Symptoms

"Prepare node to PA agent installation" task fails:

Failed to execute command '/usr/local/pem/roles//AD_Domain/deploy_dc.cmd'. Check logs in 'c:\POA_Deploy' at host '192.0.2.2' for more details about the reasons of failure.

C:\POA_Deploy\sdc.txt contains the following message:

Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20170117195019-test directory for possible cause of failure.
Adprep encountered an LDAP error.
Error code: 0x32. Server extended error code: 0x2098, Server error message: 00002098: SecErr: DSID-03151D7D, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Cause

pem_admin domain user is not a member of Exchange Admins and Schema Admins AD groups.

Resolution

Add pem_admin user to Exchange Admins and Schema Admins groups on the primary domain controller.

Internal content