Solved

Cannot raise function level to 2003 from 2000 native

Posted on 2004-09-08
17
1,474 Views
Last Modified: 2013-07-22
I am getting the error message "The function level cannot be raised.  Reason for error: The server is unwilling to process the request."

Here's the background info:
2 sites, 2 dc's in each site.  
Site A: Forest Root, Domain 1
Site B: Seperate tree, Domain 2

Site A:  Promoted 2 fresh Server 2003 AD's, Demoted 2 old 2000 DC's
Site B: Promoted 2 fresh Server 2003 AD's, Demoted 2 old 2000 DC's

I was able to raise the function level of Domain 1 in Site A no problem.  When I try to raise the level of Domain 2 in Site B i get that error.  

Event viewer showed this on a DC in the domain that i'm trying to raise the level of:

Active Directory failed to raise the functional level of the domain or forest because the following domain controller is at a lower functional level.
 
Object (forest or domain):
DC=norwalk,DC=medtechinc,DC=com
NTDS Settings object of domain controller:
CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=com

I then found references to orphaned DC's in the NTDS Settings, L&F container and removed them.  

Now I am not getting the event log errors when I try to raise it, but it still says "The server is unwilling to process the request"

I can provide any information requested, but don't want to start off with 10 pages of logs to add to the confusion.  

Any help steering me in the right direction would be greatly appreciated, because I can't find any info on technet that pertains to this message.  
0
Comment
Question by:medguru
17 Comments
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
Comment Utility
Hi!
That is an interesting situation:)

I thing that you should go through the following steps:
1. Perform metadata cleanup for the nonexistent DCs using NTDSUTIL (you can find instructions about this on MS site. If you want I can send you detailed steps for this)
2. Open ADSIEDIT.msc (I believe that you already have installed the support tools), open the Domain Naming Context, navigate to the Domain Controllers and delete the nonexistent DCs.
3. Clean your AD integrated DNS zone from srv records pointing to the nonexistent DCs
4. Replicate, check the replication status and try again

Good Luck!!!

NetoMeter
0
 
LVL 3

Expert Comment

by:iwontleaveyou
Comment Utility
Did u raised the functional level of all DC's alltogether or you restarted the first DC after raising and then started working on the second one?
0
 

Author Comment

by:medguru
Comment Utility
Active Directory failed to raise the functional level of the domain or forest because the following domain controller is at a lower functional level.
 
Object (forest or domain):
DC=norwalk,DC=medtechinc,DC=com
NTDS Settings object of domain controller:
CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=com

First notice there is no domain controller listed after the :
Second, when I look in that container on every DC in the forest, there's nothing.  

NetoMeter: I did find one DNS entry for an SRV record to an old DC and removed it, but it does the same thing.

Still getting "The function level of the domain could not be raised. Reason for error: The server is unwilling to process the request."
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
Comment Utility
Hi!
How are your FSMO distributed in each domain?
Do you get a correct answer for each FSMO role when you run "netdom query fsmo" on each DC?

NetoMeter
0
 

Author Comment

by:medguru
Comment Utility
East domain:
DC1 = RID, PDC, Infra
DC2 = GC

West domain:
Hermes = GC
Temp-dc = RID, PDC, Infra

Active Directory Replication Global Catalog Server Output
Printed at    9/10/2004 3:57:50 PM

Below are the Global Catalog servers for the Enterprise based on information from the server (dc2):

GCName:       DC1
GCName:       DC2
GCName:       HERMES
GCName:       LostAndFoundConfig



0
 

Author Comment

by:medguru
Comment Utility
The NTDS-DSA object:
'CN=NTDS Settings, CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=COM'
is not properly configured and is preventing the forest functional level from being raised.  It refers to the domain controller 'MAIL'. If this domain controller is off-line, then bringing it back on line may cause replication that will repair the configuration.  Otherwise delete this object using the ADSI edit MMC snapin or a smiliar tool.

I've combed through each DC with adsi edit looking for references to this 'MAIL' controller and can't find any.  Grrr.  

The 'MAIL' server was an older DC that crashed and couldn't be brought back online.

Where could it be that i'm not seeing?  
0
 

Author Comment

by:medguru
Comment Utility
"Do you get a correct answer for each FSMO role when you run "netdom query fsmo" on each DC?"

Yes.  Correct on each DC.
0
 

Author Comment

by:medguru
Comment Utility

 
Comment from iwontleaveyou  feedback
Date: 09/09/2004 12:50AM PDT
 Comment  


Did u raised the functional level of all DC's alltogether or you restarted the first DC after raising and then started working on the second one?


Attempted to raise both together.  
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 11

Expert Comment

by:NetoMeter Screencasts
Comment Utility
Hi!
Did you perform Metadata Cleanup - I refered to this as step1?

NetoMeter
0
 

Author Comment

by:medguru
Comment Utility
Hi!
Did you perform Metadata Cleanup - I refered to this as step1?

NetoMeter


Yes, Metadata cleanup doesn't show any DC's that don't belong there.  Notice there is no name listed next to the message so if it is possible to remove it via metadata cleanup, it's not listed by name so I can't remove references to it.

Active Directory failed to raise the functional level of the domain or forest because the following domain controller is at a lower functional level.
 
Object (forest or domain):
DC=norwalk,DC=medtechinc,DC=com
NTDS Settings object of domain controller:
CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=jackson,DC=medtechinc,DC=com
0
 

Author Comment

by:medguru
Comment Utility
"Select server number , where number is the number associated with the server you want to remove."

This is the problem with MD cleanup.  The server that is apparently preventing the domain function level from being raised, doesn't show in the list of DC's, so obviously I can't select it as a target to remove in MD cleanup.  
0
 

Author Comment

by:medguru
Comment Utility
Ok problem solved.  here is the solution:

The NTDS Settings object located in the LostAndFoundConfig container was empty, but it referred to an orphaned DC that was also a GC.  

The NTDS Settings object itself was empty, but nevertheless it shouldn't have been there.  Deleted that object and function level was able to be raised.

0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
Comment Utility
Thanks a lot Medguru!!!

NetoMeter
0
 

Accepted Solution

by:
modulo earned 0 total points
Comment Utility
PAQed with points refunded (500)

modulo
Community Support Moderator
0
 

Expert Comment

by:DavidGealt
Comment Utility
medguru's last post worked for me as well, just delete the empty NTDS Settings object under LostAndFoundConfig and run the raise function level wizard again


medguru:
Ok problem solved.  here is the solution:

The NTDS Settings object located in the LostAndFoundConfig container was empty, but it referred to an orphaned DC that was also a GC.  

The NTDS Settings object itself was empty, but nevertheless it shouldn't have been there.  Deleted that object and function level was able to be raised.
0
 
LVL 4

Expert Comment

by:a1aait
Comment Utility
Worked for me.  THANK YOU!!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now