You are currently offline, waiting for your internet to reconnect

Domain controller cloning fails with error 8437: "invalid parameter was specified for this replication operation"

You use the Virtualized Domain Controller (VDC) cloning feature that is introduced in Windows Server 2012. After you clone a new domain controller, you find that the server starts in Directory Services Repair Mode (DSRM). Additionally, when you examine the Directory Services event log on the cloned domain controller, you find an event that resembles the following:

Log Name: Directory Service
Source: Microsoft-Windows-DirectoryServices-DSROLE-Server
Date: 8/8/2012 12:11:25 PM
Event ID: 29255
Task Category: None
Level: Error
Virtual domain controller cloning failed. An attempt to create objects on the primary domain controller required for the image being cloned returned error 8437 ("An invalid parameter was specified for this replication operation.
(0x20f5, 8437)").
Please verify that the cloned domain controller has privilege to clone itself. Check for related events in the Directory Service event log on primary domain controller

Details on virtual domain controller cloning can be found at

You verify that the clone computer belongs to the Cloneable Domain Controllers group.
One of the following issues occurred:
  • An invalid clone name was specified in DcCloneConfig.xml for the <ComputerName> element.
  • A duplicate NetBIOS name (same name as the source computer or same name as an existing computer on the network) was specified in DcCloneConfig.xml for the <ComputerName> element.
To resolve this issue, set the correct computer name in DcCloneConfig.xml. When you do this, follow these guidelines:
  • Use a valid name. The name must be in valid NetBIOS format, must not exceed 15 ASCII characters, and must not contain disallowed characters. The name cannot be in a fully qualified domain name (FQDN) format.
  • Use a unique name. The NetBIOS name cannot exist on the network as the name of any computer or domain.

After you set the correct computer name in DcCloneConfig.xml, follow these steps:
  1. Run the following commands from an elevated command prompt:
    Bcdedit.exe /deletevalue safeboot

    Shutdown.exe /r /t 0
  2. Verify that the server is successfully cloned.
More information
This behavior is by design.

You can also use clone domain controller names that are auto-generated. Such names are created when you do not specify a <ComputerName> element in the DcCloneConfig.xml. This automated process assigns a new computer name that is created by using first seven characters of the source computer, a hyphen, the letters "CL," and an incrementing number from 0001 to 9999.

For example, a source server that is named DCcohovineyard can have the following clone domain controller name that is auto-generated:
Note Directory Services Repair Mode was called Directory Services Restore Mode in previous Windows operating systems.

For more information about how to configure and troubleshoot VDC together with details and step-by-step guidance, see the following articles:For more information about rules for valid NetBIOS computer names, click the following article number to view the article in the Microsoft Knowledge Base: 
909264 Naming conventions in Active Directory for computers, domains, sites, and OUs

Article ID: 2742959 - Last Review: 09/18/2012 00:08:00 - Revision: 12.0

  • Windows Server 2012 Datacenter
  • Windows Server 2012 Standard
  • KB2742959