This article describes the steps to take to when facing the following ADOM upgrade error:

'Fail(errno=-2): Direction of member(s) must either be both or the same direction as the group' without any extra details. 

If gathering cdb and dvmdb debug during ADOM upgrade, there should be a line similar to the one shown below:

commit copy firewall internet-service-group.<group object name>(soid=<ID>) to dparent=<ID>, fail: err=-2, Direction of member(s) must either be both or the same direction as the group

Steps to correct the issue and perform a successful ADOM upgrade:

1. Make sure the ISDB objects are visible in the FortiManager:
   Enter the ADOM desired to be upgraded Policy and Objects -> Tools -> Display Options -> under the section 'Firewall Objects' enable 'Internet Service' -> OK.
   
   
2. Adjust the '<group object name>' direction to be matching the direction of the ISDB object:
   Policy and Objects -> Object Configurations -> Firewall Objects -> Internet Service, search for '<group object name>' -> Edit -> Advanced Options -> select direction either as 'Source' or 'Destination' (same direction as defined in the member) -> OK.
   
   
3. Now the upgrade should succeed. If there are more ISDB groups with mismatched directions use the above procedure to identify and correct the rest.
   
   
4. (OPTIONAL) Once the ADOM upgrade is successful it is possible to revert the ISDB group direction back to the original value.

Related article:

Technical Tip: How to upgrade an ADOM on FortiManager

Troubleshooting Tip: ADOM upgrade fails with error 'Fail(errno=-2):Do not support urlfilter-table fo...

Troubleshooting Tip: ADOM upgrade fails with error 'Fail(errno=-2):Invalid FQDN'