?
Solved

Cannot raise function level to 2003 from 2000 native

Posted on 2004-09-08
17
Medium Priority
?
1,525 Views
Last Modified: 2013-07-22
I am getting the error message "The function level cannot be raised.  Reason for error: The server is unwilling to process the request."

Here's the background info:
2 sites, 2 dc's in each site.  
Site A: Forest Root, Domain 1
Site B: Seperate tree, Domain 2

Site A:  Promoted 2 fresh Server 2003 AD's, Demoted 2 old 2000 DC's
Site B: Promoted 2 fresh Server 2003 AD's, Demoted 2 old 2000 DC's

I was able to raise the function level of Domain 1 in Site A no problem.  When I try to raise the level of Domain 2 in Site B i get that error.  

Event viewer showed this on a DC in the domain that i'm trying to raise the level of:

Active Directory failed to raise the functional level of the domain or forest because the following domain controller is at a lower functional level.
 
Object (forest or domain):
DC=norwalk,DC=medtechinc,DC=com
NTDS Settings object of domain controller:
CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=com

I then found references to orphaned DC's in the NTDS Settings, L&F container and removed them.  

Now I am not getting the event log errors when I try to raise it, but it still says "The server is unwilling to process the request"

I can provide any information requested, but don't want to start off with 10 pages of logs to add to the confusion.  

Any help steering me in the right direction would be greatly appreciated, because I can't find any info on technet that pertains to this message.  
0
Comment
Question by:medguru
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
17 Comments
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 12012676
Hi!
That is an interesting situation:)

I thing that you should go through the following steps:
1. Perform metadata cleanup for the nonexistent DCs using NTDSUTIL (you can find instructions about this on MS site. If you want I can send you detailed steps for this)
2. Open ADSIEDIT.msc (I believe that you already have installed the support tools), open the Domain Naming Context, navigate to the Domain Controllers and delete the nonexistent DCs.
3. Clean your AD integrated DNS zone from srv records pointing to the nonexistent DCs
4. Replicate, check the replication status and try again

Good Luck!!!

NetoMeter
0
 
LVL 3

Expert Comment

by:iwontleaveyou
ID: 12013793
Did u raised the functional level of all DC's alltogether or you restarted the first DC after raising and then started working on the second one?
0
 

Author Comment

by:medguru
ID: 12027620
Active Directory failed to raise the functional level of the domain or forest because the following domain controller is at a lower functional level.
 
Object (forest or domain):
DC=norwalk,DC=medtechinc,DC=com
NTDS Settings object of domain controller:
CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=com

First notice there is no domain controller listed after the :
Second, when I look in that container on every DC in the forest, there's nothing.  

NetoMeter: I did find one DNS entry for an SRV record to an old DC and removed it, but it does the same thing.

Still getting "The function level of the domain could not be raised. Reason for error: The server is unwilling to process the request."
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 12028537
Hi!
How are your FSMO distributed in each domain?
Do you get a correct answer for each FSMO role when you run "netdom query fsmo" on each DC?

NetoMeter
0
 

Author Comment

by:medguru
ID: 12030814
East domain:
DC1 = RID, PDC, Infra
DC2 = GC

West domain:
Hermes = GC
Temp-dc = RID, PDC, Infra

Active Directory Replication Global Catalog Server Output
Printed at    9/10/2004 3:57:50 PM

Below are the Global Catalog servers for the Enterprise based on information from the server (dc2):

GCName:       DC1
GCName:       DC2
GCName:       HERMES
GCName:       LostAndFoundConfig



0
 

Author Comment

by:medguru
ID: 12031220
The NTDS-DSA object:
'CN=NTDS Settings, CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=COM'
is not properly configured and is preventing the forest functional level from being raised.  It refers to the domain controller 'MAIL'. If this domain controller is off-line, then bringing it back on line may cause replication that will repair the configuration.  Otherwise delete this object using the ADSI edit MMC snapin or a smiliar tool.

I've combed through each DC with adsi edit looking for references to this 'MAIL' controller and can't find any.  Grrr.  

The 'MAIL' server was an older DC that crashed and couldn't be brought back online.

Where could it be that i'm not seeing?  
0
 

Author Comment

by:medguru
ID: 12031448
"Do you get a correct answer for each FSMO role when you run "netdom query fsmo" on each DC?"

Yes.  Correct on each DC.
0
 

Author Comment

by:medguru
ID: 12031566

 
Comment from iwontleaveyou  feedback
Date: 09/09/2004 12:50AM PDT
 Comment  


Did u raised the functional level of all DC's alltogether or you restarted the first DC after raising and then started working on the second one?


Attempted to raise both together.  
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 12032079
Hi!
Did you perform Metadata Cleanup - I refered to this as step1?

NetoMeter
0
 

Author Comment

by:medguru
ID: 12044292
Hi!
Did you perform Metadata Cleanup - I refered to this as step1?

NetoMeter


Yes, Metadata cleanup doesn't show any DC's that don't belong there.  Notice there is no name listed next to the message so if it is possible to remove it via metadata cleanup, it's not listed by name so I can't remove references to it.

Active Directory failed to raise the functional level of the domain or forest because the following domain controller is at a lower functional level.
 
Object (forest or domain):
DC=norwalk,DC=medtechinc,DC=com
NTDS Settings object of domain controller:
CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=com
0
 

Author Comment

by:medguru
ID: 12046564
"Select server number , where number is the number associated with the server you want to remove."

This is the problem with MD cleanup.  The server that is apparently preventing the domain function level from being raised, doesn't show in the list of DC's, so obviously I can't select it as a target to remove in MD cleanup.  
0
 

Author Comment

by:medguru
ID: 12104213
Ok problem solved.  here is the solution:

The NTDS Settings object located in the LostAndFoundConfig container was empty, but it referred to an orphaned DC that was also a GC.  

The NTDS Settings object itself was empty, but nevertheless it shouldn't have been there.  Deleted that object and function level was able to be raised.

0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 12105592
Thanks a lot Medguru!!!

NetoMeter
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12632952
PAQed with points refunded (500)

modulo
Community Support Moderator
0
 

Expert Comment

by:DavidGealt
ID: 34528840
medguru's last post worked for me as well, just delete the empty NTDS Settings object under LostAndFoundConfig and run the raise function level wizard again


medguru:
Ok problem solved.  here is the solution:

The NTDS Settings object located in the LostAndFoundConfig container was empty, but it referred to an orphaned DC that was also a GC.  

The NTDS Settings object itself was empty, but nevertheless it shouldn't have been there.  Deleted that object and function level was able to be raised.
0
 
LVL 4

Expert Comment

by:a1aait
ID: 39346494
Worked for me.  THANK YOU!!
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question