Microsoft Active Directory 2012 to 2022 upgrade error 0x80004005 ADPrep

Question

Hello,

We are a very small company trying to migrate our Windows Server 2012 Active Directory Domain controller to our new Windows Server 2022 controller. We have already successfully made the 2022 server join our existing domain but when we try to promote the server as a domain controller, we're getting the following error messages:

ADPrep execution failed System.ComponentModel.Win32Exception (0x80004005): A 

device attached to the system is not functioning. 

Check the log files in the directory for 

detailed information.

You will find a screenshot of the error message right there.

The logs file are the following:

It seems like to us it is the ADPrep command which is failing:

[2023/12/19:08:56:55.584] 

Adprep created the log file 'C:\Windows\debug\adprep\logs\20231219085655\ADPrep.log' 

[2023/12/19:08:56:55.584] 

Adprep successfully initialized global variables. 

[Status/Consequence] 

Adprep is continuing. 

[2023/12/19:08:56:55.592] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.596] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.596] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=UWSVR01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.597] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.597] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.597] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.603] 

Adprep discovered the schema FSMO: UWSVR01.ULTIMATEWASHER.local. 

[2023/12/19:08:56:55.605] 

Adprep connected to the schema FSMO: UWSVR01.ULTIMATEWASHER.local. 

[2023/12/19:08:56:55.605] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null). 

[2023/12/19:08:56:55.606] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.606] 

Adprep successfully retrieved information from the Active Directory Domain Services. 

[2023/12/19:08:56:55.606] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.606] 

LDAP API ldap_search_s finished, return code is 0x0  

[2023/12/19:08:56:55.606] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null). 

[2023/12/19:08:56:55.606] 

LDAP API ldap_search_ext_s finished, return code is 0x0  

[2023/12/19:08:56:55.606] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null). 

[2023/12/19:08:56:55.607] 

LDAP API ldap_search_s finished, return code is 0x0  

[2023/12/19:08:56:55.613] 

Adprep discovered the schema FSMO: UWSVR01.ULTIMATEWASHER.local. 

[2023/12/19:08:56:55.615] 

Adprep connected to the schema FSMO: UWSVR01.ULTIMATEWASHER.local. 

[2023/12/19:08:56:55.616] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.616] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.616] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=UWSVR01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.616] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.616] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.617] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.617] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null). 

[2023/12/19:08:56:55.617] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.617] 

Adprep successfully retrieved information from the Active Directory Domain Services. 

[2023/12/19:08:56:55.617] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=UID,CN=Schema,CN=Configuration,DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.618] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.618] 

Adprep successfully determined whether Microsoft Windows Services for UNIX (SFU) is installed or not. If adprep detected SFU, adprep also verified that Microsoft hotfix Q293783 for SFU has been applied. 

[2023/12/19:08:56:55.620] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.620] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.620] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=UWSVR01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.620] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.620] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.621] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.621] 

Adprep is about to upgrade the Active Directory Schema on the Domain Controller UWSVR01.ULTIMATEWASHER.local. 

[2023/12/19:08:56:55.622] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null). 

[2023/12/19:08:56:55.622] 

LDAP API ldap_search_s() finished, return code is 0x0  

[2023/12/19:08:56:55.623] 

Adprep successfully retrieved information from the Active Directory Domain Services. 

[2023/12/19:08:56:55.623] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=ULTIMATEWASHER,DC=local. 

[2023/12/19:08:56:55.623] 

LDAP API ldap_search_s finished, return code is 0x0  

[2023/12/19:08:56:55.623] 

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null). 

[2023/12/19:08:56:55.623] 

LDAP API ldap_search_ext_s finished, return code is 0x0  

[2023/12/19:08:56:55.623] 

Current Schema Version is 69 

[2023/12/19:08:56:55.623] 

Upgrading schema to version 88 

[2023/12/19:08:56:55.625] 

The command line passed to ldifde is ldifde -i -f "C:\Windows\system32\adprep\sch70.ldf" -s "UWSVR01.ULTIMATEWASHER.local" -h -j "C:\Windows\debug\adprep\logs\20231219085655" -$ "C:\Windows\system32\adprep\schupgrade.cat" 

[2023/12/19:08:56:55.654] 

ERROR: Import from file C:\Windows\system32\adprep\sch70.ldf failed. Error file is saved in C:\Windows\debug\adprep\logs\20231219085655\ldif.err.70.  

If the error is "Insufficient Rights" (Ldap error code 50), please make sure the specified user has rights to read/write objects in the schema and configuration containers, or log off and log in as an user with these rights and rerun forestprep. In most cases, being a member of both Schema Admins and Enterprise Admins is sufficient to run forestprep. 

[2023/12/19:08:56:55.655] 

Adprep was unable to upgrade the schema on the schema master. 

[Status/Consequence] 

The schema will not be restored to its original state.  

[User Action] 

Check the Ldif.err log file in the C:\Windows\debug\adprep\logs\20231219085655 directory for detailed information. 

[2023/12/19:08:56:55.655] 

Adprep was unable to update forest information.  

[Status/Consequence] 

Adprep requires access to existing forest-wide information from the schema master in order to complete this operation. 

[User Action] 

Check the log file, ADPrep.log, in the C:\Windows\debug\adprep\logs\20231219085655 directory for more information.  

You will find the full log entry files in here: https://1drv.ms/f/s!AjGW_NSfMOyM5ScuxbJpq5cq0Kws?e=ZrGDCA

Here are the steps we have tried:

• Restart the computer
• Repair installation of AD controller
• Check that Remote Registry is active
• Checked that the user has the right Entreprise and Schema rights

Would you have any ideas on how to fix it? Could you help us complete this transition ?

Respectfully,

Louis GUERIN

Answer 1

Hello Louis,

Thank you for reaching out to Microsoft customer support. Based on the error message you provided, it seems that the ADPrep command is failing to update the forest information. This error can occur due to various reasons such as network connectivity issues, insufficient permissions, or corrupt Active Directory database.

To resolve this issue, I would suggest you try the following steps:

1. Ensure that the user account you are using to run the ADPrep command has Enterprise Admins and Schema Admins permissions.
2. Check the network connectivity between the schema master and the new domain controller. Ensure that the new domain controller can communicate with the schema master.
3. Check the DNS settings on the new domain controller and ensure that it is pointing to the correct DNS server.
4. Run the ADPrep command manually on the schema master and check if it completes successfully.
5. If the above steps do not resolve the issue, you can try to perform a metadata cleanup of the old domain controller and then try to promote the new domain controller again.

I hope these steps help you resolve the issue. If you have any further questions or concerns, please feel free to ask.

Best regards,

Qiuyang

Answer 2

Hello and happy new year !

We do apologise for the late answer due to the holidays. We have tried many steps but nothing seems to fix the issue. I have attached the dsdiag output which has most notebly SystemLog which is failing: https://1drv.ms/t/s!AjGW_NSfMOyM5TsRTpeKVAVgRgnw?e=9aBXdg

We're a small company of about 10 peoples, so what do you think about going nuclear ? Would you be able to give us a procedure to completely shutdown the 2012 server and create the 2022 domain from scratch with the same domain name ?

Would doing so be transparent for clients if we reuse the same domain name ?

Thank you,

Louis

Answer 3

Hello,

Thank you for your rapid response and we do apologize for the delayed answer. Here is what we have learnt:

1. The user accounts does have the appropriate permissions.
2. We tried to ping both computers and they can speak to each other with no difficulties.
3. DNS settings are configured correctly on both computer and they both can resolve each other.
4. Here are the output when running adprep on our schema master:

PS C:\Windows\System32\adprep> ./adprep. exe /forestprep
ADPREP WARNING:

Before running adprep, all Windows Active Directory Domain Controllers in the forest must run Windows Server 2003 or later.

You are about to upgrade the schema for the Active Directory forest named 'ULTIMATEWASHER.local', using the Active Directory domain controller (schema master) 'UWSVR01.ULTIMATEWASHER.local'.
This operation cannot be reversed after it completes.

[User Action]

If all domain controllers in the forest run Windows Server 2003 or later and you want to upgrade the schema, confirm by typing 'C' and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit.

Forest-wide information has already been updated.

[Status/Consequence]

Adprep did not attempt to rerun this operation.

PS C:\Windows\System32\adprep> ./adprep. exe /domainprep

Domain-wide information has already been updated.

[Status/Consequence]

Adprep did not attempt to rerun this operation.

5. We read the procedure to do this online but we're not confortable running it since this old 2012 machine is our only domain controller. Could you walk us through the procedure do it without risking to break the 2012 AD server ?

Otherwise, we have tried running the commands everytime after the previous attempts with no success. Would you have any other ideas ?

Respectfully,

Louis

Answer 4

Hello Louis,

Thank you for providing additional information. Based on the error message you provided, it seems that the ADPrep command is failing to update the forest information.

If the network connectivity is not the issue, you can try running the ADPrep command again with the /verbose switch to get more detailed information about the error. This may help you identify the root cause of the issue.

As for upgrading your domain controller without risking breaking the 2012 AD server, it is recommended to perform a backup of your existing AD server before proceeding with the upgrade. This will allow you to restore your AD server in case anything goes wrong during the upgrade process.

Additionally, you can consider setting up a test environment to perform the upgrade in a controlled environment before upgrading your production environment. This will allow you to identify and address any issues before upgrading your production environment.

I hope this information helps. Let me know if you have any further questions or concerns.

Best regards,

Qiuyang

Answer 5

Hello Louis,

Thank you for providing the dsdiag output. Based on the information provided, it appears that there are issues with the Active Directory Domain Services on your Windows Server 2012.

Regarding your question about creating a new domain with the same name, it is possible to do so, but it would require a careful planning and execution to ensure that the process is transparent to your clients.

Before proceeding with this option, I would recommend that you exhaust all other troubleshooting steps to try and resolve the issue with your current domain. If you have not already done so, I suggest that you review the event logs on your domain controllers to identify any specific errors or warnings that may be related to the issue you are experiencing.

If you decide to proceed with creating a new domain, you will need to ensure that all of your client computers are removed from the old domain and joined to the new domain. This will require reconfiguration of user accounts, group policies, and other settings.

Best regards,

Qiuyang