Article ID: 2737560 - View products that this article applies to.
When you try to configure the first Windows Server 2012 domain controller in an existing Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 forest, the prerequisites check fails, and you receive the following error message:
Verification of prerequisites for Active Directory preparation failed. Unable to perform Exchange schema conflict check for domain adatum.com.
Exception: The RPC server is unavailable.
Adprep could not retrieve data from the server 2008r2-01.adatum.com through Windows Management Instrumentation (WMI).
Additionally, the C:\windows\debug\adprep\logs\<date/time>-test\adprep.log file shows the following:
[2012/07/24:09:50:21.734]Adprep failed while performing Exchange schema check.[Status/Consequence]The Active Directory Domain Services schema is not upgraded.[User Action]Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20120724094831-test directory for possible cause of failure.[2012/07/24:09:50:21.734]Adprep encountered a Win32 error. Error code: 0x6ba Error message: The RPC server is unavailable.DSID Info:DSID: 0x1810012aHRESULT = 0x800706baNT BUILD: 8517
Cause 1The existing domain controller or controllers are missing the SeServiceLogonRight ("Logon as a service") right for the NETWORK SERVICE account.
Cause 2The WMI and DCOM protocols are blocked between the computer that is running Windows Server 2012 and the existing domain controller or controllers.
Resolution 1Add the NETWORK SERVICE as part of the SeServiceLogonRight ("Logon as a service") right back to the Default Domain Controllers policy. By default, the service exists there in Windows Server 2003 domains. Make sure that no other policy is removing the service if the service is already present in the Default Domain Controllers policy. By default, the service is set by local security policy on all servers in Windows Server 2008 and later versions and is no longer part of Default Domain Controllers policy.
Resolution 2Examine Windows Firewall on the existing domain controllers, and make sure that the following rules are enabled. (By default, these rules are enabled on domain controllers.)
This issue also occurs if you are running Windows Server 2012.
The adprep.exe /forestprep command also runs prerequisite checking.
The missing SeServiceLogonRight right issue can be caused when administrators have previously run the dcpromo /forceremoval command in Windows Server 2003.