[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET
Bruno Andrade
bma at eurotux.com
Mon Aug 18 03:15:43 MDT 2014
On 08/18/2014 10:02 AM, steve wrote:
> On Mon, 2014-08-18 at 09:43 +0100, Bruno Andrade wrote:
>> Good moorning,
>>
>> Anyone on this or with similar problems?
>>
>> Regards,
>> Bruno Andrade.
>>
>> On 08/12/2014 10:50 AM, Bruno Andrade wrote:
>>> Hey, Im trying to join a second domain controller to domain.
>>>
>>> I'm using the following command o join:
>>> *samba-tool domain join example.com DC -UAdministrator
>>> --password=xxxxxx --realm=example.com --server=dc1.example.com
>>> --site=NEWSITE --dns-backend=BIND9_DLZ --debuglevel=5*
> Hi
> I'd guess that this was not the first time you'd attempted to join. If
> I'm right, the best (only if no one else posts) way is to go back with
> the other DC(s) from your backup to before the join, remove the samba
> folder on the new dc, make install once again, turn off ALL firewalls
> and issue the command again.
> HTH,
> Steve
Right, this is not the first time a run it.
All the firewalls are turned off on the way between the two DCs.
I can't go back with backup... maybe I can follow this
https://lists.samba.org/archive/samba/2014-June/182210.html and remove
all the entries from the failed DC. Right? and try again...
Regards,
Bruno Andrade.
>>> Iptables and SELinux are turned off in both machines.
>>> This is the debug I get...
>>>
>>> (...)
>>> Replicated 18 objects (0 linked attributes) for
>>> DC=ForestDnsZones,DC=example,DC=com
>>> Discarding older DRS linked attribute update to member on
>>> CN=Guests,CN=Builtin,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on
>>> CN=Guests,CN=Builtin,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Windows
>>> Authorization Access Group,CN=Builtin,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on
>>> CN=Users,CN=Builtin,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on
>>> CN=Users,CN=Builtin,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on
>>> CN=Users,CN=Builtin,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on
>>> CN=Enterprise Admins,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on
>>> CN=Administrators,CN=Builtin,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on
>>> CN=Administrators,CN=Builtin,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on
>>> CN=Administrators,CN=Builtin,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on
>>> CN=Administrators,CN=Builtin,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on
>>> CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=example,DC=com
>>> from d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Schema
>>> Admins,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Domain
>>> Guests,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Denied
>>> RODC Password Replication Group,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Denied
>>> RODC Password Replication Group,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Denied
>>> RODC Password Replication Group,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Denied
>>> RODC Password Replication Group,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Denied
>>> RODC Password Replication Group,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Denied
>>> RODC Password Replication Group,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Denied
>>> RODC Password Replication Group,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Denied
>>> RODC Password Replication Group,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Domain
>>> Admins,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Domain
>>> Admins,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on CN=Group
>>> Policy Creator Owners,CN=Users,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> Discarding older DRS linked attribute update to member on
>>> CN=IIS_IUSRS,CN=Builtin,DC=example,DC=com from
>>> d7329302-6a0e-42d2-bb54-7073ffe6b353
>>> drsuapi_DsReplicaUpdateRefs: struct drsuapi_DsReplicaUpdateRefs
>>> in: struct drsuapi_DsReplicaUpdateRefs
>>> bind_handle : *
>>> bind_handle: struct policy_handle
>>> handle_type : 0x00000000 (0)
>>> uuid :
>>> a99a925a-a457-41e4-a9c1-07feb8cc9351
>>> level : 0x00000001 (1)
>>> req : union
>>> drsuapi_DsReplicaUpdateRefsRequest(case 1)
>>> req1: struct drsuapi_DsReplicaUpdateRefsRequest1
>>> naming_context : *
>>> naming_context: struct
>>> drsuapi_DsReplicaObjectIdentifier
>>> __ndr_size : 0x00000052 (82)
>>> __ndr_size_sid : 0x00000000 (0)
>>> guid :
>>> 00000000-0000-0000-0000-000000000000
>>> sid : S-0-0
>>> __ndr_size_dn : 0x0000000c (12)
>>> dn : 'DC=example,DC=com'
>>> dest_dsa_dns_name : *
>>> dest_dsa_dns_name :
>>> '24f5afa9-3f4e-4a9f-b993-31d1843712ee._msdcs.example.com'
>>> dest_dsa_guid :
>>> 24f5afa9-3f4e-4a9f-b993-31d1843712ee
>>> options : 0x0000001c (28)
>>> 0: DRSUAPI_DRS_ASYNC_OP
>>> 0: DRSUAPI_DRS_GETCHG_CHECK
>>> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION
>>> 1: DRSUAPI_DRS_ADD_REF
>>> 1: DRSUAPI_DRS_SYNC_ALL
>>> 1: DRSUAPI_DRS_DEL_REF
>>> 1: DRSUAPI_DRS_WRIT_REP
>>> 0: DRSUAPI_DRS_INIT_SYNC
>>> 0: DRSUAPI_DRS_PER_SYNC
>>> 0: DRSUAPI_DRS_MAIL_REP
>>> 0: DRSUAPI_DRS_ASYNC_REP
>>> 0: DRSUAPI_DRS_IGNORE_ERROR
>>> 0: DRSUAPI_DRS_TWOWAY_SYNC
>>> 0: DRSUAPI_DRS_CRITICAL_ONLY
>>> 0: DRSUAPI_DRS_GET_ANC
>>> 0: DRSUAPI_DRS_GET_NC_SIZE
>>> 0: DRSUAPI_DRS_LOCAL_ONLY
>>> 0: DRSUAPI_DRS_NONGC_RO_REP
>>> 0: DRSUAPI_DRS_SYNC_BYNAME
>>> 0: DRSUAPI_DRS_REF_OK
>>> 0: DRSUAPI_DRS_FULL_SYNC_NOW
>>> 0: DRSUAPI_DRS_NO_SOURCE
>>> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
>>> 0: DRSUAPI_DRS_FULL_SYNC_PACKET
>>> 0: DRSUAPI_DRS_SYNC_REQUEUE
>>> 0: DRSUAPI_DRS_SYNC_URGENT
>>> 0: DRSUAPI_DRS_REF_GCSPN
>>> 0: DRSUAPI_DRS_NO_DISCARD
>>> 0: DRSUAPI_DRS_NEVER_SYNCED
>>> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
>>> 0: DRSUAPI_DRS_INIT_SYNC_NOW
>>> 0: DRSUAPI_DRS_PREEMPTED
>>> 0: DRSUAPI_DRS_SYNC_FORCED
>>> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
>>> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
>>> 0: DRSUAPI_DRS_USE_COMPRESSION
>>> 0: DRSUAPI_DRS_NEVER_NOTIFY
>>> 0: DRSUAPI_DRS_SYNC_PAS
>>> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
>>> ERROR(runtime): uncaught exception - (-1073741299,
>>> 'NT_STATUS_CONNECTION_RESET')
>>> File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>>> line 175, in _run
>>> return self.run(*args, **kwargs)
>>> File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py",
>>> line 552, in run
>>> machinepass=machinepass, use_ntvfs=use_ntvfs,
>>> dns_backend=dns_backend)
>>> File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1172,
>>> in join_DC
>>> ctx.do_join()
>>> File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1082,
>>> in do_join
>>> ctx.join_finalise()
>>> File "/usr/lib64/python2.6/site-packages/samba/join.py", line 881,
>>> in join_finalise
>>> ctx.send_DsReplicaUpdateRefs(nc)
>>> File "/usr/lib64/python2.6/site-packages/samba/join.py", line 866,
>>> in send_DsReplicaUpdateRefs
>>> ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
>>> Provision OK for domain DN DC=example,DC=com
>>> Starting replication
>>> Replicating critical objects from the base DN of the domain
>>> Done with always replicated NC (base, config, schema)
>>> Replicating DC=DomainDnsZones,DC=example,DC=com
>>> Replicating DC=ForestDnsZones,DC=example,DC=com
>>> Committing SAM database
>>> Sending DsReplicateUpdateRefs for all the replicated partitions
>>> Join failed - cleaning up
>>> checking sAMAccountName
>>>
>>>
>>> Kind Regards,
>>> Bruno Andrade.
>
More information about the samba
mailing list