[Samba] samba 4 join error to MS Server 2003 - WERR_GENERAL_FAILURE

Andrew Bartlett abartlet at samba.org
Sat Dec 22 01:51:31 MST 2012 

On Wed, 2012-11-28 at 14:52 -0800, todd kman wrote:
> Hi all,
> I am just experimenting with Samba 4.
> I have a Ubuntu server 12.04 with samba 4 compiled successfully.  I have webmin installed as well.
> I am trying to connect the Ubuntu/Samba server on system GIS30 to a web domain called CODOMAIN. 
> CODOMAIN is administered by gis-server-2 a Microsoft Windows Server 2003 R2, Standard x64 - Edition Version 5.2 (Build 3790 : Service Pack 2) (x64).
> Gis-server-2 is an Active Directory server, and Exchange server.  (Exchange Server 2007 Microsoft Corporation Version: 08.01.0436.000)
> If I was to guess it looks like the Exchange server component is causing some problem.
> 
> I can see others referencing the error "Failed to commit objects: WERR_GENERAL_FAILURE" 
> The following thread was from July 2012 and it appears some fix was put into the main but I believe I have downloaded and compiled a more current release of Samba 4 and yet I am still getting this error.
> http://samba.2283325.n4.nabble.com/Can-t-join-as-DC-on-Samba4-Beta4-5-td4634916.html
> 
> Is there an update on this?

> Failed to apply
> records: attribute 'msExchOWATranscodingFileTypes': value #1 on
> 'CN=owa (Default Web
> Site),CN=HTTP,CN=Protocols,CN=GIS-SERVER-2,CN=Servers,CN=Exchange
> Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
> Groups,CN=First Organization,CN=Microsoft
> Exchange,CN=Services,CN=Configuration,DC=CODomain,DC=local' provided
> more than once: Attribute or value exists
> Failed to commit
> objects: WERR_GENERAL_FAILURE
> Join failed -

As I said on IRC (but following up here so others might understand the
situation better, and so we can loop back to you about fixing this up
properly):

In short, your other DCs have sent you the same value twice in a
multi-valued attribute.  This isn't valid LDAP, and we are being
stricter than Microsoft is, or we consider two values to be equivalent
when Microsoft considers them distinct. The issue is that we haven't
tested much with importing exchange-enabled domains so we just haven't
seen this before, and so we need to work out how to handle this
particular 'violation'. 

Mostly, we have found that AD doesn't re-check schema syntax during
replication, so if somehow a duplicate does get into the system, it will
not cause replication to fail.  We are stricter, mostly due to the
layering of our databases.  We may have to turn that off.

Running this:
ldbsearch -Uadministrator -H ldap://ms-dc -s base -b "CN=owa (Default
Web  Site),CN=HTTP,CN=Protocols,CN=GIS-SERVER-2,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=CODomain,DC=local"
msExchOWATranscodingFileTypes

should give us more clues here, and help us solve this for the long
term.  Please file a bug with this info in the meantime, so we can track
this.

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list