[German]A brief information for administrators in corporate environments running domain controllers with Active Directory domains. October 2018 update KB4462917 for Windows 10 V1607 and Windows Server 2016 causes issues with domain controller promotions for new Active Directory domains in existing forests.
Advertising
Update KB4462917 for Windows 10
Update KB4462917 was released on October 9, 2018 for Windows 10 V1607 (Enterprise and Education) and Windows Server 2016. It raises the OS build to 14393.2551 and is supposed to fix a vulnerability in the Microsoft JET Database Engine. I reported about the update in the article Patchday Windows 10-Updates (October 9, 2018).
Issues with Domain Controllers in new AD domains
According to a tip from German MVP colleague Meinolf Weber, there seem to be issues with domain controllers that manage Active Directory domains in forests. The blog post from MVP Sander Berkouwer reported, that update KB4462917 causes issues on Windows Server 2016 when switching to the Active Directory domain controller.
The issue occurs when you have an Active Directory Domain Services (AD DS) environment with the optional Active Directory Recycle Bin feature enabled. Then you may want to implement a new Windows Server 2016-based domain controller for a new Active Directory domain in this environment.
To do this, use the Add a new domain to an existing forest option in the Active Directory Domain Services Configuration Wizard or in the PowerShell Cmdlet Install-ADDSDomain. In this scenario, subdomain creation fails. When you use the Active Directory Domain Services Configuration Wizard, you see the following information:
An error occurred while trying to configure this machine as a Domain Controller
The operation failed because:
Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration, DC=domain,DC=tld from the remote Active Directory Domain Controller FullyQualifiedDCName."The replication operation encountered a database error."
When you use the PowerShell cmdlet Install-ADDSDomain, you receive the following error:
Advertising
Install-ADDSDomain : The operation failed because:
Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration, DC=domain,DC=tld from the remote Active Directory Domain Controller FullyQualifiedDCName."The replication operation encountered a database error."
The issue is caused by the optional Active Directory Recycle Bin feature. If update KB4462917 is uninstalled, the error disappears. The blog post contains further information about the problem, with the blog author also suspecting that the error might be caused by the following updates:
- KB4464330 for Windows Server 2019 (currently pulled)
- KB4462926 and KB4462941 for Windows Server 2012 R2
- KB4462929 and KB4462931 for Windows Server 2012
- KB4462923 and KB4462915 for Windows Server 2008 R2
Anyone affected who can confirm that?
Advertising
Yes I have this problem in 2019 Data Center as well