[Samba] NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC

Sven Schwedas sven.schwedas at tao.at
Fri Apr 7 11:44:32 UTC 2017

In the end I just upgraded all DCs to 4.5 and remote-deleted the broken
ones. Seemed to work without a hitch, manual removal was only necessary
to remove the IPs from DNS\_msdcs.ourdomain\gc\.

I'll try adding new DCs on a date that's not "Friday two hours before I
disappear for vacation".

On 2017-03-29 16:51, Sven Schwedas via samba wrote:
> Situation: Trying to upgrade Samba from 4.1 to 4.5 without disruption
> too much by adding new DCs and demoting old ones.
> After bringing online the first 4.5 DC, I ran `demote
> --remove-other-dead-server=` on that DC to remove one of the old 4.1 DCs
> (held no FSMO roles). That seemed to run fine (the DC had been offline
> for a few weeks at that point and I didn't want to restore it just for
> demotion.)
> At that point, some (but not all) of our file servers started throwing
> also completely fail to connect to the domain.
> Some of the old DCs started throwing "Failed to bind to uuid
> e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
> e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:7e4973ba-4093-4523-a70f-7caa4845e34d._msdcs.ad.tao.at[1024,seal,krb5]
> Attempts to remove the new ADDC fail with "(2, 'WERR_BADFILE')".
> So… How the fuck do I recover from this? What's even wrong?

Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167
https://pave.software – PAVE Password Manager

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20170407/d7f34d7a/signature.sig>

More information about the samba mailing list