I have a domain with a single Windows 2008 DC. Functional level is Windows Server 2003.
I need to add a second DC, also Windows 2008, but am unable to complete dcpromo. It always fails with the error:
Active Directory Domain Services could not create the NTDS settings object....Ensure the provided credentials have sufficient network permissions... The encryption type requested is not supported by the KDC.
I also noticed that the new server was NOT automatically registered in DNS when joined to the domain, and am not sure if this is related.
I tried removing the new server from the domain, changing the computer name, then joining the domain again to see if this resolved the DNS issue but that did not help.
I also ran gpupdate on the new server and it returned this:
User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results.
Any help with troubleshooting would be great....
Bookmarks