2003r2 -> 2012 DC promotion problem
Trying to promote a 2012 member server to a DC in a 2003 domain
Verified domain is at 2003 functional levels
Prerequisite checks when promoting the 2012 machine fail with the following:
Verification of prerequisites for Active Directory preparation failed. Unable to perform Exchange schema conflict check for domain corp.local.
Exception: Access is denied.
Adprep could not retrieve data from the server server01.corp.local through Windows Managment Instrumentation (WMI).
Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130117131610-test directory for possible cause of failure.
(log says same info as in message)
Googling found the following Msft article:
Prerequisite adprep check fails with error "Unable to perform Exchange schema conflict check"
When attempting to promote a Windows Server 2012 domain controller into an existing Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 forest, prerequisite check fails with error:
Verification of prerequisites for AD prep failed. Unable to perform Exchange schema conflict check for domain
(Exception: the RPC server is unavailable)
The adprep.log shows error:
Adprep could not retrieve data from the server
through Windows Management Instrumentation (WMI).
Resolution and Notes
The new domain controller cannot access WMI through DCOM/RPC protocols against the existing domain controllers. To date, there have been three causes for this:
A firewall rule blocks access to the existing domain controllers
The NETWORK SERVICE account is missing from the "Logon as a service" (SeServiceLogonRight) privilege on the existing domain controllers
NTLM is disabled on domain controllers, using security policies described in Introducing the Restriction of NTLM Authentication
I have verified that there are no firewall rules blocking traffic; the NETWORK SERVICE account is listed in the "Logon as a service" on the 2003 box Default Domain Controller Security Settings; and NTLM is not disabled.
Other Googling shows people with the same issue, which was resolved by putting a 2008 server on the domain, promoting it, and then the 2012 box will promote from there. I am hoping to avoid this scenario.
Any help much appreciated.