[Samba] Issue to Demote old DC

[Marcio Demetrio Bacci]

Hi,

I'm trying demote my old DC, but the following message appear:

root at dc-old:~# samba-tool domain demote -Uadministrator
Using dc1.empresa.com.br as partner server for the demotion
Password for [EMPRESA\administrator]:
Deactivating inbound replication
Asking partner server dc1.empresa.com.br to synchronize from us
Failed to bind - LDAP error 8 LDAP_STRONG_AUTH_REQUIRED -
<SASL:[GSS-SPNEGO]: Sign or Seal are required.> <>
Failed to connect to 'ldap://dc1.empresa.com.br' with backend 'ldap': (null)
Error while demoting, re-enabling inbound replication
ERROR(ldb): Error while changing account control - None

I have already transferred all the roles to new DC:

samba-tool fsmo show

SchemaMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br

DC1 is the my new DC.

Can anybody help me?

Regards,

Márcio Bacci