none
The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.

    Question

  • Hi.

    Windows 2012 attempting to join a Windows 2003 domain hosted on a Windows 2012 DC. DNS error. However, DNS resolutions seems fine. The two servers can ping each other by name and can also ping public addresses.

    Wednesday, November 13, 2013 3:16 PM

Answers

  • Unbelievable. The solution ended up being such a simple thing. NIC1 had become Local Area Network 2 in Windows and NIC2 had become Local Area Network. All along I was using NIC2, Local Area Network, with NIC1 LAN2 disabled.

    Today I went onsite and physically connected the cable to NIC1, Local Area Network 2 and disabled NIC2. Voila!
    Monday, November 18, 2013 11:55 AM

All replies

  • what are you forest & function levels?

    also what is the specific error you are getting

    Wednesday, November 13, 2013 3:44 PM
  • Hi

    Domain and forest functional levels are 2003. There is an existing Windows 2012 Domain Controller.

    The DCPromo wizard stalls at "Creating the NTDS Settings object for this Active Directory Domain Controller on the remote AD DC....". I've followed http://support.microsoft.com/kb/2737935/en-us about 4 times with no success. 

    On the event log there's a DNS error which I will send out tomorrow. 

    Existing Windows 2012 DC is server6, ip 10.0.0.16. New Dc is server5 IP 10.0.0.15. Server5 points to 10.0.0.16 (server6) for dns.

    Wednesday, November 13, 2013 7:37 PM
  • Have you tried this -> Active Directory installation stalls at the "Creating the NTDS settings object" stage

    To resolve this issue, follow these steps:
    1. Restart the server on which Active Directory could not be installed.
    2. Use Dsa.msc or Dsac.exe on an existing domain controller to delete the failed server's computer account. (The domain controller will not yet be a domain controller object but only a member server.) Then, let Active Directory replication converge.
    3. On the failed server, forcibly remove the server from the domain by using the System Properties Control Panel item or netdom.exe.
    4. On the failed server, remove the Active Directory Domain Services (AD DS) role by using Server Manager or Uninstall-WindowsFeature.
    5. Restart the failed server.
    6. Install the AD DS role, and then try the promotion again. When you do this, make sure that you provide promotion credentials in the form "domain\user" or "user@domain.tld."

    Thursday, November 14, 2013 1:47 AM
  • Hi

    As indicated in my previous post, I tried that about 4 times with different Password variables.

    http://support.microsoft.com/kb/2737935/en-us

    The exact DNS error that I get on dcpromo.log:

    Error value:
    8524 The DSA operation is unable to proceed because of a DNS lookup failure.
    Thursday, November 14, 2013 6:50 AM
  • As indicated in my previous post, I tried that about 4 times with different Password variables.
    Sorry, I totally spaced out on that one.
    Thursday, November 14, 2013 7:46 AM
  • Is there anything in between the 2012 DC you're trying to join to the domain on the other DCs?  Firewall, router, etc.
    Thursday, November 14, 2013 7:48 AM
  • Nothing in-between. I can ping, nslookup and even access the Sysvol share on the target DC.
    Thursday, November 14, 2013 8:47 AM
  • Hi,

    In regard to the DNS error, I have found a KB article below:

    Troubleshooting AD Replication error 8524: The DSA operation is unable to proceed because of a DNS lookup failure

    http://support.microsoft.com/kb/2021446

    Please verify the DC which 8524 error referred to.

    If this DC was currently offline but still a valid one, please make it online.

    If this DC is an inactive DC, please remove the stale metadata from Active Directory.

    I hope this helps.

    Best Regards,

    Amy Wang

    Thursday, November 14, 2013 9:19 AM
  • Hi

    My situation is different. This is a very fresh domain. Server6 is the current domain Controller. It's only been running for 2 weeks. Now I'm trying to bring Server5 into the domain and will retire server6 once done.

    The error 

    Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.



    Domain controller:

    server6.domain.

    Server6 currently runs the Domain and it's active because there's proper authentication and mail flow.

    I've looked at that article and it seems to point to replication failures, whereas mine has never replicated. i can't run Diag tools on Server5 because it's not a DC. Diag tools on Server6 are successful.

    Thursday, November 14, 2013 9:26 AM
  • Do you use ISA?

    Try disabling RPC Compliance for the AD configuration group by allowing all Internal Traffic and see.

    http://technet.microsoft.com/en-us/library/bb838943.aspx


    Devaraj G | Technical solution architect

    Thursday, November 14, 2013 9:39 AM
  • Following that article:

    Both ping and nslookup fail when I use the server's GUID.

    Thursday, November 14, 2013 9:43 AM
  • Do you use ISA?

    Try disabling RPC Compliance for the AD configuration group by allowing all Internal Traffic and see.

    http://technet.microsoft.com/en-us/library/bb838943.aspx


    Devaraj G | Technical solution architect

    No I don't use ISA.
    Thursday, November 14, 2013 10:07 AM
  • Hi,

    Are there any other related errors in Event logs?

    If there are, please post them out, which would be very beneficial for troubleshooting this issue.

    Here are some related links below:

    Can't add new domain tree root to old forest

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/8b4f314d-e9b0-4f1f-bb6d-512d3edc2051/cant-add-new-domain-tree-root-to-old-forest?forum=winserverDS

    Active Directory installation stalls at the "Creating the NTDS settings object" stage

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/c6d0915b-7d7e-4a3f-9b0b-aa4935dc3170/active-directory-installation-stalls-at-the-creating-the-ntds-settings-object-stage?forum=winserver8gen

    RPC Error when adding second 2008R2 DC to existing forest and domain

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/a0aaf00a-814d-48bc-8b6b-6d6e304d2312/rpc-error-when-adding-second-2008r2-dc-to-existing-forest-and-domain?forum=winserverDS

    Best Regards,

    Amy Wang

    Friday, November 15, 2013 3:24 AM
  • Hi

    Here are the Events that are logged during the failed promotion process:

    1125, Source: Microsoft-Windows-ActiveDirectory_DomainService, Task Category: Setup

    8524
    The DSA operation is unable to proceed because of a DNS lookup failure

    PortQry on local server for Domains and Trusts comes back with "Not Listening"

    Example: 

    TCP port 139 (netbios-ssn service): NOT LISTENING
    portqry.exe -n 127.0.0.1 -e 139 -p TCP exits with return code 0x00000001.

    For the target DNS server

    Listening,

    example

    TCP port 139 (netbios-ssn service): LISTENING
    portqry.exe -n 10.0.0.16 -e 139 -p TCP exits with return code 0x00000000.

    Friday, November 15, 2013 10:44 AM
  • The DNS Zone is not being transferred from the target server to the new DC.

    Friday, November 15, 2013 2:40 PM
  • Unbelievable. The solution ended up being such a simple thing. NIC1 had become Local Area Network 2 in Windows and NIC2 had become Local Area Network. All along I was using NIC2, Local Area Network, with NIC1 LAN2 disabled.

    Today I went onsite and physically connected the cable to NIC1, Local Area Network 2 and disabled NIC2. Voila!
    Monday, November 18, 2013 11:55 AM
  • Hi,

    Thank you so much for your sharing! I’m glad it all worked out.

    Please feel free to ask us if there are any issues in the future.

    Best Regards,

    Amy Wang

    Tuesday, November 19, 2013 12:54 AM