[cifs-protocol] Errors when doing a DsAddEntry

tridge at samba.org tridge at samba.org
Tue Sep 13 01:01:04 MDT 2011

Hi Hongwei,

We're still having problems with the DsAddEntry call in a subdomain
join. Even if we do a replication first, we're currently getting
DS_ROLE_NOT_VERIFIED. The really frustrating thing is that the error
we get and how far we get through the join seems to change without us
understanding why. For example, we got past the DsAddEntry on Friday,
but now the same calls fails. If we try to reuse the domain name we
used on Friday we now get WERR_DUP_DOMAINNAME instead. So now we also
need to know how to cleanly remove a subdomain we've half-added (all
the 'remove' buttons in the windows GUI are greyed out, and doing the
remove via lsa/drs/ldap doesn't seem to be sufficient).

We've created a ttt trace of doing a subdomain join of a new domain
's4.v2.tridgell.net' to a existing windows 2008r2 (build 7600) hosted
domain 'v2.tridgell.net'. The trace fails with
DS_ROLE_NOT_VERIFIED. As I hope you can see in the trace, we have done
the replication of the configuration and schema partitions before we
do the DsAddEntry.

The trace is available here:


it also includes a network capture of the join, and a text copy of the
decoded DsAddEntry we are doing.

If you could give us some pointers on why this join fails that would
be great!

Cheers, Tridge

More information about the cifs-protocol mailing list