2003SBS network.
I'm configuring a 2008Std server as a secondary DC, it's already running as a delegated DNS.
I've prep'd the AD on the SBS box with adprep /forestprep and everything completed OK there.
Then I ran the AD installation wizard on the 2008 box which started to run OK but then stopped and asked for credentials. It needs to access / modify / whatever, the <computername>$ account on the 2008 box. I'm using the network administrator account and I've amended the default domain policy on the 2003 box to trust the administrator account for delegation.
I've run gpupdate /force and I've logged off and back onto the 2008 box.
No joy at all. The wizard always stops at the same point with the error "Access Denied" to the <computername>$ account.
I'm stumped now, totally. What the hell else can I do to get around this?
Oh dear.....
Looks like I'm on my own then
Pete
Network administrator account ? Is that the local admin account you created when you installed / setup the server - if not then try the servers local admin account maybe ? that or domain admin account ( which I am guessing the network administrator account is a part of )
Also am presuming that DNS is working 100% is forward and reverse lookup zones can resolve both ways ?
If by SBS2003 you mean small business server i believe it is onky usable in a single DC enviroment - therfore it wont let you join the second DC - you would need to upgrade the first DC to be full server 2003 first.
Thanks
James
Tried the local account but it's insistent that it wants a domain account.Originally Posted by mac_shinobi
Hi,
To confirm you can add a 2008 server as a dc to an existing 2003SBS domain. One of my customers runs with this setup.
Sorry Pete have not seen this error. Could try setting up another administrator user and try that. Is the SBS box fully service packed?
Tried setting up another account - failed in same way.
SBS box is right up to date, AD has been adprep'd, etc.
Pete
Have now also added <computername>$ as a trusted account for delegation.
Also created a new Domain & Schema Admin account, trusted it for delegation and also added it to the local admins group on the 2008 box.
Still no luck.
It must be something deeper than a simple permissions error methinks.
Looking at the AD log on the 2008 box there are some warnings, which only crop up whilst I'm running dcpromo, something like "Internal Event, The Following Schema Class Has A Superclass That Is Not Valid" followed by some AD gobbledegook. These are warnings in the event log, not errors, do they matter?
Do I need to run adprep again? Or, God forbid, ADSIEdit?
Pete
Is the account you ran adprep as a member of the scema admins group as you need to be for the schema upgrade to take place - make sure your admin account is a member of scema admins (its not by default) then on your sbs server run adprep (you have to run it on the server that holds the sceme FSMO role (if you only have one dc it must be that one)).
Then try dcpromo again.
Thanks
James
Yep, ran adprep as Domain & Schema admin. Adprep ran and completed without errors.
Pete
Hi James
Sorry, I missed this post earlier.
No, that's not correct. You can only have one SBS box in a forest but you can have other DCs in the same forest so long as the SBS box has all the FSMO roles assigned to it.
Pete
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote