Article ID: 296993
Article Last Modified on 3/1/2007
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
This article was previously published under Q296993
SYMPTOMS
When you try to promote domain controllers in new child domains or create replicas, you may receive the following error message:
This error may occur when you are promoting a large number of domain controllers for newly created subordinate domains or new trees in the forest while you are logged on with administrative credentials from a different domain.
You may also receive one of the following error messages when you run the Active Directory Installation Wizard (Dcpromo.exe):
-or-
CAUSE
This issue may occur if the Service Principle Name (SPN) for the domain that is hosting the replica has not been propagated to the domain that contains the account that you use when you run Dcpromo.exe. This propagation may have been delayed because of replication latencies.
RESOLUTION
To resolve this issue, wait for replication to complete before you create Active Directory directory service replicas.
If you cannot wait for replication to complete, use the domain administrator account from the domain that will contain the new replicas. Alternatively, make sure that all domain controllers in the root domain have replicated, and then create the replicas by using the root domain administrator account. To force replication, use tools such as Replmon.exe or Repadmin.exe. Replmon.exe and Repadmin.exe are included in the Windows 2000 Support Tools. For additional information about these tools, click the following article numbers to view the articles in the Microsoft Knowledge Base:
301423 HOW TO: Install the Windows 2000 Support Tools to a Windows 2000 Server-Based Computer
229896 Using Repadmin.exe to Troubleshoot Active Directory Replication
MORE INFORMATION
This issue can also occur while you are logged on as an administrator from the root domain, because a referral ticket must be issued to the child domain before the service ticket can be passed to the child domain. If the referral is requested from a replica in the root that may not have information about the new domain controllers in the child domains, use an administrative account from the child domain. This will allow you to use a service ticket issued by the child domain.
When you review the Dcpromo.log file on grand child domain controllers, it may contain entries similar to the following:
mm/dd hh:mm:ss [INFO] Replicating CN=Configuration,DC=rootdomaindc1, DC1,DC=companyname,DC=com: received 1325 out of 1472 objects. mm/dd hh:mm:ss [INFO] Replicating CN=Configuration,DC=rooddomaindc1, DC=dcpromo,DC=com: received 1472 out of 1472 objects. mm/dd hh:mm:ss [INFO] Replicated the configuration container. mm/dd hh:mm:ss [INFO] Error - The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration, DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the event log for possible system errors. (8586) mm/dd hh:mm:ss [INFO] NtdsInstall for 2467_19L03GRND1.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com returned 8586 mm/dd hh:mm:ss [INFO] DsRolepInstallDs returned 8586 mm/dd hh:mm:ss [ERROR] Failed to install the directory service (8586) mm/dd hh:mm:ss [INFO] The attempted domain controller operation has completed mm/dd hh:mm:ss [INFO] DsRolepSetOperationDone returned 0
Note This sample ticket and the other entries have been wrapped for readability.
When you review the Dcpromoui.log file on grand child domain controllers, it may contain entries similar to the following:
dcpromoui 188.4FC 0355 Calling DsRoleGetDcOperationResults dcpromoui 188.4FC 0356 Error 0x0 (!0 => error) dcpromoui 188.4FC 0357 Operation results: dcpromoui 188.4FC 0358 OperationStatus : 0x218A !0 => error dcpromoui 188.4FC 0359 DisplayString : The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the event log for possible system errors. dcpromoui 188.4FC 035A ServerInstalledSite : (null) dcpromoui 188.4FC 035B OperationResultsFlags: 0x0 dcpromoui 188.4FC 035C Enter ProgressDialog::UpdateText The Directory Service failed to create the object CN=2467_19L03GRND1 ,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors. dcpromoui 188.4FC 035D Enter State::SetOperationResults Message The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors. dcpromoui 188.4FC 035E Enter State::SetOperationResultsFlags 0x0 dcpromoui 188.4FC 035F Exception caught dcpromoui 188.4FC 0360 catch completed dcpromoui 188.4FC 0361 handling exception dcpromoui 188.4FC 0362 Enter State::ClearHiddenWhileUnattended dcpromoui 188.4FC 0363 Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 188.4FC 0364 Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 188.4FC 0365 Enter EnableConsoleLocking dcpromoui 188.4FC 0366 Enter RegistryKey::Create SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon dcpromoui 188.4FC 0367 Enter RegistryKey::SetValue-DWORD DisableLockWorkstation dcpromoui 188.4FC 0368 Enter State::SetOperationResults result FAILURE dcpromoui 188.4FC 0369 Enter ProgressDialog::UpdateText dcpromoui 188.4FC 036A Enter State::IsOperationRetryAllowed dcpromoui 188.4FC 036B true dcpromoui 188.4FC 036C Enter ComposeFailureMessage dcpromoui 188.4FC 036D Enter GetErrorMessage 8007218A dcpromoui 188.4FC 036E Enter State::GetOperationResults Message The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors. dcpromoui 188.4FC 036F Enter State::GetOperationResultsFlags 0x0 dcpromoui 188.4FC 0370 Enter State::SetFailureMessage The operation failed because: The Directory Service failed to create the object CN=2467_19L03GRND1 ,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors. "The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context. Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master." dcpromoui 188.4FC 0371 Enter State::GetFailureMessage The operation failed because: The Directory Service failed to create the object CN=2467_19L03GRND1 ,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors. "The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context. Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master." dcpromoui 188.4FC 0372 MessageBox: Active Directory Installation Failed : The operation failed because: The Directory Service failed to create the object CN=2467_19L03GRND1 ,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors. "The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context. Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master."
When you review the Dcpromo.log file on the replica in the child domain, it may contain entries similar to the following:
mm/dd hh:mm:ss [INFO] Configuring the local server to host the Directory Service mm/dd hh:mm:ss [INFO] Creating the ntdsa object for this server on dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. mm/dd hh:mm:ss [INFO] Error - The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02 ,CN=Servers,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo ,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1 .dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. (1396) mm/dd hh:mm:ss [INFO] NtdsInstall for 2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com returned 1396 mm/dd hh:mm:ss [INFO] NtdsInstall parameters: mm/dd hh:mm:ss [INFO] Flags: 4 mm/dd hh:mm:ss [INFO] DitPath: D:\WINDOWS\NTDS mm/dd hh:mm:ss [INFO] LogPath: D:\WINDOWS\NTDS mm/dd hh:mm:ss [INFO] SiteName: Default-First-Site-Name mm/dd hh:mm:ss [INFO] DnsDomainName: 2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com mm/dd hh:mm:ss [INFO] FlatDomainName: mm/dd hh:mm:ss [INFO] DnsTreeRoot: (NULL) mm/dd hh:mm:ss [INFO] ReplServerName: dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com mm/dd hh:mm:ss [INFO] Credentials: 00904130 mm/dd hh:mm:ss [INFO] pfnUpdateStatus: 748C13D7 mm/dd hh:mm:ss [INFO] AdminPassword: 00000000 mm/dd hh:mm:ss [INFO] DsRolepInstallDs returned 1396 mm/dd hh:mm:ss [ERROR] Failed to install to Directory Service (1396)
When you review the Dcpromoui.log file on the replica in the domain, it may contain entries similar to the following:
dcpromoui 198.768 0331 Calling DsRoleGetDcOperationResults dcpromoui 198.768 0332 Error 0x0 (!0 => error) dcpromoui 198.768 0333 Operation results: dcpromoui 198.768 0334 OperationStatus : 0x574 !0 => error dcpromoui 198.768 0335 DisplayString : The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02 ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration ,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01 .2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. dcpromoui 198.768 0336 ServerInstalledSite : (null) dcpromoui 198.768 0337 OperationResultsFlags: 0x0 dcpromoui 198.768 0338 Enter ProgressDialog::UpdateText The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo ,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1 .dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. dcpromoui 198.768 0339 Enter State::SetOperationResultsMessage The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo ,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1 .dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. dcpromoui 198.768 033A Enter State::SetOperationResultsFlags 0x0 dcpromoui 198.768 033B Exception caught dcpromoui 198.768 033C catch completed dcpromoui 198.768 033D handling exception dcpromoui 198.768 033E Enter State::ClearHiddenWhileUnattended dcpromoui 198.768 033F Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 198.768 0340 Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 198.768 0341 Enter EnableConsoleLocking dcpromoui 198.768 0342 Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 198.768 0343 Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 198.768 0344 Enter RegistryKey::Create SOFTWARE\Microsoft \Windows NT\CurrentVersion\Winlogon dcpromoui 198.768 0345 Enter RegistryKey::SetValue-DWORD DisableLockWorkstation dcpromoui 198.768 0346 Enter State::SetOperationResults result FAILURE dcpromoui 198.768 0347 Enter ProgressDialog::UpdateText dcpromoui 198.768 0348 Enter State::IsOperationRetryAllowed dcpromoui 198.768 0349 true dcpromoui 198.768 034A Enter ComposeFailureMessage dcpromoui 198.768 034B Enter GetErrorMessage 80070574 dcpromoui 198.768 034C Enter State::GetOperationResultsMessage The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. dcpromoui 198.768 034D Enter State::GetOperationResultsFlags 0x0 dcpromoui 198.768 034E Enter State::SetFailureMessage The operation failed because: The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. "Logon Failure: The target account name is incorrect." dcpromoui 198.768 034F Enter State::GetFailureMessage The operation failed because: The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. "Logon Failure: The target account name is incorrect." dcpromoui 198.768 0350 MessageBox: Active Directory Installation Failed : The operation failed because: The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. "Logon Failure: The target account name is incorrect."
Keywords: kbprb KB296993
