[Samba] Can't join domain as DC

Mitocariu Emilian mitocariu.emilian at gmail.com
Fri Jun 23 08:04:49 UTC 2017 

Hello,

I have 2 offices connected through VPN (all ipv4 and ipv6 traffic allowed),
every office with it's own subnet. I built a DC in office1 for
mydomain.local, built a second one in same office and joined mydomain.local
with no problem. Then i built a DC in office2, but when i try it to join
mydomain.local, the join process blocks at "Setting account password for
OFFICE2-DC$" and throws an error after some time.

Here is the full output of the join:
root at office2-dc:~# samba-tool domain join mydomain.local DC -Umyuser
--realm=mydomain.local --server=dc.ip.from.office1
Password for [WORKGROUP\myuser]:
workgroup is MYDOMAIN
realm is mydomain.local
checking sAMAccountName
Deleted CN=OFFICE2-DC,OU=Domain Controllers,DC=mydomain,DC=local
Deleted CN=NTDS
Settings,CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Deleted
CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Adding CN=OFFICE2-DC,OU=Domain Controllers,DC=mydomain,DC=local
Adding
CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Adding CN=NTDS
Settings,CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Adding SPNs to CN=OFFICE2-DC,OU=Domain Controllers,DC=mydomain,DC=local
Setting account password for OFFICE2-DC$
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 621,
in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1170, in
join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1073, in
do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 605, in
join_add_objects
    attrs=["msDS-KeyVersionNumber"])

If it matters, i use samba 4.3.11-Ubuntu.

Any idea what could break the join process and how i could fix it?

More information about the samba mailing list