[Samba] Problem creating new DC's

lp101 lingpanda101 at gmail.com
Wed Jun 4 07:04:51 MDT 2014 

Hi Chris,

     Great news! Confirm Site and Services does in fact show your New DC 
in its appropriate location.

On 6/4/2014 8:58 AM, Chris Alavoine wrote:
> Hi James,
>
> Just thought I'd report my success!
>
> I'd forgotten to specify the local DC (same Site) in my domain 
> provision command:
>
> /usr/local/samba/bin/samba-tool domain join example.com 
> <http://example.com> DC -UAdministrator --realm=example.com 
> <http://example.com> --server=blahdc --site=blah
>
> This still took over an hour but didn't produce the above TIMEOUT error.
>
> Thanks for your help on this!
>
> c:)
>
>
>
> On 3 June 2014 16:40, Chris Alavoine <chrisa at acs-info.co.uk 
> <mailto:chrisa at acs-info.co.uk>> wrote:
>
>     Hi James,
>
>     I have upped the RAM to 20GB and given it 8 cores, but
>     unfortunately am getting the same result. The time taken to
>     process all the objects is well over an hour which I'm guessing is
>     where my problem lies.
>
>     Not sure what else to try expect maybe attempting to reduce the
>     number of DC's (over a weekend) and try again.
>
>     Thanks,
>     Chris.
>
>
>     On 3 June 2014 13:56, lp101 <lingpanda101 at gmail.com
>     <mailto:lingpanda101 at gmail.com>> wrote:
>
>             I believe I needed at least 8GB to complete the join
>         process. I know it was more then 4GB. Here is a link to my
>         discussion I had on this list in Jan.
>
>         http://samba.2283325.n4.nabble.com/DomainDnsZone-Replication-Shows-200-000-Objects-td4658437i20.html
>
>             I strongly discourage using the tombstone attribute to fix
>         this issue within this discussion. It created more issues then
>         it was worth. I'm not sure if this bug was fixed or not.
>         Increase the memory and attempt to join the new DC to the
>         existing DC at that site. It should help with the timeout
>         error. Good luck!
>
>
>
>         On 6/3/2014 8:44 AM, Chris Alavoine wrote:
>>         Hi James,
>>
>>         Thanks for the reply.
>>
>>         My last attempt had 4GB RAM and 4 cores (VM). Do you think I
>>         should give it some more?
>>
>>         Thanks,
>>         Chris.
>>
>>
>>         On 3 June 2014 13:42, lp101 <lingpanda101 at gmail.com
>>         <mailto:lingpanda101 at gmail.com>> wrote:
>>
>>                 Hi Chris,
>>
>>                 How much memory does your server have and are you
>>             attempting to join it to the local DC at the site? I've
>>             had an issue similar to this and increasing the server
>>             memory and attempting to join to a local DC helped.
>>
>>
>>             On 6/3/2014 8:04 AM, Chris Alavoine wrote:
>>
>>                 Hi there,
>>
>>                 I currently have 6 Samba4 (4.1.5) DC's spread over a
>>                 global network. This
>>                 is working ok but they were created before any Sites
>>                 were made and as the
>>                 ability to move DC's to new Sites is not working, I
>>                 am attempting to create
>>                 new DC's in each location and then demote the old ones.
>>
>>                 The problem I am facing is the domain join process
>>                 keeps timing out for any
>>                 new DC. I think this is due the amount of objects
>>                 that now need to be
>>                 synced:
>>
>>                 Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
>>                 objects[142711/162691] linked_values[0/0]
>>                 Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
>>                 objects[143113/162691] linked_values[0/0]
>>                 Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
>>                 objects[143515/162691] linked_values[0/0]
>>
>>                 (this is a snippet from attempting to join, as you
>>                 can see there are 162691
>>                 objects which takes a fair amount of time to get
>>                 through - I have tried
>>                 this from various different locations).
>>
>>                 This is the final error I get:
>>
>>                 Replicating
>>                 DC=ForestDnsZones,DC=essence,DC=internal,DC=com
>>                 Partition[DC=ForestDnsZones,DC=essence,DC=internal,DC=com]
>>                 objects[24/24]
>>                 linked_values[0/0]
>>                 Partition[DC=ForestDnsZones,DC=essence,DC=internal,DC=com]
>>                 objects[48/24]
>>                 linked_values[0/0]
>>                 Committing SAM database
>>                 Sending DsReplicateUpdateRefs for all the replicated
>>                 partitions
>>                 Join failed - cleaning up
>>                 checking sAMAccountName
>>                 ERROR(runtime): uncaught exception - (-1073741643,
>>                 'NT_STATUS_IO_TIMEOUT')
>>                    File
>>                 "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>                 line 175, in _run
>>                      return self.run(*args, **kwargs)
>>                    File
>>                 "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
>>                 line
>>                 552, in run
>>                      machinepass=machinepass, use_ntvfs=use_ntvfs,
>>                 dns_backend=dns_backend)
>>                    File
>>                 "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>                 line
>>                 1172, in join_DC
>>                      ctx.do_join()
>>                    File
>>                 "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>                 line
>>                 1082, in do_join
>>                      ctx.join_finalise()
>>                    File
>>                 "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>                 line
>>                 881, in join_finalise
>>                  ctx.send_DsReplicaUpdateRefs(nc)
>>                    File
>>                 "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>                 line
>>                 866, in send_DsReplicaUpdateRefs
>>                  ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle,
>>                 1, r)
>>
>>
>>                 Which seem to suggest that the join fails, it tries
>>                 to clean up and gets a
>>                 NT_STATUS_IO_TIMEOUT error.
>>
>>                 This leaves me with a non-functioning DC appearing in
>>                 the Domain Controller
>>                 list on ADUC and ADSS which need to be cleaned out.
>>
>>                 Any advice on how I can get around this problem?
>>
>>                 Thanks
>>                 Chris.
>>
>>
>>             -- 
>>             -James
>>
>>
>>
>>
>>         -- 
>>         ACS (Alavoine Computer Services Ltd)
>>         Chris Alavoine
>>         mob +44 (0)7724 710 730 <tel:%2B44%20%280%297724%20710%20730>
>>         www.alavoinecs.co.uk <http://www.alavoinecs.co.uk>
>>         http://twitter.com/#!/alavoinecs
>>         <http://twitter.com/#%21/alavoinecs>
>>         http://www.linkedin.com/pub/chris-alavoine/39/606/192
>
>         -- 
>         -James
>
>
>
>
>     -- 
>     ACS (Alavoine Computer Services Ltd)
>     Chris Alavoine
>     mob +44 (0)7724 710 730 <tel:%2B44%20%280%297724%20710%20730>
>     www.alavoinecs.co.uk <http://www.alavoinecs.co.uk>
>     http://twitter.com/#!/alavoinecs <http://twitter.com/#%21/alavoinecs>
>     http://www.linkedin.com/pub/chris-alavoine/39/606/192
>
>
>
>
> -- 
> ACS (Alavoine Computer Services Ltd)
> Chris Alavoine
> mob +44 (0)7724 710 730
> www.alavoinecs.co.uk <http://www.alavoinecs.co.uk>
> http://twitter.com/#!/alavoinecs <http://twitter.com/#%21/alavoinecs>
> http://www.linkedin.com/pub/chris-alavoine/39/606/192

-- 
-James

More information about the samba mailing list