Symptoms
"Prepare node to PA agent installation" task fails:
Failed to execute command '/usr/local/pem/roles//AD_Domain/deploy_dc.cmd'. Check logs in 'c:\POA_Deploy' at host '192.0.2.2' for more details about the reasons of failure.
C:\POA_Deploy\sdc.txt
contains the following message:
Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20170117195019-test directory for possible cause of failure.
Adprep encountered an LDAP error.
Error code: 0x32. Server extended error code: 0x2098, Server error message: 00002098: SecErr: DSID-03151D7D, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Cause
pem_admin
domain user is not a member of Exchange Admins
and Schema Admins
AD groups.
Resolution
Add pem_admin
user to Exchange Admins
and Schema Admins
groups on the primary domain controller.