[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET

Chan Min Wai dcmwai at gmail.com
Wed Aug 20 04:32:57 MDT 2014

Dear Marc,

Thank you for your explanation.

I recall what I do that time was..
1. I do snapshoot for both Dc1 and DC2 on run time.
2. DC2 was having strange issue so I remove DC2 (without demoting, my bad)
-- 7 days later
3. I try to restore both DC1 and DC2 and still DC2 cannot access to DC...
(So possible that was the cause of the corrupted DC DB)
4. I didn't notice the problem and continue using that DC1...
5. Until 7 days later I notice the add group & users issue.

I'm not too sure what to do now to fix that.

1. Should I restoree DC1 since DC2 is already offline.
2. Can we do any backup the DC in any other way?
3. Do we have a way to backup Dc user and group or the updated computer
password :)
4. If I join another AD DC and replicate it and also demote DC1 (Can we do
that as I see the bugs report) would DC2 now be better???

Thank You.

On Wed, Aug 20, 2014 at 1:54 AM, Marc Muehlfeld <mmuehlfeld at samba.org>

> Hello,
> Am 19.08.2014 13:07, schrieb Chan Min Wai:
> > If I've a snapshot of the server... (the only one)
> >
> > Can I rollback and create a backup (copying these /var/lib/samba/
> offline)
> > And move this to another server to do the backup?
> >
> > As I cannot create the backup last time because of the wrong LDflags I've
> > compile...
> >
> > Please advise.
> Was the snapshot made during runtime? Then you maybe have inconsistent
> databases in your backup. But if the current live version is completely
> broken, I would try that one of course. But only if this is your only
> DC. Never restore a DC, if there is at least one healthy is online! The
> replication could mix up your AD completely.
> If at least one DC is healthy, join a new one and demote the broken
> one(s). The problem is, that all ways to demote are currently broken:
> - Via Windows: https://bugzilla.samba.org/show_bug.cgi?id=10595
> - Via samba-tool: https://bugzilla.samba.org/show_bug.cgi?id=10734
> But remember: When you go back to a backup of your AD, then all changes
> done in the meantime are lost. And this are not just the obvious
> ones(create/delete users, etc.). E. g. all Windows machines change their
> machine account password per default every 30 days. So it could be
> possible that machines that had changed their passwords meanwhile, have
> to be re-joined to the domain.
> Regards,
> Marc

More information about the samba mailing list