environment: The following servers are in place AD1, ISA1, ISA2, AD2. AD1 is behind ISA1; AD2 is behind ISA2; ISA1 and ISA2 are connected via VPN.
ISA 2006 (without SP1)
problem: during dcpromo
The operation failed because: Active Directory Domain Services could not create the NTDS Settings object for this Active Directory Domain Controller CN=NTDS Settings,CN=AD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=net on the remote AD DC ad1.contoso.net. Ensure the provided network credentials have sufficient permissions. "The remote procedure call failed."
solution: Go to to ISA1 and ISA2. Right mouse click the rule responsible for VPN traffic. Select "Configure RFC protocol" and uncheck "Enforce strict RPC compliance"
Updating to ISA 2006 SP1 finally fixed it.