[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET
steve
steve at steve-ss.com
Tue Aug 19 08:28:21 MDT 2014
On Tue, 2014-08-19 at 14:35 +0100, Bruno Andrade wrote:
> On 08/19/2014 01:07 PM, steve wrote:
> > On Tue, 2014-08-19 at 12:41 +0100, Bruno Andrade wrote:
> >> On 08/18/2014 07:20 PM, Marc Muehlfeld wrote:
> >>> Hello Bruno,
> >>>
> >>> Am 18.08.2014 11:15, schrieb Bruno Andrade:
> >>>> All the firewalls are turned off on the way between the two DCs.
> >>>>
> >>>> I can't go back with backup...
> >>> What's wrong with your backup?
> >> I don't have it... thats the problem.
> >>>> maybe I can follow this
> >>>> https://lists.samba.org/archive/samba/2014-June/182210.html and remove
> >>>> all the entries from the failed DC. Right? and try again...
> >>> As for myself would never manually try to cleanup the AD. I would be to
> >>> afraid of having left references, ACLs or something else that causes
> >>> side-effects. Maybe you don't see any problems now. But when they come
> >>> up later, it could be really worse.
> >>>
> >>> If you don't have a (working) backup, you should consider going this
> >>> step or maybe start from scratch - depending on the size of your
> >>> installation.
> >> I have made an rsync of the actual PDC to a development location and I'm
> >> joining a new machine as second DC with different hostname, for example.
> >> To see if something different happens.
> >>
> >> Regards,
> >> Bruno.
> > Hi Bruno
> > What's the situation exactly?
> > 1. You made an rsync of the actual PDC to a development location:
> > what is the 'actual PDC', as is, it the original DC as in this thread?
> the logs that i showed in this thread are from the original DC, not the
> test one. The original DC is in production.
> > 2. What is the 'second DC'? To what are you joining the second DC?
> The second DC is a linux machine too. Basically I have two,
> geographically distant, sites. And I'm joining a second DC two the
> second site. To manage authentication and fileserver properly.
> > 3. Is the domain to which you attempted the join as per the thread
> > subject a live domain wit people using it?
> Yes, people are using the domain on the primary DC.
> >
> > Our natural reaction is to go back and start again from nothing as I
> > don't think we're at the stage where we can recover from a failed join.
> >
>
Then you really have no option. You are lucky that you still have a
domain. And a job! Leave it so. You cannot work on a production domain
without being able to get back to where you were. I fear that if you
back up now and try again, that would be bad advice as the original DC
has already been compromised and may already contain a disaster waiting
to happen just around the corner. . .
More information about the samba
mailing list