[Samba] Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData

Matthew Delfino mdelfino.list.samba at KNOCKinc.com
Mon Nov 16 02:36:11 UTC 2015

Hello Colleagues and Mentors,

I'm attempting to join a Samba AD DC that I compiled with samba 4.3.1 on Ubuntu 14.04.3 to a group of three AD DCs, also running Samba on Ubuntu 14.04.3, but each of them is running Canonical's pre-compiled Samba package, v4.1.6.

This already-existing domain has had it's schema updated to include Kerio Connect-specific schema (to support our mail server).

When I run the following command as root:

  samba-tool domain join mydomain.lan DC -Uadministrator --realm=mydomain.lan --dns-backend=SAMBA_INTERNAL

I see the following output:

  Finding a writeable DC for domain 'mydomain.lan'
  Found DC AC-DC10.mydomain.lan
  Password for [WORKGROUP\administrator]:
  workgroup is MYDOMAIN
  realm is mydomain.lan
  checking sAMAccountName
  Adding CN=AD-DC00,OU=Domain Controllers,DC=mydomain,DC=lan
  Adding CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
  Adding CN=NTDS Settings,CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
  Adding SPNs to CN=AD-DC00,OU=Domain Controllers,DC=mydomain,DC=lan
  Setting account password for AD-DC00$
  Enabling account
  Calling bare provision
  Looking up IPv4 addresses
  Looking up IPv6 addresses
  No IPv6 address will be assigned
  Setting up share.ldb
  Setting up secrets.ldb
  Setting up the registry
  Setting up the privileges database
  Setting up idmap db
  Setting up SAM db
  Setting up sam.ldb partitions and settings
  Setting up sam.ldb rootDSE
  Pre-loading the Samba 4 and AD schema
  A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
  Provision OK for domain DN DC=mydomain,DC=lan
  Starting replication
  Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[402/1578] linked_values[0/0]
  Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[804/1578] linked_values[0/0]
  Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[1206/1578] linked_values[0/0]
  Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[1578/1578] linked_values[0/0]
  Analyze and apply schema objects
  Partition[CN=Configuration,DC=mydomain,DC=lan] objects[402/1688] linked_values[0/0]
  Partition[CN=Configuration,DC=mydomain,DC=lan] objects[804/1688] linked_values[0/0]
  Partition[CN=Configuration,DC=mydomain,DC=lan] objects[1206/1688] linked_values[0/0]
  Partition[CN=Configuration,DC=mydomain,DC=lan] objects[1608/1688] linked_values[0/0]
  Partition[CN=Configuration,DC=mydomain,DC=lan] objects[1688/1688] linked_values[45/0]
  Replicating critical objects from the base DN of the domain
  Partition[DC=mydomain,DC=lan] objects[100/100] linked_values[34/0]
  Partition[DC=mydomain,DC=lan] objects[502/755] linked_values[0/0]
  No objectClass found in replPropertyMetaData for CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC=lan!
  Failed to apply records: replmd_replicated_apply_add: error during DRS repl ADD: No objectClass found in replPropertyMetaData for CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC=lan!
  : Object class violation
  Failed to commit objects: WERR_GENERAL_FAILURE
  Join failed - cleaning up
  checking sAMAccountName
  Deleted CN=AD-DC00,OU=Domain Controllers,DC=mydomain,DC=lan
  Deleted CN=NTDS Settings,CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
  Deleted CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
  ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL
    File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
      return self.run(*args, **kwargs)
    File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 621, in run
      machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
    File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1183, in join_DC
    File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1088, in do_join
    File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 828, in join_replicate
    File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 257, in replicate
      schema=schema, req_level=req_level, req=req)

It appears to me that this initial replication is choking here:

  No objectClass found in replPropertyMetaData for CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC=lan!

This makes me think something about my addition of specialized schema has triggered, or tripped on, a bug somewhere downstream. I searched for strings on the internet with similar warnings and found this conversation between Rowland Penny and Luke Bigum:


I'm wondering if I'm in a similar pickle. Could this be the bug I'm hitting?


Any advice on how to get myself out of this, via work-arounds or whatever, would be greatly appreciated. Thank you in advance!


©2015 KNOCK, inc.  All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged.  If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information.  Please be aware that such actions are prohibited.  If you have received this transmission in error, kindly notify the sender by e-mail.  Your cooperation is appreciated.

More information about the samba mailing list