Unable to promote a server to a domain controller

During one of the activities with the demo environment I faced an issue that I was unable to promote any server to DC, and was giving the errors:

ADPrep execution failed –> System.ComponentModel.Win32Exception (0x80004005): A device attached to the system is not functioning.
Check the log files in the C:\Windows\debug\adprep\logs\20220518075032 directory for detailed information.

After a deep dive into the logs I also find these ADPREP errors:

The command line passed to ldifde is ldifde -i -f “C:\Windows\system32\adprep\sch87.ldf” -s “CMAD1.contosomortgage.local” -h -j “C:\Windows\debug\adprep\logs\20220518093510” -$ “C:\Windows\system32\adprep\schupgrade.cat”
ERROR: Import from file C:\Windows\system32\adprep\sch87.ldf failed. Error file is saved in C:\Windows\debug\adprep\logs\20220518093510\ldif.err.87.

Entry DN: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=<domain> changetype: modify Attribute 0) appliesTo:7b8b558a-93a5-4af7-adca-c017e67f1057 Add error on entry starting on line 1: Attribute Or Value Exists The server side error is: 0x2083 The specified value already exists.

To fix that use ADSI and remove the conflicting GUID’s located under the Configuration

1: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

2: CN=Receive-As,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

3: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

4: CN=Public-Information,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

5: CN=Validated-SPN,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

6: CN=Allowed-To-Authenticate,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

7: CN=MS-TS-GatewayAccess,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.