[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET
Bruno Andrade
bma at eurotux.com
Tue Aug 12 03:50:18 MDT 2014
Hey, Im trying to join a second domain controller to domain.
I'm using the following command o join:
*samba-tool domain join example.com DC -UAdministrator --password=xxxxxx
--realm=example.com --server=dc1.example.com --site=NEWSITE
--dns-backend=BIND9_DLZ --debuglevel=5*
Iptables and SELinux are turned off in both machines.
This is the debug I get...
(...)
Replicated 18 objects (0 linked attributes) for
DC=ForestDnsZones,DC=example,DC=com
Discarding older DRS linked attribute update to member on
CN=Guests,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Guests,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Windows
Authorization Access Group,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Enterprise
Admins,CN=Users,DC=example,DC=com from d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Pre-Windows
2000 Compatible Access,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Schema
Admins,CN=Users,DC=example,DC=com from d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Domain
Guests,CN=Users,DC=example,DC=com from d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,DC=example,DC=com from d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,DC=example,DC=com from d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Group
Policy Creator Owners,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=IIS_IUSRS,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
drsuapi_DsReplicaUpdateRefs: struct drsuapi_DsReplicaUpdateRefs
in: struct drsuapi_DsReplicaUpdateRefs
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
a99a925a-a457-41e4-a9c1-07feb8cc9351
level : 0x00000001 (1)
req : union
drsuapi_DsReplicaUpdateRefsRequest(case 1)
req1: struct drsuapi_DsReplicaUpdateRefsRequest1
naming_context : *
naming_context: struct
drsuapi_DsReplicaObjectIdentifier
__ndr_size : 0x00000052 (82)
__ndr_size_sid : 0x00000000 (0)
guid :
00000000-0000-0000-0000-000000000000
sid : S-0-0
__ndr_size_dn : 0x0000000c (12)
dn : 'DC=example,DC=com'
dest_dsa_dns_name : *
dest_dsa_dns_name :
'24f5afa9-3f4e-4a9f-b993-31d1843712ee._msdcs.example.com'
dest_dsa_guid :
24f5afa9-3f4e-4a9f-b993-31d1843712ee
options : 0x0000001c (28)
0: DRSUAPI_DRS_ASYNC_OP
0: DRSUAPI_DRS_GETCHG_CHECK
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
1: DRSUAPI_DRS_ADD_REF
1: DRSUAPI_DRS_SYNC_ALL
1: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
0: DRSUAPI_DRS_INIT_SYNC
0: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
0: DRSUAPI_DRS_FULL_SYNC_NOW
0: DRSUAPI_DRS_NO_SOURCE
0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
0: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
0: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
0: DRSUAPI_DRS_USE_COMPRESSION
0: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
ERROR(runtime): uncaught exception - (-1073741299,
'NT_STATUS_CONNECTION_RESET')
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 552, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1172,
in join_DC
ctx.do_join()
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1082,
in do_join
ctx.join_finalise()
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 881, in
join_finalise
ctx.send_DsReplicaUpdateRefs(nc)
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 866, in
send_DsReplicaUpdateRefs
ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
Provision OK for domain DN DC=example,DC=com
Starting replication
Replicating critical objects from the base DN of the domain
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=example,DC=com
Replicating DC=ForestDnsZones,DC=example,DC=com
Committing SAM database
Sending DsReplicateUpdateRefs for all the replicated partitions
Join failed - cleaning up
checking sAMAccountName
Kind Regards,
Bruno Andrade.
More information about the samba
mailing list