Domain controller cloning fails with error 8610 in dcpromo.log


You use the Virtualized Domain Controller (VDC) cloning feature that Windows Server 2012 introduced. After you clone a new domain controller, you find that the server starts in Directory Services Repair Mode (DSRM). If you examine the c:\windows\debug\dcpromo.log, you find the following error entry:

This error code translates to 0x21a2, which is as follows:

The FSMO role ownership could not be verified because its directory partition has not replicated successfully with at least one replication partner


VDC cloning requires a Windows Server 2012 primary domain controller emulator (PDCe). In this case, the PDCe is discoverable by using the domain controller locator (Locator, also known as "DCLocator") and Domain Name System (DNS), and the PDCe is running the correct operating system. However, the PDCe was recently transferred from another server. And, the PDCe has not yet performed incoming (also known as "inbound") replication of the domain partition to learn about the current state of PDCe FSMO ownership before the PDCe can reassert ownership of this role (INITSYNC).


  1. Let the PDCe replicate Active Directory Domain Services with at least one partner, or use Dssites.msc or repadmin.exe to trigger immediate replication
  2. Run the following commands from an elevated command prompt:

    Bcdedit.exe /deletevalue safeboot

    Shutdown.exe /r /t 0

  3. Verify that the server is cloned successfully.

More Information

This behavior is by design. DSRM is intentionally invoked as part of the cloning process in order to safeguard the network and the domain from duplicated domain controllers.

Directory Services Repair Mode was called Directory Services Restore Mode in previous Windows operating systems.

For more information about how to configure and troubleshoot VDC together with details and step-by-step guidance, go to the following Microsoft websites:

