Here is an interesting article for those who are playing with Windows server machines. Windows servers have many features to control and monitor other devices in a network. You can install many server features like DHCP, WebServer, DNS, Proxy, etc to enhance the usability of the windows server machine. The domain controller is the main computer in a domain network that can use the active directory service to control and manage other machines and devices on a network.
To use active directory services on a server, you need to promote one server machine to a domain controller. This is a quite simple procedure, however, it will show errors if does not do properly. If you are a newbie who is trying to promote your server as a domain controller, you might get an error “Verification of prerequisites for domain controller promotion failed. certificate server is installed.” Since you do not have any previous experience with servers, you are gonna stuck here. Here is the reason and solution for “Verification of prerequisites for Domain Controller promotion failed” error message.
Why “Verification of prerequisites for domain controller promotion failed. certificate server is installed.”?
Windows server has an enhanced security service that provides a public key infrastructure (PKI) for services like file encryption, email encryption, traffic encryption using SSL/TLS, digital signature, cryptography, etc. Using this certificate service, we can create certificates for the internal purpose of an organization. IF AD CS is not installed, the organization needs to rely on third-party services which are a little bit expensive.
When you installed a Certificate of Authority role on a server it uses a “key” from a DC which is already there. When you promote another server to a DC it would get another independent key for that DC. This makes the previously configured key to change and this is not allowed for a Certificate Authority. So simply telling, you can’t promote a server to Domain Controller if CA roles are already installed.
The main issue is that you’re performing an action in the wrong order. First of all, you have to set up the domain controller and then install the CA services, and in the configurations
Step by step Guide to Fix domain controller promotion failed error
So the only way to fix this issue is to remove the Certificate Role from the server and try promoting to a domain controller. Here are the step by step guide to removing the CA role and promoting a server to Domain Controller.
Step 1:- Go to the Server Manager dashboard. There you can see the existing installed features.
Step 2:- On the top right corner, you will see the option to manage servers. Click on Manage and select “Remove Roles and Features”.
Step 3:- You will see a wizard for removing server features. Click on the Next button.
Step 4:- Then you have to select the target server. If you have multiple servers, make sure you choose the right one. Then click Next.
Step 5:- There you will see the installed features on the server. Here in the following image, you will see the Active Directory Certificate Services is selected. Click in the box and you will see the remove option. Click next to remove the feature.
Step 6:- Another window will appear with further details. Click on remove features.
Step 7:- Now you can see a confirmation window asking to remove. Click on the remove button.
The remove role wizard then remove the certificate services and you will be able to close them once finished.
Restart won’t be required in most cases. If it prompts for a server restart, do it. Once you finish removing the AD CA role, try promoting the server to a domain controller and you will be able to do it without any errors.
I know this article is not yet completed. There are a lot of other information to add. You can comment on it below or write it on our forum. We appreciate all your inputs.