Recently at work, I was adding a new Domain Controller to an existing forest and I just could not get past “Creating the NTDS Settings” I have done this many times in the past and never had this issue. After trying a few times and a lot of waiting, I thought I should have a little dig around in the event logs to see what was wrong.
In the Directory Services event logs I found the events like the ones below:
Event 1
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 23/11/2016 9:24:15 PM
Event ID: 1963
Task Category: DS RPC Client
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: TESTPIXELS-DC02
Description:
Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
Process ID:
556
Reported error information:
Error value:
Could not find the domain controller for this domain. (1908)
directory service:
TESTPIXELS-DC01.TESTPIXELS.CO.UK
Extensive error information:
Error value:
A security package specific error occurred. 1825
directory service:
TESTPIXELS-DC02
Additional Data
Internal ID:
5000dfc
Event 2
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 23/11/2016 9:24:15 PM
Event ID: 1962
Task Category: DS RPC Client
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: TESTPIXELS-DC02
Description:
Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
directory service:
TESTPIXELS-DC01.TESTPIXELS.CO.UK
Additional Data
Error value:
Could not find the domain controller for this domain. (1908)
Event 3
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 23/11/2016 9:24:15 PM
Event ID: 1125
Task Category: Setup
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: TESTPIXELS-DC02
Description:
The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
Domain controller:
TESTPIXELS-DC01.TESTPIXELS.CO.UK
Additional Data
Error value:
1908 Could not find the domain controller for this domain.
The Issue
In my case, this issue happened because the servers built-in Administrator account had the same password as the built-in Domain Administrator account, and I only supplied the username Administrator when prompted.
The Fix
The fix was rather simple in the end. Just follow the steps below making sure you do not miss one.
- Restart the server on which Active Directory could not be installed.
- Use Active Directory Users and Computers on an existing domain controller to delete the failed server’s computer account. (The domain controller will not yet be a domain controller object but only a member server.) Then, let Active Directory replication converge.
- On the failed server, forcibly remove the server from the domain by using the System Properties Control Panel item.
- On the failed server, remove the Active Directory Domain Services (AD DS) role by using Server Manager.
- Restart the failed server.
- Install the AD DS role, and then try the promotion again. When you do this, make sure that you provide promotion credentials in the form “domain\user” or “user@domain.tld.”
It’s that simple! You now have your Domain Controller all working!
Let me know if you want some pictures…
[AdSense-A]
2 Comments
Tori · June 24, 2021 at 12:41 pm
Hey Richard, could you please send me some pictures, I am new to system administration and I’m trying to add a member server to my domain. Showing me how it works would definitely help. Thanks in advance.
Marcin · May 20, 2024 at 7:28 pm
Hi, that did the trick with server 2022 as well. Thanks for the article.