Having a peculiar issue promoting a Windows 2012 R2 server in a domain at 2003 domain/forest functional level.
Built a new 2012 R2 server, added the following software (labtech, appassure, eset A/V, & Teamviewer). It activated and appeared to be working fine. I added the Active Directory Domain Services role, and completed the configuration (Domain/Forest Prep, and DC promotion). All appeared to go well. I rebooted the server, and that's where the peculiar stuff began. I noticed the server indicated it needed activated again; but would not accept the key. I verified the key was good. That's when I noticed the Software Protection service (as well as many other core services – Base Filtering engine, DHCP client, firewall, etc) would not start. The error message for all of them was "Access Denied".
I called MS, and they wanted to troubleshoot at a service level. Their fix was to use procmon and identify the resource that needed permissions (registry key, file or folder) and add "everyone" with full control). That got the services to start; but the problem re-appeared after a reboot.
Thinking the issue might have been with the anti-virus package during the promotion process, I rebuilt the DCs from scratch and removed the metadata from AD (as I could not demote the machines "rpc server unavailble").
I tried to promote the newly built machines again. The only changes to the brand new machines being critical updates. Again the promotion appeared to work fine; but upon reboot (and a long wait to allow replication to occur) similar problems began to re-appear.
I have verified that the schema updates are correct (schema version is 69 – for Windows 2012 R2).
I am not finding much about this issue through my own searches, so I thought I would post this to see if anyone else has seen anything similar…
Best Answer
I just ran into this exact situation: