[Samba] RPC Server unavailable

Tom Cannaerts - INTRACTO tom.cannaerts at intracto.com
Mon Feb 20 15:27:06 UTC 2017

We have migrated away from a single MS AD to a 2 server Samba AD.

We have DC1, which is a samba 4.5 server, and DC2, which is a samba 4.2
server. Everything seems to be working fine, with the exception that I
can't connect to DC1 using Windows RSAT, where I can connect to DC2 without
any problems.

When connecting, an pretty generic error is shown: "The following
domaincontroller could not be contacted: DC2.<mydomain.local>. The RPC
Server is unavailable.", where <mydomain.local> is our local domainname.

Since it is a .local name, let me start by confirming that we are not using
avahi and that mdns is not listed in /etc/nsswitch.conf, only "files" and

When the error occurs, nothing is added to any logfile, nor is it added to
the eventlog on the Windows machine that's connecting to the server.

We are using BIND9_DLZ as a backend.

kinit / klist is working correctly

I have also done a Wireshark, and it shows soms LDAP/SASL/GSS-API traffic,
as well as some SMB2 traffic. The latter shows a STATUS_INTERNAL_ERROR
(0xc00000e5) error in the SessionSetup command, but I didn't manage to find
any usefull information on Google about that.

Below are the relevant config files. They are identical on both servers,
with the exception that everywhere DC1 is listed, it's DC2 on the working

# smb.conf
workgroup = <DOMAIN>
realm = <DOMAIN>.LOCAL
netbios name = DC1
interfaces = eth0
bind interfaces only = Yes
server role = active directory domain controller
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
ntp_signd, kcc, dnsupdate, s3fs
log level = 2
idmap_ldb:use rfc2307 = yes

tls enabled  = yes
tls keyfile  = tls/dc1.<domain>.local.key
tls certfile = tls/dc1.<domain>.local.crt
tls cafile   = tls/root.<domain>.local.crt

path = /var/lib/samba/sysvol/<domain>.local/scripts
read only = No

path = /var/lib/samba/sysvol
read only = No

# /etc/krb5.conf
        default = FILE:/var/log/samba/krb5libs.log
        kdc = FILE:/var/log/samba/krb5kdc.log
        admin_server = FILE:/var/log/samba/kadmind.log

        default_realm = <DOMAIN>.LOCAL
        dns_lookup_realm = false
        dns_lookup_kdc = true

Met vriendelijke groeten,
Tom Cannaerts

*Service and MaintenanceIntracto - digital agency*

Zavelheide 15 - 2200 Herentals
Tel: +32 14 28 29 29

Ben je tevreden over deze e-mail?


More information about the samba mailing list