[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET
Bruno Andrade
bma at eurotux.com
Mon Aug 18 02:43:28 MDT 2014
Good moorning,
Anyone on this or with similar problems?
Regards,
Bruno Andrade.
On 08/12/2014 10:50 AM, Bruno Andrade wrote:
> Hey, Im trying to join a second domain controller to domain.
>
> I'm using the following command o join:
> *samba-tool domain join example.com DC -UAdministrator
> --password=xxxxxx --realm=example.com --server=dc1.example.com
> --site=NEWSITE --dns-backend=BIND9_DLZ --debuglevel=5*
>
> Iptables and SELinux are turned off in both machines.
> This is the debug I get...
>
> (...)
> Replicated 18 objects (0 linked attributes) for
> DC=ForestDnsZones,DC=example,DC=com
> Discarding older DRS linked attribute update to member on
> CN=Guests,CN=Builtin,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on
> CN=Guests,CN=Builtin,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Windows
> Authorization Access Group,CN=Builtin,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on
> CN=Users,CN=Builtin,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on
> CN=Users,CN=Builtin,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on
> CN=Users,CN=Builtin,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on
> CN=Enterprise Admins,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on
> CN=Administrators,CN=Builtin,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on
> CN=Administrators,CN=Builtin,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on
> CN=Administrators,CN=Builtin,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on
> CN=Administrators,CN=Builtin,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on
> CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=example,DC=com
> from d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Schema
> Admins,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Domain
> Guests,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied
> RODC Password Replication Group,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied
> RODC Password Replication Group,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied
> RODC Password Replication Group,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied
> RODC Password Replication Group,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied
> RODC Password Replication Group,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied
> RODC Password Replication Group,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied
> RODC Password Replication Group,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Denied
> RODC Password Replication Group,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Domain
> Admins,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Domain
> Admins,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on CN=Group
> Policy Creator Owners,CN=Users,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> Discarding older DRS linked attribute update to member on
> CN=IIS_IUSRS,CN=Builtin,DC=example,DC=com from
> d7329302-6a0e-42d2-bb54-7073ffe6b353
> drsuapi_DsReplicaUpdateRefs: struct drsuapi_DsReplicaUpdateRefs
> in: struct drsuapi_DsReplicaUpdateRefs
> bind_handle : *
> bind_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid :
> a99a925a-a457-41e4-a9c1-07feb8cc9351
> level : 0x00000001 (1)
> req : union
> drsuapi_DsReplicaUpdateRefsRequest(case 1)
> req1: struct drsuapi_DsReplicaUpdateRefsRequest1
> naming_context : *
> naming_context: struct
> drsuapi_DsReplicaObjectIdentifier
> __ndr_size : 0x00000052 (82)
> __ndr_size_sid : 0x00000000 (0)
> guid :
> 00000000-0000-0000-0000-000000000000
> sid : S-0-0
> __ndr_size_dn : 0x0000000c (12)
> dn : 'DC=example,DC=com'
> dest_dsa_dns_name : *
> dest_dsa_dns_name :
> '24f5afa9-3f4e-4a9f-b993-31d1843712ee._msdcs.example.com'
> dest_dsa_guid :
> 24f5afa9-3f4e-4a9f-b993-31d1843712ee
> options : 0x0000001c (28)
> 0: DRSUAPI_DRS_ASYNC_OP
> 0: DRSUAPI_DRS_GETCHG_CHECK
> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION
> 1: DRSUAPI_DRS_ADD_REF
> 1: DRSUAPI_DRS_SYNC_ALL
> 1: DRSUAPI_DRS_DEL_REF
> 1: DRSUAPI_DRS_WRIT_REP
> 0: DRSUAPI_DRS_INIT_SYNC
> 0: DRSUAPI_DRS_PER_SYNC
> 0: DRSUAPI_DRS_MAIL_REP
> 0: DRSUAPI_DRS_ASYNC_REP
> 0: DRSUAPI_DRS_IGNORE_ERROR
> 0: DRSUAPI_DRS_TWOWAY_SYNC
> 0: DRSUAPI_DRS_CRITICAL_ONLY
> 0: DRSUAPI_DRS_GET_ANC
> 0: DRSUAPI_DRS_GET_NC_SIZE
> 0: DRSUAPI_DRS_LOCAL_ONLY
> 0: DRSUAPI_DRS_NONGC_RO_REP
> 0: DRSUAPI_DRS_SYNC_BYNAME
> 0: DRSUAPI_DRS_REF_OK
> 0: DRSUAPI_DRS_FULL_SYNC_NOW
> 0: DRSUAPI_DRS_NO_SOURCE
> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
> 0: DRSUAPI_DRS_FULL_SYNC_PACKET
> 0: DRSUAPI_DRS_SYNC_REQUEUE
> 0: DRSUAPI_DRS_SYNC_URGENT
> 0: DRSUAPI_DRS_REF_GCSPN
> 0: DRSUAPI_DRS_NO_DISCARD
> 0: DRSUAPI_DRS_NEVER_SYNCED
> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
> 0: DRSUAPI_DRS_INIT_SYNC_NOW
> 0: DRSUAPI_DRS_PREEMPTED
> 0: DRSUAPI_DRS_SYNC_FORCED
> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
> 0: DRSUAPI_DRS_USE_COMPRESSION
> 0: DRSUAPI_DRS_NEVER_NOTIFY
> 0: DRSUAPI_DRS_SYNC_PAS
> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
> ERROR(runtime): uncaught exception - (-1073741299,
> 'NT_STATUS_CONNECTION_RESET')
> File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py",
> line 552, in run
> machinepass=machinepass, use_ntvfs=use_ntvfs,
> dns_backend=dns_backend)
> File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1172,
> in join_DC
> ctx.do_join()
> File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1082,
> in do_join
> ctx.join_finalise()
> File "/usr/lib64/python2.6/site-packages/samba/join.py", line 881,
> in join_finalise
> ctx.send_DsReplicaUpdateRefs(nc)
> File "/usr/lib64/python2.6/site-packages/samba/join.py", line 866,
> in send_DsReplicaUpdateRefs
> ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
> Provision OK for domain DN DC=example,DC=com
> Starting replication
> Replicating critical objects from the base DN of the domain
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=example,DC=com
> Replicating DC=ForestDnsZones,DC=example,DC=com
> Committing SAM database
> Sending DsReplicateUpdateRefs for all the replicated partitions
> Join failed - cleaning up
> checking sAMAccountName
>
>
> Kind Regards,
> Bruno Andrade.
More information about the samba
mailing list