Select the product you need help with

Domain controller cloning fails with error 8437: "invalid parameter was specified for this replication operation"

Article ID: 2742959 - View products that this article applies to.

Symptoms

You use the Virtualized Domain Controller (VDC) cloning feature that is introduced in Windows Server 2012. After you clone a new domain controller, you find that the server starts in Directory Services Repair Mode (DSRM). Additionally, when you examine the Directory Services event log on the cloned domain controller, you find an event that resembles the following:

Log Name: Directory Service
Source: Microsoft-Windows-DirectoryServices-DSROLE-Server
Date: 8/8/2012 12:11:25 PM
Event ID: 29255
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: DC2-FULL.root.fabrikam.com
Description:
Virtual domain controller cloning failed. An attempt to create objects on the primary domain controller DC2-FULL.root.fabrikam.com required for the image being cloned returned error 8437 ("An invalid parameter was specified for this replication operation.
(0x20f5, 8437)").
Please verify that the cloned domain controller has privilege to clone itself. Check for related events in the Directory Service event log on primary domain controller DC2-FULL.root.fabrikam.com.

Details on virtual domain controller cloning can be found at http://go.microsoft.com/fwlink/?LinkId=208030

You verify that the clone computer belongs to the Cloneable Domain Controllers group.

Back to the top | Give Feedback

Cause

One of the following issues occurred:

An invalid clone name was specified in DcCloneConfig.xml for the <ComputerName> element.
A duplicate NetBIOS name (same name as the source computer or same name as an existing computer on the network) was specified in DcCloneConfig.xml for the <ComputerName> element.

Back to the top | Give Feedback

Resolution

To resolve this issue, set the correct computer name in DcCloneConfig.xml. When you do this, follow these guidelines:

Use a valid name. The name must be in valid NetBIOS format, must not exceed 15 ASCII characters, and must not contain disallowed characters. The name cannot be in a fully qualified domain name (FQDN) format.
Use a unique name. The NetBIOS name cannot exist on the network as the name of any computer or domain.

After you set the correct computer name in DcCloneConfig.xml, follow these steps:

Run the following commands from an elevated command prompt:
Bcdedit.exe /deletevalue safeboot

Shutdown.exe /r /t 0
Verify that the server is successfully cloned.

Back to the top | Give Feedback

More information

This behavior is by design.

You can also use clone domain controller names that are auto-generated. Such names are created when you do not specify a <ComputerName> element in the DcCloneConfig.xml. This automated process assigns a new computer name that is created by using first seven characters of the source computer, a hyphen, the letters "CL," and an incrementing number from 0001 to 9999.

For example, a source server that is named DCcohovineyard can have the following clone domain controller name that is auto-generated:

DCcohov-CL0001

Note Directory Services Repair Mode was called Directory Services Restore Mode in previous Windows operating systems.

For more information about how to configure and troubleshoot VDC together with details and step-by-step guidance, see the following articles:

http://technet.microsoft.com/en-us/library/hh831734.aspx

(http://technet.microsoft.com/en-us/library/hh831734.aspx)

http://go.microsoft.com/fwlink/p/?LinkId=236370

(http://go.microsoft.com/fwlink/p/?LinkId=236370)

For more information about rules for valid NetBIOS computer names, click the following article number to view the article in the Microsoft Knowledge Base:

909264

(http://support.microsoft.com/kb/909264/ )

Naming conventions in Active Directory for computers, domains, sites, and OUs

Back to the top | Give Feedback