Results 1 to 5 of 5

Thread: When you run Dcpromo.exe on Windows 2008 to create a replica domain controller, you receive a message "The operation failed because: A domain controller could not be contacted ... "Access is denied."

  1. #1
    John Wu Guest

    When you run Dcpromo.exe on Windows 2008 to create a replica domain controller, you receive a message "The operation failed because: A domain controller could not be contacted ... "Access is denied."

    In my attempts to create a replicadc on Windows 2008 server, I keep getting
    the same error message - "Access is denied". The member server has no
    problem joining the domain. And I've removed and re-joined several times.
    Dynamic Updates are working and a host record is created on AD Integrated
    DNS.

    I also ran the DCDIAG test with dcpromo, and everything comes back clean.

    ==============

    C:\Windows\system32>hostname
    vrwcprddc4

    C:\Windows\system32>
    C:\Windows\system32>dcdiag /dnsdomain:mylabcheck.com /test:dcpromo
    /replicadc
    Starting test: DcPromo
    The DNS configuration is sufficient to allow this computer to be
    promoted
    as a replica domain controller in the mylabcheck.com domain.

    Messages logged below this line indicate whether this domain
    controller
    will be able to dynamically register DNS records required for the
    location of this DC by other devices on the network. If any
    misconfiguration is detected, it might prevent dynamic DNS
    registration
    of some records, but does not prevent successful completion of the
    Active
    Directory Domain Services Installation Wizard. However, we recommend
    fixing the reported problems now, unless you plan to manually update
    the
    DNS database.

    DNS configuration is sufficient to allow this domain controller to
    dynamically register the domain controller Locator records in DNS.

    The DNS configuration is sufficient to allow this computer to
    dynamically
    register the A record corresponding to its DNS name.

    ......................... vrwcprddc4 passed test DcPromo

    C:\Windows\system32>


    ====================


    I found a KB article that makes reference to this issue, but I couldn't
    follow it, since the steps were not clear with the group policy mmc.
    http://support.microsoft.com/kb/232070

    Any other ideas?

    thanks,
    John





  2. #2
    Frank Röder Guest

    Re: When you run Dcpromo.exe on Windows 2008 to create a replica domain controller, you receive a message "The operation failed because: A domain controller could not be contacted ... "Access is denied."

    Hello John,

    before running dcpromo please check the time offset between the new server
    an the other existing dcs. Is it greater than five minutes?

    --
    Viele Grüße

    Frank Röder
    MVP - Directory Services


  3. #3
    Meinolf Weber [MVP-DS] Guest

    Re: When you run Dcpromo.exe on Windows 2008 to create a replica domain controller, you receive a message "The operation failed because: A domain controller could not be contacted ... "Access is denied."

    Hello John,

    Please post an unedited ipconfig /all from the existing and the new DC, so
    we can exclude DNS as a problem. What account are you suing to promote the
    new server?

    Best regards

  4. #4
    John Wu Guest

    Re: When you run Dcpromo.exe on Windows 2008 to create a replica domain controller, you receive a message "The operation failed because: A domain controller could not be contacted ... "Access is denied."

    thanks for your reply.

    I found a work-around. I was attempting to do this on my LAN and the other
    DC was in the DMZ. I moved the machine to the DMZ and it worked.

    Some FW port rules not letting all the traffic through. I have to figure out
    what that port is, because I could join the domain, but why DCPromo not
    working? is a mystery.

  5. #5
    Meinolf Weber [MVP-DS] Guest

    Re: When you run Dcpromo.exe on Windows 2008 to create a replica domain controller, you receive a message "The operation failed because: A domain controller could not be contacted ... "Access is denied."

    Hello John,

    A DC should not be located in a DMZ. A DMZ is used for servers that are accessed
    from the outside world with public ip addresses. Please describe more detailed
    your network setup.

    If you still will do it that way you have to open ports according to this
    articles for AD replication:
    http://support.microsoft.com/kb/179442/

    http://support.microsoft.com/kb/555381

    http://technet.microsoft.com/en-us/l.../bb727063.aspx

    http://technet.microsoft.com/en-us/l.../bb125069.aspx

    At least check this article about using RODC's in a DMZ:
    http://technet.microsoft.com/en-us/l.../dd728034.aspx

    Best regards

Similar Threads

  1. Replies: 1
    Last Post: 01-11-2012, 01:34 PM
  2. Replies: 2
    Last Post: 17-05-2012, 03:50 AM
  3. Domain Controller "status"on new W2K8 server is "not available"
    By Susan Bradley in forum Active Directory
    Replies: 2
    Last Post: 13-12-2011, 03:03 PM
  4. Replies: 5
    Last Post: 21-03-2011, 10:00 AM
  5. Replies: 2
    Last Post: 08-12-2008, 07:03 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,678,768.88430 seconds with 17 queries