Impossible to add AD DS services in Windows Server 2022

Question

HI, I Have a problem with my new DELL PowerEdge Server with Windows Server 2022 Standard ROK. I can't install/add the services AD DS roles. The install begin correctly and finish with the message :
"Feature Install: Request to add or remove features on the specified server failed. Unable to perform the operation because the server you specified requires a restart"
Exactely in french :
"Installation de fonctionnalité : échec de la demande d'ajout ou de suppression de fonctionnalités sur le serveur spécifié. Impossible d'effectuer l'opération, car le serveur que vous avez spécifié nécessite un redémarrage"

I Had also tried with succeed to install Features AD DS and AD tools

The environnment is :
The first/old server name is LPF81-S-01 in LPF81.local Domain (always in activity) with Windows Server 2012 R2 Essentials (IP config : IPV4 :192.168.0.1, sub : 255.255.255.0, bridge : 192.168.0.50, DNS1 : 192.168.0.1, DNS2 : nope, No IPV6). It contain AD DS, DNS Server and DHCP Server. It is now the only server.

I would like install the second/new server (the DELL with Windows server 2022 Winver 20348.1194) for promote him in the future, only one AD DS, DNS and DHCP Server.
The second/new server name is NewLPF81-1-01. It can join LPF81.Local domain. And I can open LPF81\Administrateur Windows Session. His config is : Windows Server 2022 Standard ROK with IP Config : IPV4 : 192.168.0.2, sub : 255.255.255.0, bridge : 192.168.0.50, DNS1 : 192.168.0.1, DNS2 : 8.8.8.8, no IPV6.

sfc/scannow is OK
DISM /Online /Cleanup-image /checkhealth is OK
DISM /Online /Cleanup-image /Restorehealth is OK

Can somebody help me ?

Thank you very much !

Answer 1

Sounds badly broken and the simplest / quickest solution is to clean install it, patch fully and try again. Also note a domain controller and all members should only use domain DNS, no router or public DNS server addresses on connection properties.

The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019 or 2022, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

Hi, sorry for being late in my response (I had a lot of work).
I formatted the server. Formatting and reinstallation were very long, as well as Windows Server updates (I don't know what to think of this latency...). But after all that, I installed the AD DS service AND the DNS server without any problems.
This was also particularly long and windows logs showed two warnings event :

• ESENT 508 performance : taskhostw (5072,D,0) WebCacheLocal: A write request to the file "C:\Users\Administrator. LPF81\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at relative address 14680064 (0x0000000000e00000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (150 seconds) to be processed by the system. This issue is most likely caused by faulty hardware. Contact your hardware manufacturer for further assistance with this issue.
• ESENT 533 general : taskhostw (5072,D,0) WebCacheLocal: A write request to file "C:\Users\Administrator.LPF81\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at relative address 14680064 (0x0000000000e00000 ) for 32768 (0x00008000) bytes has not been executed for 36 second(s). This issue is most likely caused by a hardware failure. Contact your hardware manufacturer for further assistance with this issue.

But I haven't had any errors like this since.

On the other hand, I have a warning event : SceCli 1202 => Security policies were propagated with warning. 0x534: Mapping between account names and security IDs was not done.

But I think this is an other problem which is software.

For the first problem of the post, I cant say all is allright, and I would like to thank you for your help and your time.

Answer 3

Hi !
I come back here just to give information about my last warning event problem: SceCli 1202 => Security policies were propagated with warning. 0x534

To solve the problem I went to Run, gpmc.msc. Then expand the forest, expand Domains, expand domain.local, expand Domain Controllers, right click on Default Domain Controllers Policy and choose Edit.
Then in the new group policy management editor window, Computer configuration, Policies, Windows settings, Security settings, Local policies, Assignment of user rights.
And finally, open the Log on as a service part and in the Security policy settings tab, delete everything in the frame, to change the status to "Not defined"
Validate everything, and do a gpupdate / force in CMD in Administrator mode.
Possibly restart the server.

Answer 4

Everything being finished, how to mark the subject as resolved and close it?

Answer 5

Adding a secondary domain controller to a Windows Server 2022 existing domain.

My colleague discovered by disconnecting the domain-joined, member server from the network first before installing the Active Directory and Services role, the process completed successfully. Then rebooted the member server, plugged in the network cable, and then the Promote to Domain Controller option was available and when selected the process completed successfully.