[Samba] The RPC server is unavailable

Michael Wood esiotrot at gmail.com
Thu Jan 27 03:06:56 MST 2011


Hi

On 26 January 2011 17:25, Scott Carradice <jscottc at gmail.com> wrote:
> I have used the Samba4 Howto as a guide.

As per the Samba 4 HOWTO, while Samba 4 is still in alpha, you should
report successes/failures to samba-technical.  I have copied my reply
there.

> I am using OpenSuse 11.3 and the Samba version is:
> 4.0.0alpha15-GIT-61f7d7c.
>
> Everything was working as intended after installation.
>
> I did a fresh install on another computer of Windows 7.
> Joined my freshly made domain.
> Installed the remote administration tools.
> Created three users for testing with the remote admin tool - "Active
> Directory Users and Computers"
>
> All users log in fine.
>
> I install OpenSuse 11.3 on another computer and during install I select the
> Windows Active Directory for user information.  This works and my three
> users can sign in on the OpenSuse machine.  I noticed that the computer was
> not set up in Bind like my Windows 7 machine was automatically.
>
> First Question:  Is the best way to correct this to Stop bind, enter machine
> into zone file and start bind?  Or is this something that is expected to
> work like the Windows 7 machine?

Not sure, but if you do that, don't forget to update the serial
number.  Not sure if it will really affect anything, but the serial is
meant to be updated for every change to the zone file.

> I then went back to the Windows 7 machine and tried to change one of the
> users passwords.  No matter what I tried, I can not get passed the message
> that the password is unable to change due to the strength ( The value
> provided does not meet the length,  complexity ... etc ).  I am pretty sure
> this is due to the minimum duration of a password.  After I waited a day I
> was able to change the password once and then not again ( need another day
> ).

You can use "samba-tool pwsettings" to change these settings.

> The first time I could not change my password I decided to see if I could
> change the minimum duration with the remote tool "Active Directory Users and
> Computers".  But now when I run this I get the error:  "Naming information
> cannot be located because: The RPC server is unavailable.  Contact you
> system administrator ... "
>
> Running using the command:
> samba -i -M single -d 3
> Gives this error when trying to use the remote admin tool:
>
> using SPNEGO
> Selected protocol [5][NT LM 0.12]
> Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_ DISCONNECTED'
> single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED]
>
> Question 2:  What is the cause of this?  Is the domain corrupt or is there a
> fix other than reinstall?
>
>
> Any other debug information I can provide that would be useful?
>
> From the Windows 7 machine running:  dcdiag /v /s: ...   results are below.
>
> Thank you for any help,
> Scott
>
> Directory Server Diagnosis
>
> Performing initial setup:
>   * Connecting to directory service on server base.mytestdomain.ca.
>   * Identified AD Forest.
>   Collecting AD specific global data
>   * Collecting site info.
>   Calling
> ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
>   The previous call succeeded
>   Iterating through the sites
>   Looking at base site object: CN=NTDS Site
> Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
>   Getting ISTG and options for the site
>   * Identifying all servers.
>   Calling
> ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
>   The previous call succeeded....
>   The previous call succeeded
>   Iterating through the list of servers
>   Getting information for the server CN=NTDS
> Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
>
>   objectGuid obtained
>   InvocationID obtained
>   dnsHostname obtained
>   site info obtained
>   All the info for the server collected
>   * Identifying all NC cross-refs.
>   Got error while checking if the DC is using FRS or DFSR. Error:
>   There is no such object on the server.The VerifyReferences, FrsEvent and
>   DfsrEvent tests might fail because of this error.
>   * Found 1 DC(s). Testing 1 of them.
>   Done gathering initial info.
>
> Doing initial required tests
>
>   Testing server: Default-First-Site-Name\BASE
>      Starting test: Connectivity
>         * Active Directory LDAP Services Check
>         Determining IP4 connectivity
>         * Active Directory RPC Services Check
>         ......................... BASE passed test Connectivity
>
> Doing primary tests
>
>   Testing server: Default-First-Site-Name\BASE
>      Starting test: Advertising
>         Fatal Error:DsGetDcName (BASE) call failed, error 1722
>         The Locator could not find the server.
>         Printing RPC Extended Error Info:
>         Error Record 1, ProcessID is 1996
>          (DcDiag)
>
>            System Time is: 1/24/2011 14:58:43:619
>            Generating component is 2 (RPC runtime)
>
>            Status is 1722 The RPC server is unavailable.
>
>            Detection location is 193
>         Error Record 2, ProcessID is 1996
>          (DcDiag)
>
>            System Time is: 1/24/2011 14:58:43:619
>            Generating component is 5 (redirector)
>
>            Status is 1359 An internal error occurred.
>
>            Detection location is 190
>            NumberOfParameters is 2
>            Long val: 1441792
>            Unicode string: \\BASE\PIPE\NETLOGON
>         ......................... BASE failed test Advertising
>      Test omitted by user request: CheckSecurityError
>      Test omitted by user request: CutoffServers
>      Starting test: FrsEvent
>         * The File Replication Service Event log test
>         ......................... BASE passed test FrsEvent
>      Starting test: DFSREvent
>         The DFS Replication Event Log.
>         Skip the test because the server is running FRS.
>         ......................... BASE passed test DFSREvent
>      Starting test: SysVolCheck
>         * The File Replication Service SYSVOL ready test
>         The SysVol is not ready.  This can cause the DC to not advertise
>         itself as a DC for netlogon after dcpromo.  Also trouble with FRS
>         SysVol replication can cause Group Policy problems.  Check the FRS
>         event log on this DC.
>         ......................... BASE failed test SysVolCheck
>      Starting test: KccEvent
>         * The KCC Event log test
>         Found no KCC errors in "Directory Service" Event log in the last 15
> minutes.
>         ......................... BASE passed test KccEvent
>      Starting test: KnowsOfRoleHolders
>         Role Schema Owner = CN=NTDS
> Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
>         Role Domain Owner = CN=NTDS
> Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
>         Role PDC Owner = CN=NTDS
> Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
>         Role Rid Owner = CN=NTDS
> Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
>         Role Infrastructure Update Owner = CN=NTDS
> Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
>         ......................... BASE passed test KnowsOfRoleHolders
>      Starting test: MachineAccount
>         Checking machine account for DC BASE on DC BASE.
>         Could not open Lsa Policy
>         Could not get NetBIOSDomainName
>         Failed can not test for HOST SPN
>         Failed can not test for HOST SPN
>         * SPN found :LDAP/base.mytestdomain.ca/mytestdomain.ca
>         * SPN found :LDAP/base.mytestdomain.ca
>         * SPN found :LDAP/BASE
>         * SPN found :LDAP/d6256e29-5015-4918-b9fa-fee0c94503ea._
> msdcs.mytestdomain.ca
>         * SPN found
> :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d6256e29-5015-4918-b9fa-fee0c94503ea/
> mytestdomain.ca
>         * SPN found :HOST/base.mytestdomain.ca/mytestdomain.ca
>         * SPN found :HOST/base.mytestdomain.ca
>         * SPN found :HOST/BASE
>         * SPN found :GC/base.mytestdomain.ca/mytestdomain.ca
>         ......................... BASE passed test MachineAccount
>      Starting test: NCSecDesc
>         * Security Permissions check for all NC's on DC BASE.
>         * Security Permissions Check for
>           CN=Configuration,DC=mytestdomain,DC=ca
>            (Configuration,Version 3)
>         * Security Permissions Check for
>           CN=Schema,CN=Configuration,DC=mytestdomain,DC=ca
>            (Schema,Version 3)
>         * Security Permissions Check for
>           DC=mytestdomain,DC=ca
>            (Domain,Version 3)
>         ......................... BASE passed test NCSecDesc
>      Starting test: NetLogons
>         * Network Logons Privileges Check
>         Unable to connect to the NETLOGON share! (\\BASE\netlogon)
>         [BASE] An net use or LsaPolicy operation failed with error 67,
>         The network name cannot be found..
>         ......................... BASE failed test NetLogons
>      Starting test: ObjectsReplicated
>         BASE is in domain DC=mytestdomain,DC=ca
>         Checking for CN=BASE,OU=Domain Controllers,DC=mytestdomain,DC=ca in
> domain DC=mytestdomain,DC=ca on 1 servers
>         Failed to read object metadata on BASE, error
>         The system call level is not correct.
>            Object is up-to-date on all servers.
>         Checking for CN=NTDS
> Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
> in domain CN=Configuration,DC=mytestdomain,DC=ca on 1 servers
>         Failed to read object metadata on BASE, error
>         The system call level is not correct.
>            Object is up-to-date on all servers.
>         ......................... BASE passed test ObjectsReplicated
>      Test omitted by user request: OutboundSecureChannels
>      Starting test: Replications
>         * Replications Check
>         * Replication Latency Check
>         ......................... BASE passed test Replications
>      Starting test: RidManager
>         * Available RID Pool for the Domain is 1600 to 1073741823
>         * base.mytestdomain.ca is the RID Master
>         * DsBind with RID Master was successful
>         * rIDAllocationPool is 1100 to 1599
>         * rIDPreviousAllocationPool is 1100 to 1599
>         * rIDNextRID: 1109
>         ......................... BASE passed test RidManager
>      Starting test: Services
>         Could not open Service Control Manager on base.mytestdomain.ca,
> error 0x6ba
>         "The RPC server is unavailable."
>         Printing RPC Extended Error Info:
>         Error Record 1, ProcessID is 1996
>          (DcDiag)
>
>            System Time is: 1/24/2011 14:58:44:760
>            Generating component is 2 (RPC runtime)
>
>            Status is 1722 The RPC server is unavailable.
>
>            Detection location is 193
>         Error Record 2, ProcessID is 1996
>          (DcDiag)
>
>            System Time is: 1/24/2011 14:58:44:760
>            Generating component is 5 (redirector)
>
>            Status is 1359 An internal error occurred.
>
>            Detection location is 190
>            NumberOfParameters is 2
>            Long val: 1441792
>            Unicode string: \\base.mytestdomain.ca\pipe\svcctl
>         ......................... BASE failed test Services
>      Starting test: SystemLog
>         * The System Event log test
>         Found no errors in "System" Event log in the last 60 minutes.
>         ......................... BASE passed test SystemLog
>      Test omitted by user request: Topology
>      Test omitted by user request: VerifyEnterpriseReferences
>      Starting test: VerifyReferences
>         The system object reference (serverReference)
>         CN=BASE,OU=Domain Controllers,DC=mytestdomain,DC=ca and backlink on
>
> CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
>         are correct.
>         Some objects relating to the DC BASE have problems:
>            [1] Problem: Missing Expected Value
>             Base Object:
>            CN=NTDS
> Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
>             Base Object Description: "DSA Object"
>             Value Object Attribute Name: serverReferenceBL
>             Value Object Description: "SYSVOL FRS Member Object"
>             Recommended Action: See Knowledge Base Article: Q312862
>
>            [1] Problem: Missing Expected Value
>             Base Object: CN=BASE,OU=Domain
> Controllers,DC=mytestdomain,DC=ca
>             Base Object Description: "DC Account Object"
>             Value Object Attribute Name: frsComputerReferenceBL
>             Value Object Description: "SYSVOL FRS Member Object"
>             Recommended Action: See Knowledge Base Article: Q312862
>
>         ......................... BASE failed test VerifyReferences
>      Test omitted by user request: VerifyReplicas
>
>      Test omitted by user request: DNS
>      Test omitted by user request: DNS
>
>   Running partition tests on : Configuration
>      Starting test: CheckSDRefDom
>         ......................... Configuration passed test CheckSDRefDom
>      Starting test: CrossRefValidation
>         ......................... Configuration passed test
> CrossRefValidation
>
>   Running partition tests on : Schema
>      Starting test: CheckSDRefDom
>         ......................... Schema passed test CheckSDRefDom
>      Starting test: CrossRefValidation
>         ......................... Schema passed test CrossRefValidation
>
>   Running partition tests on : mytestdomain
>      Starting test: CheckSDRefDom
>         ......................... mytestdomain passed test CheckSDRefDom
>      Starting test: CrossRefValidation
>         ......................... mytestdomain passed test
> CrossRefValidation
>
>   Running enterprise tests on : mytestdomain.ca
>      Test omitted by user request: DNS
>      Test omitted by user request: DNS
>      Starting test: LocatorCheck
>         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722
>         A Global Catalog Server could not be located - All GC's are down.
>         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722
>         A Primary Domain Controller could not be located.
>         The server holding the PDC role is down.
>         Warning: DcGetDcName(TIME_SERVER) call failed, error 1722
>         A Time Server could not be located.
>         The server holding the PDC role is down.
>         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
>         1722
>         A Good Time Server could not be located.
>         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722
>         A KDC could not be located - All the KDCs are down.
>         ......................... mytestdomain.ca failed test LocatorCheck
>      Starting test: Intersite
>         Skipping site Default-First-Site-Name, this site is outside the
> scope
>         provided by the command line arguments provided.
>         ......................... mytestdomain.ca passed test Intersite

-- 
Michael Wood <esiotrot at gmail.com>


More information about the samba-technical mailing list