[Samba] Problem creating new DC's

Chris Alavoine chrisa at acs-info.co.uk
Wed Jun 4 07:08:33 MDT 2014 

Yep, new DC shows up under ADSS.

c:)


On 4 June 2014 14:04, lp101 <lingpanda101 at gmail.com> wrote:

>  Hi Chris,
>
>     Great news! Confirm Site and Services does in fact show your New DC in
> its appropriate location.
>
>
> On 6/4/2014 8:58 AM, Chris Alavoine wrote:
>
> Hi James,
>
>  Just thought I'd report my success!
>
>  I'd forgotten to specify the local DC (same Site) in my domain provision
> command:
>
>  /usr/local/samba/bin/samba-tool domain join example.com DC
> -UAdministrator --realm=example.com --server=blahdc --site=blah
>
>  This still took over an hour but didn't produce the above TIMEOUT error.
>
>  Thanks for your help on this!
>
>  c:)
>
>
>
> On 3 June 2014 16:40, Chris Alavoine <chrisa at acs-info.co.uk> wrote:
>
>> Hi James,
>>
>>  I have upped the RAM to 20GB and given it 8 cores, but unfortunately am
>> getting the same result. The time taken to process all the objects is well
>> over an hour which I'm guessing is where my problem lies.
>>
>>  Not sure what else to try expect maybe attempting to reduce the number
>> of DC's (over a weekend) and try again.
>>
>>  Thanks,
>> Chris.
>>
>>
>> On 3 June 2014 13:56, lp101 <lingpanda101 at gmail.com> wrote:
>>
>>>      I believe I needed at least 8GB to complete the join process. I
>>> know it was more then 4GB. Here is a link to my discussion I had on this
>>> list in Jan.
>>>
>>>
>>> http://samba.2283325.n4.nabble.com/DomainDnsZone-Replication-Shows-200-000-Objects-td4658437i20.html
>>>
>>>     I strongly discourage using the tombstone attribute to fix this
>>> issue within this discussion. It created more issues then it was worth. I'm
>>> not sure if this bug was fixed or not. Increase the memory and attempt to
>>> join the new DC to the existing DC at that site. It should help with the
>>> timeout error. Good luck!
>>>
>>>
>>>
>>> On 6/3/2014 8:44 AM, Chris Alavoine wrote:
>>>
>>> Hi James,
>>>
>>>  Thanks for the reply.
>>>
>>>  My last attempt had 4GB RAM and 4 cores (VM). Do you think I should
>>> give it some more?
>>>
>>>  Thanks,
>>> Chris.
>>>
>>>
>>> On 3 June 2014 13:42, lp101 <lingpanda101 at gmail.com> wrote:
>>>
>>>>     Hi Chris,
>>>>
>>>>     How much memory does your server have and are you attempting to
>>>> join it to the local DC at the site? I've had an issue similar to this and
>>>> increasing the server memory and attempting to join to a local DC helped.
>>>>
>>>>
>>>> On 6/3/2014 8:04 AM, Chris Alavoine wrote:
>>>>
>>>>> Hi there,
>>>>>
>>>>> I currently have 6 Samba4 (4.1.5) DC's spread over a global network.
>>>>> This
>>>>> is working ok but they were created before any Sites were made and as
>>>>> the
>>>>> ability to move DC's to new Sites is not working, I am attempting to
>>>>> create
>>>>> new DC's in each location and then demote the old ones.
>>>>>
>>>>> The problem I am facing is the domain join process keeps timing out
>>>>> for any
>>>>> new DC. I think this is due the amount of objects that now need to be
>>>>> synced:
>>>>>
>>>>> Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
>>>>> objects[142711/162691] linked_values[0/0]
>>>>> Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
>>>>> objects[143113/162691] linked_values[0/0]
>>>>> Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
>>>>> objects[143515/162691] linked_values[0/0]
>>>>>
>>>>> (this is a snippet from attempting to join, as you can see there are
>>>>> 162691
>>>>> objects which takes a fair amount of time to get through - I have tried
>>>>> this from various different locations).
>>>>>
>>>>> This is the final error I get:
>>>>>
>>>>> Replicating DC=ForestDnsZones,DC=essence,DC=internal,DC=com
>>>>> Partition[DC=ForestDnsZones,DC=essence,DC=internal,DC=com]
>>>>> objects[24/24]
>>>>> linked_values[0/0]
>>>>> Partition[DC=ForestDnsZones,DC=essence,DC=internal,DC=com]
>>>>> objects[48/24]
>>>>> linked_values[0/0]
>>>>> Committing SAM database
>>>>> Sending DsReplicateUpdateRefs for all the replicated partitions
>>>>> Join failed - cleaning up
>>>>> checking sAMAccountName
>>>>> ERROR(runtime): uncaught exception - (-1073741643,
>>>>> 'NT_STATUS_IO_TIMEOUT')
>>>>>    File
>>>>>
>>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>>>> line 175, in _run
>>>>>      return self.run(*args, **kwargs)
>>>>>    File
>>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
>>>>> line
>>>>> 552, in run
>>>>>      machinepass=machinepass, use_ntvfs=use_ntvfs,
>>>>> dns_backend=dns_backend)
>>>>>    File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>>> line
>>>>> 1172, in join_DC
>>>>>      ctx.do_join()
>>>>>    File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>>> line
>>>>> 1082, in do_join
>>>>>      ctx.join_finalise()
>>>>>    File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>>> line
>>>>> 881, in join_finalise
>>>>>      ctx.send_DsReplicaUpdateRefs(nc)
>>>>>    File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>>> line
>>>>> 866, in send_DsReplicaUpdateRefs
>>>>>      ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
>>>>>
>>>>>
>>>>> Which seem to suggest that the join fails, it tries to clean up and
>>>>> gets a
>>>>> NT_STATUS_IO_TIMEOUT error.
>>>>>
>>>>> This leaves me with a non-functioning DC appearing in the Domain
>>>>> Controller
>>>>> list on ADUC and ADSS which need to be cleaned out.
>>>>>
>>>>> Any advice on how I can get around this problem?
>>>>>
>>>>> Thanks
>>>>> Chris.
>>>>>
>>>>>
>>>> --
>>>>  -James
>>>>
>>>>
>>>
>>>
>>>  --
>>> ACS (Alavoine Computer Services Ltd)
>>> Chris Alavoine
>>> mob +44 (0)7724 710 730 <%2B44%20%280%297724%20710%20730>
>>> www.alavoinecs.co.uk
>>> http://twitter.com/#!/alavoinecs
>>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>>>
>>>
>>>   --
>>> -James
>>>
>>>
>>
>>
>>  --
>> ACS (Alavoine Computer Services Ltd)
>> Chris Alavoine
>> mob +44 (0)7724 710 730 <%2B44%20%280%297724%20710%20730>
>> www.alavoinecs.co.uk
>> http://twitter.com/#!/alavoinecs
>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>>
>
>
>
>  --
> ACS (Alavoine Computer Services Ltd)
> Chris Alavoine
> mob +44 (0)7724 710 730
> www.alavoinecs.co.uk
> http://twitter.com/#!/alavoinecs
> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>
>
> --
> -James
>
>


-- 
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192

More information about the samba mailing list