[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET

Bruno Andrade bma at eurotux.com
Mon Aug 18 02:43:28 MDT 2014 

Good moorning,

Anyone on this or with similar problems?

Regards,
Bruno Andrade.

On 08/12/2014 10:50 AM, Bruno Andrade wrote:
> Hey, Im trying to join a second domain controller to domain.
>
> I'm using the following command o join:
> *samba-tool domain join example.com DC -UAdministrator 
> --password=xxxxxx --realm=example.com --server=dc1.example.com 
> --site=NEWSITE --dns-backend=BIND9_DLZ --debuglevel=5*
>
> Iptables and SELinux are turned off in both machines.
> This is the debug I get...
>
> (...)
> Replicated 18 objects (0 linked attributes) for 
> DC=ForestDnsZones,DC=example,DC=com
> Discarding older DRS linked attribute update to member on 
> CN=Guests,CN=Builtin,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on 
> CN=Guests,CN=Builtin,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Windows 
> Authorization Access Group,CN=Builtin,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on 
> CN=Users,CN=Builtin,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on 
> CN=Users,CN=Builtin,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on 
> CN=Users,CN=Builtin,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on 
> CN=Enterprise Admins,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on 
> CN=Administrators,CN=Builtin,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on 
> CN=Administrators,CN=Builtin,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on 
> CN=Administrators,CN=Builtin,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on 
> CN=Administrators,CN=Builtin,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on 
> CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=example,DC=com 
> from d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Schema 
> Admins,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Domain 
> Guests,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied 
> RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied 
> RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied 
> RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied 
> RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied 
> RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied 
> RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied 
> RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied 
> RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Domain 
> Admins,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Domain 
> Admins,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Group 
> Policy Creator Owners,CN=Users,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on 
> CN=IIS_IUSRS,CN=Builtin,DC=example,DC=com from 
> d7329302-6a0e-42d2-bb54-7073ffe6b353
>      drsuapi_DsReplicaUpdateRefs: struct drsuapi_DsReplicaUpdateRefs
>         in: struct drsuapi_DsReplicaUpdateRefs
>             bind_handle              : *
>                 bind_handle: struct policy_handle
>                     handle_type              : 0x00000000 (0)
>                     uuid                     : 
> a99a925a-a457-41e4-a9c1-07feb8cc9351
>             level                    : 0x00000001 (1)
>             req                      : union 
> drsuapi_DsReplicaUpdateRefsRequest(case 1)
>             req1: struct drsuapi_DsReplicaUpdateRefsRequest1
>                 naming_context           : *
>                     naming_context: struct 
> drsuapi_DsReplicaObjectIdentifier
>                         __ndr_size               : 0x00000052 (82)
>                         __ndr_size_sid           : 0x00000000 (0)
>                         guid                     : 
> 00000000-0000-0000-0000-000000000000
>                         sid                      : S-0-0
>                         __ndr_size_dn            : 0x0000000c (12)
>                         dn                       : 'DC=example,DC=com'
>                 dest_dsa_dns_name        : *
>                     dest_dsa_dns_name        : 
> '24f5afa9-3f4e-4a9f-b993-31d1843712ee._msdcs.example.com'
>                 dest_dsa_guid            : 
> 24f5afa9-3f4e-4a9f-b993-31d1843712ee
>                 options                  : 0x0000001c (28)
>                        0: DRSUAPI_DRS_ASYNC_OP
>                        0: DRSUAPI_DRS_GETCHG_CHECK
>                        0: DRSUAPI_DRS_UPDATE_NOTIFICATION
>                        1: DRSUAPI_DRS_ADD_REF
>                        1: DRSUAPI_DRS_SYNC_ALL
>                        1: DRSUAPI_DRS_DEL_REF
>                        1: DRSUAPI_DRS_WRIT_REP
>                        0: DRSUAPI_DRS_INIT_SYNC
>                        0: DRSUAPI_DRS_PER_SYNC
>                        0: DRSUAPI_DRS_MAIL_REP
>                        0: DRSUAPI_DRS_ASYNC_REP
>                        0: DRSUAPI_DRS_IGNORE_ERROR
>                        0: DRSUAPI_DRS_TWOWAY_SYNC
>                        0: DRSUAPI_DRS_CRITICAL_ONLY
>                        0: DRSUAPI_DRS_GET_ANC
>                        0: DRSUAPI_DRS_GET_NC_SIZE
>                        0: DRSUAPI_DRS_LOCAL_ONLY
>                        0: DRSUAPI_DRS_NONGC_RO_REP
>                        0: DRSUAPI_DRS_SYNC_BYNAME
>                        0: DRSUAPI_DRS_REF_OK
>                        0: DRSUAPI_DRS_FULL_SYNC_NOW
>                        0: DRSUAPI_DRS_NO_SOURCE
>                        0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
>                        0: DRSUAPI_DRS_FULL_SYNC_PACKET
>                        0: DRSUAPI_DRS_SYNC_REQUEUE
>                        0: DRSUAPI_DRS_SYNC_URGENT
>                        0: DRSUAPI_DRS_REF_GCSPN
>                        0: DRSUAPI_DRS_NO_DISCARD
>                        0: DRSUAPI_DRS_NEVER_SYNCED
>                        0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
>                        0: DRSUAPI_DRS_INIT_SYNC_NOW
>                        0: DRSUAPI_DRS_PREEMPTED
>                        0: DRSUAPI_DRS_SYNC_FORCED
>                        0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
>                        0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
>                        0: DRSUAPI_DRS_USE_COMPRESSION
>                        0: DRSUAPI_DRS_NEVER_NOTIFY
>                        0: DRSUAPI_DRS_SYNC_PAS
>                        0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
> ERROR(runtime): uncaught exception - (-1073741299, 
> 'NT_STATUS_CONNECTION_RESET')
>   File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", 
> line 552, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, 
> dns_backend=dns_backend)
>   File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1172, 
> in join_DC
>     ctx.do_join()
>   File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1082, 
> in do_join
>     ctx.join_finalise()
>   File "/usr/lib64/python2.6/site-packages/samba/join.py", line 881, 
> in join_finalise
>     ctx.send_DsReplicaUpdateRefs(nc)
>   File "/usr/lib64/python2.6/site-packages/samba/join.py", line 866, 
> in send_DsReplicaUpdateRefs
>     ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
> Provision OK for domain DN DC=example,DC=com
> Starting replication
> Replicating critical objects from the base DN of the domain
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=example,DC=com
> Replicating DC=ForestDnsZones,DC=example,DC=com
> Committing SAM database
> Sending DsReplicateUpdateRefs for all the replicated partitions
> Join failed - cleaning up
> checking sAMAccountName
>
>
> Kind Regards,
> Bruno Andrade.

More information about the samba mailing list