Solved

Cannot raise function level to 2003 from 2000 native

Posted on 2004-09-08
17
1,513 Views
Last Modified: 2013-07-22
I am getting the error message "The function level cannot be raised.  Reason for error: The server is unwilling to process the request."

Here's the background info:
2 sites, 2 dc's in each site.  
Site A: Forest Root, Domain 1
Site B: Seperate tree, Domain 2

Site A:  Promoted 2 fresh Server 2003 AD's, Demoted 2 old 2000 DC's
Site B: Promoted 2 fresh Server 2003 AD's, Demoted 2 old 2000 DC's

I was able to raise the function level of Domain 1 in Site A no problem.  When I try to raise the level of Domain 2 in Site B i get that error.  

Event viewer showed this on a DC in the domain that i'm trying to raise the level of:

Active Directory failed to raise the functional level of the domain or forest because the following domain controller is at a lower functional level.
 
Object (forest or domain):
DC=norwalk,DC=medtechinc,DC=com
NTDS Settings object of domain controller:
CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=com

I then found references to orphaned DC's in the NTDS Settings, L&F container and removed them.  

Now I am not getting the event log errors when I try to raise it, but it still says "The server is unwilling to process the request"

I can provide any information requested, but don't want to start off with 10 pages of logs to add to the confusion.  

Any help steering me in the right direction would be greatly appreciated, because I can't find any info on technet that pertains to this message.  
0
Comment
Question by:medguru
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
17 Comments
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 12012676
Hi!
That is an interesting situation:)

I thing that you should go through the following steps:
1. Perform metadata cleanup for the nonexistent DCs using NTDSUTIL (you can find instructions about this on MS site. If you want I can send you detailed steps for this)
2. Open ADSIEDIT.msc (I believe that you already have installed the support tools), open the Domain Naming Context, navigate to the Domain Controllers and delete the nonexistent DCs.
3. Clean your AD integrated DNS zone from srv records pointing to the nonexistent DCs
4. Replicate, check the replication status and try again

Good Luck!!!

NetoMeter
0
 
LVL 3

Expert Comment

by:iwontleaveyou
ID: 12013793
Did u raised the functional level of all DC's alltogether or you restarted the first DC after raising and then started working on the second one?
0
 

Author Comment

by:medguru
ID: 12027620
Active Directory failed to raise the functional level of the domain or forest because the following domain controller is at a lower functional level.
 
Object (forest or domain):
DC=norwalk,DC=medtechinc,DC=com
NTDS Settings object of domain controller:
CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=com

First notice there is no domain controller listed after the :
Second, when I look in that container on every DC in the forest, there's nothing.  

NetoMeter: I did find one DNS entry for an SRV record to an old DC and removed it, but it does the same thing.

Still getting "The function level of the domain could not be raised. Reason for error: The server is unwilling to process the request."
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 12028537
Hi!
How are your FSMO distributed in each domain?
Do you get a correct answer for each FSMO role when you run "netdom query fsmo" on each DC?

NetoMeter
0
 

Author Comment

by:medguru
ID: 12030814
East domain:
DC1 = RID, PDC, Infra
DC2 = GC

West domain:
Hermes = GC
Temp-dc = RID, PDC, Infra

Active Directory Replication Global Catalog Server Output
Printed at    9/10/2004 3:57:50 PM

Below are the Global Catalog servers for the Enterprise based on information from the server (dc2):

GCName:       DC1
GCName:       DC2
GCName:       HERMES
GCName:       LostAndFoundConfig



0
 

Author Comment

by:medguru
ID: 12031220
The NTDS-DSA object:
'CN=NTDS Settings, CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=COM'
is not properly configured and is preventing the forest functional level from being raised.  It refers to the domain controller 'MAIL'. If this domain controller is off-line, then bringing it back on line may cause replication that will repair the configuration.  Otherwise delete this object using the ADSI edit MMC snapin or a smiliar tool.

I've combed through each DC with adsi edit looking for references to this 'MAIL' controller and can't find any.  Grrr.  

The 'MAIL' server was an older DC that crashed and couldn't be brought back online.

Where could it be that i'm not seeing?  
0
 

Author Comment

by:medguru
ID: 12031448
"Do you get a correct answer for each FSMO role when you run "netdom query fsmo" on each DC?"

Yes.  Correct on each DC.
0
 

Author Comment

by:medguru
ID: 12031566

 
Comment from iwontleaveyou  feedback
Date: 09/09/2004 12:50AM PDT
 Comment  


Did u raised the functional level of all DC's alltogether or you restarted the first DC after raising and then started working on the second one?


Attempted to raise both together.  
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 12032079
Hi!
Did you perform Metadata Cleanup - I refered to this as step1?

NetoMeter
0
 

Author Comment

by:medguru
ID: 12044292
Hi!
Did you perform Metadata Cleanup - I refered to this as step1?

NetoMeter


Yes, Metadata cleanup doesn't show any DC's that don't belong there.  Notice there is no name listed next to the message so if it is possible to remove it via metadata cleanup, it's not listed by name so I can't remove references to it.

Active Directory failed to raise the functional level of the domain or forest because the following domain controller is at a lower functional level.
 
Object (forest or domain):
DC=norwalk,DC=medtechinc,DC=com
NTDS Settings object of domain controller:
CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=com
0
 

Author Comment

by:medguru
ID: 12046564
"Select server number , where number is the number associated with the server you want to remove."

This is the problem with MD cleanup.  The server that is apparently preventing the domain function level from being raised, doesn't show in the list of DC's, so obviously I can't select it as a target to remove in MD cleanup.  
0
 

Author Comment

by:medguru
ID: 12104213
Ok problem solved.  here is the solution:

The NTDS Settings object located in the LostAndFoundConfig container was empty, but it referred to an orphaned DC that was also a GC.  

The NTDS Settings object itself was empty, but nevertheless it shouldn't have been there.  Deleted that object and function level was able to be raised.

0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 12105592
Thanks a lot Medguru!!!

NetoMeter
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12632952
PAQed with points refunded (500)

modulo
Community Support Moderator
0
 

Expert Comment

by:DavidGealt
ID: 34528840
medguru's last post worked for me as well, just delete the empty NTDS Settings object under LostAndFoundConfig and run the raise function level wizard again


medguru:
Ok problem solved.  here is the solution:

The NTDS Settings object located in the LostAndFoundConfig container was empty, but it referred to an orphaned DC that was also a GC.  

The NTDS Settings object itself was empty, but nevertheless it shouldn't have been there.  Deleted that object and function level was able to be raised.
0
 
LVL 4

Expert Comment

by:a1aait
ID: 39346494
Worked for me.  THANK YOU!!
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question