So, I tried this in my own lab and didn't run into any issues running Domain Manager. This was a fresh install of a 2008 R2 SP1 domain controller on 2008 R2 functional level and a 2008 R2 SP1 UCCE server. I didn't make any changes at all to the domain after install and didn't run any utilities at all outside of dcpromo. I tried running domain manager both from the DVD and after installing 8.0(1a) and as long as I was logged in as the domain admin, I didn't get any errors. If you want, you can post your entire sadlib.log from a failed attempt I can do a stare and compare and see if anything jumps out between mine and yours.

Thank you Ed for testing this out.

Regards,

Geoff

Life becomes curiouser and curiouser.

I am back in the office today and used the Snap Shot Manager on VMware to revert the DC to prior to using the Domain Manager. So this means I have an install that's just like Ed's - vanilla dcpromo and a server joining the domain. So no change to delegation.

On the member server I removed the instance key from the registry, ran Domain Manager to create the OU with no issues, and used Web Setup to create the instance with no issues. Now I am totally mystified.

Regards,

Geoff

Some additional insight from when I tried this out: I accidentally logged in  as the local admin a couple times, and I got the exact same error that you  described earlier running domain manager, i.e. it creates the Cisco root ou,  creates a few security groups, then complains about a dacl error. If you run it  again, it crashes with an error.

There's also some weirdness I noticed in Win 2008 that makes it easier to  accidentally login with local admin. I noticed that if I login with the local  admin, then switch user (as opposed to full logoff) and try to login with the  domain admin, it appears to work fine but I actually end up logged in to the  local admin session ... very weird.

If you still have your sadlib logs from the failed attempt, it prints out the  user information whenever you open domain manager so that can tell if this is  what happened.

I went and tried that too after seeing your post.

Logged in as the local admin and ran DomainManager.exe - problems as indicated with the exact same message as I saw originally.

I wondered if I had accidentally been logging in as the local admin - I agree that the W2008 UI does not do the best job of this - the UI is sometimes slightly confusing. But I thought I was used to it and had not made an error. But let's see.

So I removed the OU on the DC and changed the delegation on the member computer to allow "trust" and went back to the member as a local admin. No, it will not work. You have to be domain admin for it to work.

Back on the DC removed the OU, changed delegation, logged back in on the member as domain admin and ran the DomainManager with no problem.

Now I cannot make it fail.

Regards,

Geoff

I am installing UCCE 9 in my Lab and getting similar error- I used similar action plan which you mentioned above but still same error

I'm installing 8.5.4 on W2008 SP1 and getting the same error, but the fix above is not correcting my issue.   Has anyone found an additional fix?

Hi Shirish,

I know, it is too long. But now, i face similar problem in 9.0 set up. When i open the web setup i get error '

Service Temporary Unavailable!

The Apache Tomecat 7 is not starting in services.msc

Tried unsinatlling Tomcat7 and run 9.0.1 setup from CD.

But the issue is there.