"Server is not operational" error message if you run New-AdDcCloneConfigFile in Windows Server 2012

Article translations Article translations
Article ID: 2745013 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Assume that you are using the Virtualized Domain Controller (VDC) cloning feature introduced in Windows Server 2012. If you run the New-AdDcCloneConfigFile Windows PowerShell cmdlet to clone a domain controller (DC), you receive the following error message:
Starting PDC test: Verifying that the domain controller hosting the PDC FSMO role is running Windows Server 2012 or later...
Passed: The domain controller hosting the PDC FSMO role (DC2-FULL.root.fabrikam.com) was located and running Windows Server 2012 or later.

Verifying authorization: Checking if this domain controller is a member of the 'Cloneable Domain Controllers' group...
Located the local domain controller: (DC2-FULL.root.fabrikam.com).

New-ADDCCloneConfigFile : The server is not operational
At line:1 char:1
+ New-ADDCCloneConfigFile
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ReadError: (Get-AdPrincipal...server:String) [New-ADDCCloneConfigFile], CmdletInvocationException
FullyQualifiedErrorId : 0,MIcrosoft.ActiveDirectory.Management.Commands.Newaddccloneconfigfile

Warning: The local domain controller is not a member of any groups

Cause

This problem occurs because the server cannot contact a Global Catalog server.

Resolution

To resolve this problem, make sure that the following conditions are true:
  • A Global Catalog server is available.
  • The server on which this problem occurs can reach the Global Catalog server through TCP ports 3268 and 3269.

More information

If you expect that a Global Catalog server will not be available when you run the New-AdDcCloneConfigFile cmdlet, add the -offline argument to the cmdlet. After you add this argument, the cmdlet no longer checks environmental settings, such as server availability.

During the cloning operation, a clone contacts the PDC emulator (PDCe) by using the RPC network protocol, and then validates the "Allow a DC to create a clone of itself" permission. This permission is usually granted through membership in the Cloneable Domain Controllers group. Therefore, make sure that the PDCe has replicated this group membership inbound. The PDCe does not have to be a Global Catalog server to perform the cloning operation. The Global Catalog server behavior in the cmdlet is used only in the server's internal tests, not in the cloning architecture itself.

Properties

Article ID: 2745013 - Last Review: September 19, 2012 - Revision: 6.1
Applies to
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Standard
Keywords: 
KB2745013

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com