Retrospective IT

Server 2003/2008 DCPromo Logon Failure

I’ve been on a roll upgrading our equipment and decommissioning old servers. Most demotions and decommissions finish without an issue, which is great. I happened to be late to the game at one of our sites that closed before I was able to come onsite for the decommission. I ended up bringing the servers back with me and they sat in a warehouse for about a month until I had time to setup a test network with a VPN back to our main site to properly demote the domain controllers.

I started the servers up and verified I was able to connect to the main site via VPN and the servers were talking to one another. I began the DCPromo process and was soon greeted with this error:

The operation failed because:

Active Directory could not transfer the remaining data in directory partition CN=Schema,CN=Configuration,DC=domain,DC=com to domain controller DC5.Domain.com.

“Logon Failure: The target account name is incorrect.”

I was just going to go with a quick and dirty forceful removal from AD, but decided to do a little digging and found a simple solution. By disabling the Kerberos Key Distribution Center service and rebooting the server, I was able to restart DCPromo and properly demote the DCs without any further issue.

Leave a Reply

Your email address will not be published. Required fields are marked *