JSI Tip 6057. When you try to promote the first domain controller in a new forest, you receive 'Failed to create the GPO for the domain <DomainName>'?

When you run DCpromo.exe to promote the first domain controller in a new forest, you receive:

Failed to create the GPO for the domain <DomainName>.
Setting the LSA policy information 12/10 08:44:14 \[INFO\] Error - Failed to create the GPO for the domain <DomainName>.
Creation of GPO failed with 1208.

NOTE: a similar error may also be posted to the Cpromo.log file.

This error can be the result of a corrupted Secedit.sdb security database.

To fix the problem:

1. Open a CMD prompt.

2. Type esentutl /p %SystemRoot%\security\database\secedit.sdb /v /x and press Enter.

3. Type Del /q %SystemRoot%\security\Edb.log and press Enter.

4. Type Del /q %SystemRoot%\security\Edb0*.log and press Enter.

5. Rerun DCpromo.exe.

NOTE: Microsoft recommends that you run a full server backup after you repair the database.

NOTE: See How do I promote and demote domain controllers in Windows 2000?



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish