional >> > >> > domain >> > >> > controller is being setup that runs Windows Server 2003 R2. >> > >> > >> > >> > I attempted to add the R2 server as a domain controller and got >> > >> > the >> > >> > error >> > >> > leading me to run adprep.exe on the domain. >> > >> > >> > >> > \CMPNENTS\R2\ADPREP\adprep.exe /forestprep >> > >> > >> > >> > Everything seemed to go okay when I ran this on the current 2003 >> > >> > domain >> > >> > controller. >> > >> > >> > >> > When I check: >> > >> > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters >> > >> > the >> > >> > value on the System Schema Version is still 30, not 31 like it >> > >> > should >> > >> > be. >> > >> > >> > >> > Checking the error logs I noticed this two seconds after I ran the >> > >> > adprep: >> > >> > --------------------------------------------------------------ERROR >> > >> > START >> > >> > Active Directory failed to construct a mutual authentication >> > >> > service >> > >> > principal name (SPN) for the following domain controller. >> > >> > >> > >> > Domain controller: >> > >> > 6004e163-0d4e-47bb-a43f-4d527ed54291._msdcs.bnpmedia.com >> > >> > >> > >> > The call was denied. Communication with this domain controller >> > >> > might be >> > >> > affected. >> > >> > >> > >> > Additional Data >> > >> > Error value: >> > >> > 8589 The DS cannot derive a service principal name (SPN) with >> > >> > which to >> > >> > mutually authenticate the target server because the corresponding >> > >> > server >> > >> > object in the local DS database has no serverReference attribute. >> > >> > --------------------------------------------------------------ERROR END >> > >> > >> > >> > I checked in DNS for the 6004e163-0d4e-47bb-a43f-4d527ed54291 >> > >> > entry but >> > >> > I >> > >> > don't see it. >> > >> > >> > >> > We had a domain controller die in the past and had to do some ugly >> > >> > seizing >> > >> > the role stuff. Is this related? >> > >> > >> > >> > Any thoughts on why the active directory didn't upgrade to the R2 >> > >> > version? >> > >> > >> > >> >> > >> >> > >> >> > >> > >> > 
Other interesting topics
Problem with DC
Configuration Container Moving DC`s to other OU`s Sync Active Directory Across Domains use of .local domain for remote site vs rea domain name How to Rename and Address computers in a AD domain Extending ADAM Schema Referral was returned from Server No Joy backing up How to remove individual ACEs from ADAM directory object Querying AD using SQL |
|||||||||||||||||||||||
