[Samba] Server 2008R2 won't join 4.5.0 Domain

Kelvin Yip kelvin at icshk.com
Fri Nov 11 03:27:19 UTC 2016 

Hi,

Transfer of FSMO to Windows 2008 R2 seems to be fine. However, Samba is not replicated successfully with Windows 2008 R2.
After transfer the FSMO to Windows 2008 R2, I try to demote the last Samba DC, but it said access denied.
Now, on the Windows 2008 R2 with all FSMO, whenever I tried to use netdom query fsmo, delete samba DC via Active Directory Users and Computers, or ntdsutil. 
All are access denied.

Any ideas ?

Best,
Kelvin Yip

-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Thomas Maerz via samba
Sent: Thursday, November 10, 2016 11:42 PM
To: Kelvin Yip <kelvin at icshk.com>
Cc: samba at lists.samba.org
Subject: Re: [Samba] Server 2008R2 won't join 4.5.0 Domain

This is actually a similar scenario to mine, I neglected to mention that before this happened, I had joined a Server 2008 R2 to the domain and promoted it to FSMO, then moved FSMO back to S4 DC and demoted the Server 2008 R2 controller.

I did what you suggested and it worked! I am assuming this is a bug. Thank you for your suggestion.

Thomas Maerz
> On Nov 9, 2016, at 3:59 AM, Kelvin Yip via samba <samba at lists.samba.org> wrote:
> 
> Hello,
> 
> I am using 4.5.1, the first time I promote a Windows 2008 R2 as a domain controller, everything is fine.
> After that, I demote 1 Windows 2008 R2 and 1 Samba DC(4.5.1). Then I promote a Windows 2008 R2 DC again, I get the exact problem as yours. I cancel the process.
> Then I ran to DC with all FSMO roles, and type the following command several times:
> samba-tool dbcheck --cross-ncs --fix --yes samba-tool dbcheck 
> --cross-ncs --fix --yes 'fix_replmetadata_unsorted_attid'
> 
> There is still errors, but less than before.
> Now, I promote Windows 2008 R2 DC again and everything works fine.
> Hope it helps.
> 
> Best,
> Kelvin Yip
> 
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Thomas 
> Maerz via samba
> Sent: Wednesday, November 9, 2016 12:55 AM
> To: samba <samba at lists.samba.org>
> Subject: [Samba] Server 2008R2 won't join 4.5.0 Domain
> 
> Hello,
> 
> I can’t get a fully patched Server 2008 R2 DC to finish DCPROMO joining as a domain controller to my Samba4 AD domain.
> 
> dcpromo.exe begins replication but gets stuck on “Replicating data 
> CN=Configuration,DC=samdom,DC=contoso,DC=com: Received 1999 off of 
> approximately 1999 objects and 74 out of approximately 74 
> distinguished name (DN) values…
> 
> Examining the dcpromo.log file just shows thousands of these messages repeating indefinitely. I have left it for hours and nothing has changed.
> 
> After searching the internet I’ve run into a few things I think might be relevant, but I can’t figure out a way to correct it.
> 
> This person had similar symptoms: https://lists.samba.org/archive/cifs-protocol/2011-June/001954.html <https://lists.samba.org/archive/cifs-protocol/2011-June/001954.html> The thread just mysteriously ended though with no resolution, and their issue was occurring during boot.
> 
> I am also seeing lots of errors with samba-tool dbcheck:
> 
> ERROR: incorrect GUID component for member in object 
> CN=arc_info,OU=Groups,DC=samdom,DC=contoso,DC=com - 
> <GUID=d6a2ae825b3487459f31010ce5c2ecb0>;<RMD_ADDTIME=13039638926000000
> 0>;<RMD_CHANGETIME=130458616690000000>;<RMD_FLAGS=1>;<RMD_INVOCID=71d8
> 0bb55484734b90ba2875af7fcfb7>;<RMD_LOCAL_USN=22603>;<RMD_ORIGINATING_U
> SN=22603>;<RMD_VERSION=1>;<SID=010500000000000515000000304c563cc305b2f
> 7e2cb6a3c56160000>;CN=Kay Jones,CN=Users,DC=ad,DC=brewerscience,DC=com
> unable to find object for DN CN=User 
> K,CN=Users,DC=samdom,DC=contoso,DC=com - (No such Base DN: CN=User 
> K,CN=Users,DC=ad,DC=brewerscience,DC=com)
> Not removing dangling forward link
> ERROR: incorrect DN string component for member in object CN=Test 
> ITAR,OU=Test Groups,DC=ad,DC=brewerscience,DC=com - 
> <GUID=e6261396-5bbc-4136-9728-37bde2789391>;<RMD_ADDTIME=1303541862200
> 00000>;<RMD_CHANGETIME=130374712860000000>;<RMD_FLAGS=1>;<RMD_INVOCID=
> 5a39a061-2ec9-4e95-adf8-539291ecd2ea>;<RMD_LOCAL_USN=4330>;<RMD_ORIGIN
> ATING_USN=4069>;<RMD_VERSION=1>;<SID=S-1-5-21-1012288560-4155639235-10
> 13631970-1112>;CN=Test User,CN=Users,DC=ad,DC=brewerscience,DC=com
> Not fixing string component mismatch
> Please use --fix to fix these errors
> 
> —fix does not fix the errors at all. I see this bug is present:
> 
> https://bugzilla.samba.org/show_bug.cgi?id=12297 
> <https://bugzilla.samba.org/show_bug.cgi?id=12297>
> 
> Is it possible that this issue is related to my inability to join the domain controller? Is there a way around this?
> 
> Thomas Maerz
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list