Cannot install Roles & Features (Windows 2016)

Sometimes when building a Domain Controller The new roles will not install and you’ll get the error below
The referenced assembly could not be found. Error: 0x80073701

Navigate to C:\Windows\Logs\CBS\CBS.log and search for STATUS_SXS_ASSEMBLY_MISSING

Quick fix
Get a new image and start over

Geek Way
Run these commands at elevated cmd

  • Dism.exe /Online /Cleanup-Image /CheckHealth
  • Dism.exe /Online /Cleanup-Image /ScanHealth
  • Dism.exe /online /cleanup-image /analyzecomponentstore
  • Dism.exe /Online /Cleanup-Image /restoreHealth
  • sfc.exe /scannow
  • powershell.exe “Get-TroubleshootingPack -path C:\Windows\diagnostics\system\WindowsUpdate | Invoke-TroubleshootingPack

If that doesn’t work get a new image

Enable Windows Debug Logs

Netlogon Debug Log
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] “DBFlag”=dword:2080ffff   (hexadecimal value)
Then open a cmd and type net stop netlogon && net start netlogon to enable the debugging mode. The Debug logging writes to C:\Windows\Debug\netlogon.log

After fresh installation of Windows Server domain controller you could see that you have no winlogon.log file which is useful to debugging AD GPO’s.
For example when you need to troubleshot SceCli events. Event ID 1202 tells you to use: FIND /I “Cannot find”  %SYSTEMROOT%\Security\Logs\winlogon.log

To create it, go to regedit and go to following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
Click the key ExtensionDebugLevel and enter 2 as a Data.

After refreshing AD policies with GPUpdate you should see your winlogon.log file

“User profile was not loaded correctly” – TEMP profile created on logon

  1. Log on as different user. Make sure the different user account is a administrator (added to the Administrators group).
  2. Open Windows Explorer and open C:\Users. Delete the directory of “problematic” user profile and “Temp” directory, it may or may not exist.
  3. Run the registry editor (RedEdit.exe)
  4. Go to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  5. You need to find the correct SID and delete it. To make sure you are deleting the right one, check the key ProfileImagePath which has the profile path. Delete the .bak key as well.
  6. Reboot the computer and logon on as the user as before.