Re: Blank Forest Functional Level - Unable to fix
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Wed, 17 May 2006 20:36:50 -0400
I would start looking very closely at all DCs to verify that the same DC is set for the PDC master. I would also look at DNS and make sure the DNS PDC entry is correct. I would even make sure that he 1B record in WINS is correct. Something appears to be pointing at the old PDC.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
akeiii wrote:
I spoke too soon. Adprep (I found a R2 32 bit CD2) returns the following error: Error code: 0x20 Server extended error code : 0x208d, Server error message: 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=XXXXXXXXXXXX\0ADEL:429f1675-1fbd-466a-ad02-0d9b950d1b96,CN=Servers,CN=Defaut-First-Site-Name,CN=Sties,CN=Configuration,DC=<domain name>,DC=com' where XXXXXXXXXXX is the name of the old PDC!.
I would bet that if I could remove that bad entry the other problems would go away.
"akeiii" wrote:
I still can not fix the FFL however I am closer to promoting the new server to a domain controller. I promoted a Windows Server 2003 SP1 server to a domain controller. I then transferred the three master roles (including operations and infrastructure) to the new system and back. Now I could promote the new server with Windows Server 2003x64 R2 to a domain controller if I could run ADPREP. My CATCH22 is:
1.) ADPREP.EXE from CD2 of Windows Server 2003x64 R2 must be run to prep the forest. 2.) ADPREP.EXE must be run on the operations master. 3.) The operations master is Windows Server 2003 SP1 (32 bit). 4.) The ADPREP.EXE from the Windows Server 2003x64 R2 will not run on the current operations master!
I can not find a download for the version of ADPREP I need.
"akeiii" wrote:
AdMod V01.06.00cpp Joe Richards (...) June 2005
Error 0xa (10) - Referral
Extended Error: 0000202B: RefErr: DSID-031006E0, data 0, 1 access points
ref 1: 'domain.com'
ERROR: Too many errors encountered, terminating...
The command did not complete successfully
"Joe Richards [MVP]" wrote:
That isn't the whole error that AD is sending back. Use the command that I specified.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
akeiii wrote:Prior to the PDC failure replication worked perfectly and both DCs showed FFL2 and DFL2. It was only after the PDC failed and I had to force make the other DC the operations master (PDC) that the FFL disappeared. The complete LDP.EXE error was "Illegal modify operation. Some aspect of the modification is not permitted." as was the error from ADSIEDIT.MSC.
"Joe Richards [MVP]" wrote:
I find it odd that you were at FFL2 and the other DCs didn't know it, if that were the case, your forest wasn't replicating properly. It would be easier to believe you actually weren't at FFL2.
Anyway, not being in FFL2 won't prevent you from adding an R2 DC. Your thoughts that it interprets not set as mixed mode is true because not set IS mixed mode. You need to do a forest prep to prepare the schema for R2 prior to adding an R2 Domain Controller. Up until this afternoon I had one R2 forest that was entirely all R2 DCs in Windows 2000 mixed mode. It was a fresh forest I had just built for testing purposes and was never at any point anything but R2.
Anyway, you could be running into something odd when raising the forest functional level and even though it isn't required for R2, I will offer a command line mechanism to do it that will kick out an error message that can be used to work out the issue. LDP should have kicked out the error message as well, I expect you just didn't post the entire error.
Anyway here is the command (all one line)
admod -b CN=Partitions,CN=Configuration,DC=domain,DC=com msDS-Behavior-Version::2 -exterr
Run the command and post the ENTIRE error message.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
akeiii wrote:Set Forest Functional Level Manually Fails
I have a domain which had 2 domain controllers, both Windows Server 2003 fully patched.
The domain functional level was Windows Server 2003.
The forest functional level was Windows Server 2003.
The PDC failed catastrophically.
I had to use FSMO to transfer all operations to the remaining domain controller.
I acquired a new server with Windows Server 2003 R2. When I tried to promote it to be a domain controller the promotion failed, incompatible forest, because the new server interprets not set as mixed mode. Checking the new PDC I discovered that the domain functional level is still Windows Server 2003 however the forest functional level is blank. Ldp.exe and Adsiedit.msc both show that the attribute msDS-Behavior-Version on the CN=Partitions, CN=Configuration, DC=ForestRootDom, DC=tld object is NOT SET. If I try to raise the forest functional level on the domain controller using the MMC the console gets an error and closes. If I try to manually set the forest functional level using either Ldp.exe or Adsiedit.msc I receive the following error "Illegal modify operation. Some aspect of the modification is not permitted.". The Microsoft troubleshooting document says "Click OK to continue." however this does not work. The full Microsoft document follows.
"
View and Set Functional Levels Manually
LDAP tools such as Ldp.exe and Adsiedit.msc can be used to view and modify the current domain and forest functional level settings. When you modify the attributes manually, it is best to target the FSMO authoritative for the increase as the change is actually written to the authoritative FSMO then replicated.
Forest Level Setting
The attribute is msDS-Behavior-Version on the CN=Partitions, CN=Configuration, DC=ForestRootDom, DC=tld object.
• Value of 0 or not set=mixed level forest
• Value of 1=Windows Server 2003 interim forest level
• Value of 2=Windows Server 2003 forest level
Note When you increase the msDS-Behavior-Version attribute from 0 to 1 with ADSIEdit, you receive the following error message: Illegal modify operation. Some aspect of the modification is not permitted.
Click OK to continue. The attribute on the partitions container and the domain head are correctly increased. The error message is not reported by the Ldp.exe file. You can safely ignore the error message. To verify the level increase was successful, refresh the attribute list and check the current setting. This error message may also occur if you have already performed the level increase on the authoritative FSMO, but has not replicated to the local domain controller.
"
Suggestions?
- References:
- Re: Blank Forest Functional Level - Unable to fix
- From: Joe Richards [MVP]
- Re: Blank Forest Functional Level - Unable to fix
- From: akeiii
- Re: Blank Forest Functional Level - Unable to fix
- From: Joe Richards [MVP]
- Re: Blank Forest Functional Level - Unable to fix
- From: akeiii
- Re: Blank Forest Functional Level - Unable to fix
- From: akeiii
- Re: Blank Forest Functional Level - Unable to fix
- From: akeiii
- Re: Blank Forest Functional Level - Unable to fix
- Prev by Date: Re: Blank Forest Functional Level - Unable to fix
- Next by Date: Re: DSADD - Multiple object creation
- Previous by thread: Re: Blank Forest Functional Level - Unable to fix
- Next by thread: Re: Blank Forest Functional Level - Unable to fix
- Index(es):
Relevant Pages
|
