[Samba] NT_STATUS_INTERNAL_ERROR and cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR

Ing. Luis Felipe Domínguez Vega luis.dominguez at mtz.desoft.cu
Fri Aug 11 12:02:16 UTC 2017 

This is with -d10, I test in Windows 10 (joining to domain) and same error, "Internal error". One thing, I don't execute the domain provision command because I put all the files created in the old server into the new server, that's metter???

INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
Processing section "[global]"
doing parameter netbios name = DC
doing parameter realm = MTZ.DESOFT.CU
doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
doing parameter workgroup = MTZ
doing parameter server role = active directory domain controller
doing parameter idmap_ldb:use rfc2307 = yes
doing parameter client ldap sasl wrapping = sign
doing parameter ldap server require strong auth = No
doing parameter full_audit:prefix = %u|%I|%S
doing parameter full_audit:failure = connect
doing parameter full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath
doing parameter full_audit:facility = local5
doing parameter full_audit:priority = notice
doing parameter tls enabled = yes
doing parameter tls certfile = /var/lib/samba/private/tls/dc-cert.pem
doing parameter tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem
doing parameter tls cafile = /var/lib/samba/private/tls/cacert.pem
doing parameter tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl
doing parameter tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem
doing parameter ntlm auth = yes
doing parameter winbind max clients = 10000
doing parameter min protocol = SMB2
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface eth1 ip=fd2d:bba0:d4f9:4fb9:98fe:2ff:fe6b:adcb bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=10.11.0.1 bcast=10.11.0.255 netmask=255.255.255.0
added interface eth0 ip=192.168.0.1 bcast=192.168.0.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="DC"
Client started (version 4.5.8-Debian).
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
Adding cache entry with key=[AD_SITENAME/DOMAIN/MTZ.DESOFT.CU] and timeout=[Thu Jan  1 00:00:00 1970 UTC] (-1502452663 seconds in the past)
sitename_fetch: No stored sitename for realm 'MTZ.DESOFT.CU'
internal_resolve_name: looking up dc.mtz.desoft.cu#20 (sitename (null))
Adding cache entry with key=[NBT/DC.MTZ.DESOFT.CU#20] and timeout=[Thu Jan  1 00:00:00 1970 UTC] (-1502452663 seconds in the past)
no entry for dc.mtz.desoft.cu#20 found.
resolve_hosts: Attempting host lookup for name dc.mtz.desoft.cu<0x20>
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for dc.mtz.desoft.cu#20: 192.168.0.1
Adding cache entry with key=[NBT/DC.MTZ.DESOFT.CU#20] and timeout=[Fri Aug 11 12:08:43 2017 UTC] (660 seconds ahead)
internal_resolve_name: returning 1 addresses: 192.168.0.1:0 
Connecting to 192.168.0.1 at port 445
Socket options:
        SO_KEEPALIVE = 0
        SO_REUSEADDR = 0
        SO_BROADCAST = 0
        TCP_NODELAY = 1
        TCP_KEEPCNT = 9
        TCP_KEEPIDLE = 7200
        TCP_KEEPINTVL = 75
        IPTOS_LOWDELAY = 0
        IPTOS_THROUGHPUT = 0
        SO_REUSEPORT = 0
        SO_SNDBUF = 2626560
        SO_RCVBUF = 1061808
        SO_SNDLOWAT = 1
        SO_RCVLOWAT = 1
        SO_SNDTIMEO = 0
        SO_RCVTIMEO = 0
        TCP_QUICKACK = 1
        TCP_DEFER_ACCEPT = 0
 session request ok
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
cli_session_setup_spnego: using target hostname not SPNEGO principal
cli_session_setup_spnego: guessed server principal=cifs/dc.mtz.desoft.cu at MTZ.DESOFT.CU
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gss_init_sec_context failed with [ The context has expired: Success]
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR
Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR
SPNEGO login failed: An internal error occurred.
session setup failed: NT_STATUS_INTERNAL_ERROR


----- Mensaje original -----
De: "samba" <samba at lists.samba.org>
Para: "samba" <samba at lists.samba.org>
Enviados: Viernes, 11 de Agosto 2017 4:29:32
Asunto: [Samba] NT_STATUS_INTERNAL_ERROR and cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR

Hai, 

We have 2 persons with exact the same problem.
Based on the configs shown by both personsn (Vladimir and Ing. Luis).
I dont see issues which should case this, so as Andrew suggest, keep increasing the debug levels and post these. 
Lets hope we see something here, im bit puzzled about this one.


Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: donderdag 10 augustus 2017 22:43
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] NT_STATUS_INTERNAL_ERROR
> 
> On Thu, 10 Aug 2017 15:43:10 -0400 (CDT) Ing. Luis Felipe 
> Domínguez Vega via samba <samba at lists.samba.org> wrote:
> 
> > Hello, a short history, I am using samba 4 with Debian 9 from the 
> > repository, 2 days ago the server was broken, but I was 
> copy all the 
> > /var/lib/samba directory to a safe place, then I was 
> installed a new 
> > server with the same Debian and samba from repository, and stopped 
> > smbd, nmbd and winbind, unmask samba-ad-dc and finally 
> copied all the 
> > directory from the old server to the new server and started 
> the samba, 
> > all works fine, the bind is integrated with samba_dlz, etc. But now 
> > when i go to join a Windows 7 PC to the domain show an error with 
> > "Internal Error". Inside the AD server i put this command
> > 
> 
> Did you use exactly the same FQDN and ipaddress for the new computer ?
> 
> > 
> >  tls enabled       = yes
> >  tls certfile      = /var/lib/samba/private/tls/dc-cert.pem
> >  tls keyfile       = 
> /var/lib/samba/private/tls/secure/dc-privkey.pem
> >  tls cafile        = /var/lib/samba/private/tls/cacert.pem
> >  tls crlfile       = /var/lib/samba/private/tls/mtz.desoft.cu.crl
> >  tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem
> > 
> 
> You could try recreating the cert files.
> 
> Rowland
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
Luis Felipe Dominguez Vega 
System Administration in Desoft Matanzas | Mob: [ tel:+5353694785 | +5353694785 ] | [ http://www.desoft.cu/ | www.desoft.cu ] 
[ https://www.facebook.com/lfdominguez0104 |    ] [ https://www.linkedin.com/in/luis-felipe-dom%C3%ADnguez-vega-47725794/ |    ] [ https://twitter.com/LuisFelipeDV1 |    ]

More information about the samba mailing list