Hello everyone, To begin with, I feel miserable for having to ask for help for such a problem. Unfortunately, I`m not able to solve it on my own. On trying to promote a GlobeBank-Child to a domain CRL (child DC) I get "Could not log onto the domain with the specified credential. Supply a valid credential and try again." The parent domain is globebank.local. I`m able to log on to the domain CTRL(GlobeBank) of globebank.local. It makes me think that I type correctly the password. The Domain Naming Master holder is online and reachable. The GlobeBank-Child uses the GlobeBank`s IP as a DNS IP address There is a ping between all of the servers Do you have any idea where the problem is coming from?

Hi @Marinov, Marin I had to build a test environment to get to the bottom of this one, and its a combination of DNS configuration and group membership required to be able to add a child domain to the globebank.local domain. In DNS console in both domains make sure you have a conditional forwarder for the other domain. I've used an existing domain for my testing, but diff.internal would the same as your landonhotel.local domain. for the globebank.local domain for the landonhotel.local domain Without these conditional forwarders, I was not able to add the globebank\administrator to the Enterprise Admins group in landonhotel.local domain With the new server joined to the globebank domain, with DNS configuration pointing at a globebank.local DC These are the details I entered into the dcpromo wizard, I entered the administrator credentials: The dcpromo completed successfully. Gary.

<Removed> Have you tried joining the server to parent domain before running the dcpromo, and seeing if this solves the problem. Gary.

Hello MarinovMarin, By default this type of message error is resolved by specifying the credentials to promote as domain\<DomainAdminUsername> Other actions include: Check Existing Domain/Forest functional level on 2012 server. minimum level is 2008 support by 2016. Disable IPv6 from both servers Disable DHCP and assign same range static IPs. Assign 2012 IP as Primary DNS on 2016 adapter Furthermore, the process to add a DC with a Child domain, may be a bit different than adding a secondary DC, please check the next aid article for more details, in case you may be missing something: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-a-new-windows-server-2012-active-directory-child-or-tree-domain--level-200- Hope this helps with your query, --If the reply is helpful, please Upvote and Accept as answer--

Hi, the functional level of all the servers in the forest is 2016. All the servers use static IP addresses in the same range. IPv6 was disabled on the parent and child DCs. I m deadly sure the password is correct. To avoid such problems I use the same password for everything /it s a test environment/. I`m able to log n the parent domain using the same password. I followed a tutorial to configure the child domain. The $#%^& problem is still around.

Hello, I have already checked if I`m typing correctly the password. I deleted everything and started from scratch. I hope I will not run into that problem again.

"Could not log onto the domain with the specified credential. Supply a valid credential and try again."

Marinov, Marin 56

Hello everyone,

To begin with, I feel miserable for having to ask for help for such a problem. Unfortunately, I`m not able to solve it on my own. On trying to promote a GlobeBank-Child to a domain CRL (child DC) I get "Could not log onto the domain with the specified credential. Supply a valid credential and try again."

The parent domain is globebank.local. I`m able to log on to the domain CTRL(GlobeBank) of globebank.local. It makes me think that I type correctly the password.
The Domain Naming Master holder is online and reachable.
The GlobeBank-Child uses the GlobeBank`s IP as a DNS IP address
There is a ping between all of the servers

Do you have any idea where the problem is coming from?

Accepted answer

Gary Reynolds 9,621 Reputation points

2022-08-12T03:38:49.523+00:00

Hi @Marinov, Marin

I had to build a test environment to get to the bottom of this one, and its a combination of DNS configuration and group membership required to be able to add a child domain to the globebank.local domain.

In DNS console in both domains make sure you have a conditional forwarder for the other domain. I've used an existing domain for my testing, but diff.internal would the same as your landonhotel.local domain.

for the globebank.local domain

for the landonhotel.local domain

Without these conditional forwarders, I was not able to add the globebank\administrator to the Enterprise Admins group in landonhotel.local domain

With the new server joined to the globebank domain, with DNS configuration pointing at a globebank.local DC

These are the details I entered into the dcpromo wizard, I entered the administrator credentials:

The dcpromo completed successfully.

Gary.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

16 additional answers

Gary Reynolds 9,621 Reputation points

2022-07-29T18:22:52.02+00:00

<Removed> Have you tried joining the server to parent domain before running the dcpromo, and seeing if this solves the problem.

Gary.
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Limitless Technology 44,766 Reputation points

2022-07-29T11:14:05.833+00:00
Hello MarinovMarin,

By default this type of message error is resolved by specifying the credentials to promote as domain\<DomainAdminUsername>

Other actions include:

Check Existing Domain/Forest functional level on 2012 server. minimum level is 2008 support by 2016.

Disable IPv6 from both servers

Disable DHCP and assign same range static IPs.

Assign 2012 IP as Primary DNS on 2016 adapter

Furthermore, the process to add a DC with a Child domain, may be a bit different than adding a secondary DC, please check the next aid article for more details, in case you may be missing something:
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-a-new-windows-server-2012-active-directory-child-or-tree-domain--level-200-

Hope this helps with your query,

--If the reply is helpful, please Upvote and Accept as answer--
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Marinov, Marin 56 Reputation points

2022-07-29T13:16:58.56+00:00

Hi, the functional level of all the servers in the forest is 2016. All the servers use static IP addresses in the same range. IPv6 was disabled on the parent and child DCs. Im deadly sure the password is correct. To avoid such problems I use the same password for everything /its a test environment/. I`m able to log n the parent domain using the same password. I followed a tutorial to configure the child domain. The $#%^& problem is still around.
Please sign in to rate this answer.
Gary Nebbett 6,216 Reputation points

2022-07-29T13:43:57.11+00:00

Hello,

Just a trivial question: could it be possible that keyboard mapping means that what you type in is not what you expect (e.g. "y" and "z" exchanged)? Have you seen the result of typing in the password?

Gary
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Marinov, Marin 56 Reputation points

2022-07-29T16:51:03.417+00:00

Hello, I have already checked if I`m typing correctly the password. I deleted everything and started from scratch. I hope I will not run into that problem again.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

"Could not log onto the domain with the specified credential. Supply a valid credential and try again."

16 additional answers

Your answer