[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET

steve steve at steve-ss.com
Mon Aug 18 03:02:18 MDT 2014


On Mon, 2014-08-18 at 09:43 +0100, Bruno Andrade wrote:
> Good moorning,
> 
> Anyone on this or with similar problems?
> 

> Regards,
> Bruno Andrade.
> 
> On 08/12/2014 10:50 AM, Bruno Andrade wrote:
> > Hey, Im trying to join a second domain controller to domain.
> >
> > I'm using the following command o join:
> > *samba-tool domain join example.com DC -UAdministrator 
> > --password=xxxxxx --realm=example.com --server=dc1.example.com 
> > --site=NEWSITE --dns-backend=BIND9_DLZ --debuglevel=5*
Hi
I'd guess that this was not the first time you'd attempted to join. If
I'm right, the best (only if no one else posts) way is to go back with
the other DC(s) from your backup to before the join, remove the samba
folder on the new dc, make install once again, turn off ALL firewalls
and issue the command again.
HTH,
Steve

> >
> > Iptables and SELinux are turned off in both machines.
> > This is the debug I get...
> >
> > (...)
> > Replicated 18 objects (0 linked attributes) for 
> > DC=ForestDnsZones,DC=example,DC=com
> > Discarding older DRS linked attribute update to member on 
> > CN=Guests,CN=Builtin,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on 
> > CN=Guests,CN=Builtin,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Windows 
> > Authorization Access Group,CN=Builtin,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on 
> > CN=Users,CN=Builtin,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on 
> > CN=Users,CN=Builtin,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on 
> > CN=Users,CN=Builtin,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on 
> > CN=Enterprise Admins,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on 
> > CN=Administrators,CN=Builtin,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on 
> > CN=Administrators,CN=Builtin,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on 
> > CN=Administrators,CN=Builtin,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on 
> > CN=Administrators,CN=Builtin,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on 
> > CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=example,DC=com 
> > from d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Schema 
> > Admins,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Domain 
> > Guests,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Denied 
> > RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Denied 
> > RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Denied 
> > RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Denied 
> > RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Denied 
> > RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Denied 
> > RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Denied 
> > RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Denied 
> > RODC Password Replication Group,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Domain 
> > Admins,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Domain 
> > Admins,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on CN=Group 
> > Policy Creator Owners,CN=Users,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> > Discarding older DRS linked attribute update to member on 
> > CN=IIS_IUSRS,CN=Builtin,DC=example,DC=com from 
> > d7329302-6a0e-42d2-bb54-7073ffe6b353
> >      drsuapi_DsReplicaUpdateRefs: struct drsuapi_DsReplicaUpdateRefs
> >         in: struct drsuapi_DsReplicaUpdateRefs
> >             bind_handle              : *
> >                 bind_handle: struct policy_handle
> >                     handle_type              : 0x00000000 (0)
> >                     uuid                     : 
> > a99a925a-a457-41e4-a9c1-07feb8cc9351
> >             level                    : 0x00000001 (1)
> >             req                      : union 
> > drsuapi_DsReplicaUpdateRefsRequest(case 1)
> >             req1: struct drsuapi_DsReplicaUpdateRefsRequest1
> >                 naming_context           : *
> >                     naming_context: struct 
> > drsuapi_DsReplicaObjectIdentifier
> >                         __ndr_size               : 0x00000052 (82)
> >                         __ndr_size_sid           : 0x00000000 (0)
> >                         guid                     : 
> > 00000000-0000-0000-0000-000000000000
> >                         sid                      : S-0-0
> >                         __ndr_size_dn            : 0x0000000c (12)
> >                         dn                       : 'DC=example,DC=com'
> >                 dest_dsa_dns_name        : *
> >                     dest_dsa_dns_name        : 
> > '24f5afa9-3f4e-4a9f-b993-31d1843712ee._msdcs.example.com'
> >                 dest_dsa_guid            : 
> > 24f5afa9-3f4e-4a9f-b993-31d1843712ee
> >                 options                  : 0x0000001c (28)
> >                        0: DRSUAPI_DRS_ASYNC_OP
> >                        0: DRSUAPI_DRS_GETCHG_CHECK
> >                        0: DRSUAPI_DRS_UPDATE_NOTIFICATION
> >                        1: DRSUAPI_DRS_ADD_REF
> >                        1: DRSUAPI_DRS_SYNC_ALL
> >                        1: DRSUAPI_DRS_DEL_REF
> >                        1: DRSUAPI_DRS_WRIT_REP
> >                        0: DRSUAPI_DRS_INIT_SYNC
> >                        0: DRSUAPI_DRS_PER_SYNC
> >                        0: DRSUAPI_DRS_MAIL_REP
> >                        0: DRSUAPI_DRS_ASYNC_REP
> >                        0: DRSUAPI_DRS_IGNORE_ERROR
> >                        0: DRSUAPI_DRS_TWOWAY_SYNC
> >                        0: DRSUAPI_DRS_CRITICAL_ONLY
> >                        0: DRSUAPI_DRS_GET_ANC
> >                        0: DRSUAPI_DRS_GET_NC_SIZE
> >                        0: DRSUAPI_DRS_LOCAL_ONLY
> >                        0: DRSUAPI_DRS_NONGC_RO_REP
> >                        0: DRSUAPI_DRS_SYNC_BYNAME
> >                        0: DRSUAPI_DRS_REF_OK
> >                        0: DRSUAPI_DRS_FULL_SYNC_NOW
> >                        0: DRSUAPI_DRS_NO_SOURCE
> >                        0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
> >                        0: DRSUAPI_DRS_FULL_SYNC_PACKET
> >                        0: DRSUAPI_DRS_SYNC_REQUEUE
> >                        0: DRSUAPI_DRS_SYNC_URGENT
> >                        0: DRSUAPI_DRS_REF_GCSPN
> >                        0: DRSUAPI_DRS_NO_DISCARD
> >                        0: DRSUAPI_DRS_NEVER_SYNCED
> >                        0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
> >                        0: DRSUAPI_DRS_INIT_SYNC_NOW
> >                        0: DRSUAPI_DRS_PREEMPTED
> >                        0: DRSUAPI_DRS_SYNC_FORCED
> >                        0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
> >                        0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
> >                        0: DRSUAPI_DRS_USE_COMPRESSION
> >                        0: DRSUAPI_DRS_NEVER_NOTIFY
> >                        0: DRSUAPI_DRS_SYNC_PAS
> >                        0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
> > ERROR(runtime): uncaught exception - (-1073741299, 
> > 'NT_STATUS_CONNECTION_RESET')
> >   File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
> > line 175, in _run
> >     return self.run(*args, **kwargs)
> >   File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", 
> > line 552, in run
> >     machinepass=machinepass, use_ntvfs=use_ntvfs, 
> > dns_backend=dns_backend)
> >   File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1172, 
> > in join_DC
> >     ctx.do_join()
> >   File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1082, 
> > in do_join
> >     ctx.join_finalise()
> >   File "/usr/lib64/python2.6/site-packages/samba/join.py", line 881, 
> > in join_finalise
> >     ctx.send_DsReplicaUpdateRefs(nc)
> >   File "/usr/lib64/python2.6/site-packages/samba/join.py", line 866, 
> > in send_DsReplicaUpdateRefs
> >     ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
> > Provision OK for domain DN DC=example,DC=com
> > Starting replication
> > Replicating critical objects from the base DN of the domain
> > Done with always replicated NC (base, config, schema)
> > Replicating DC=DomainDnsZones,DC=example,DC=com
> > Replicating DC=ForestDnsZones,DC=example,DC=com
> > Committing SAM database
> > Sending DsReplicateUpdateRefs for all the replicated partitions
> > Join failed - cleaning up
> > checking sAMAccountName
> >
> >
> > Kind Regards,
> > Bruno Andrade.
> 




More information about the samba mailing list