Today I have some time and wanted to upgrade my HP Proliant G8 Microserver running Server 2016 to the new Server 2019 Preview (build 17623). During setup I received the following message:
"Active Directory on this domain controller does not contain Windows Server ADPREP /FORESTPREP updates. See https://go.microsoft.com/fwlink/?LinkId=113955."
Okay, no problem, I thought I’d update the schema. I started a CMD shell as an administrator and changed to the support\adprep directory on the server 2019 DVD and entered the following command:
The command failed, I received the following error message in the log file:
Verifying file signature Failed to verify file signature: error 0x800b0109.
According to the protocol file, an attempt was made to execute the following command:
The file sch88.ldf seemed to be fine, there was nothing noticeable here. In the file schupgrade.cat, however, the following error message appeared in the file properties on the tab “Digital Signatures” after clicking on “Details”:
"A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"
A click on “View Certificate” showed the following message:
"This certificate cannot be verified up to a trusted certification authority."
A click on the tab “Certification Path” showed me the following:
That would be a possible explanation for my error message when using adprep. It looks like the root certificate used to issue the certificate of the CAT file is not recognized as trusted by my server because it is not installed on my local system. To fix this I added the root certificate using the following steps:
After adding the root certificate I was able to successfully execute the adprep command: