[Samba] NT_STATUS_INTERNAL_ERROR from RPC server on samba 4.5.8 AD DC

Richard Connon richard at connon.me.uk
Mon Oct 16 16:01:29 UTC 2017 

To try and narrow down this issue I tried to setup a test environment 
using two fresh install Debian 9.2 VMs, now running samba 4.5.12 since 
it was updated in Debian.

I provisioned a new domain using `samba-tool domain provision` on the 
first VM, let it generate the smb.conf itself, and configured it using 
the BIND9_DLZ DNS backend.

I tried to join the domain using a second Debian 9.2 VM using `net ads 
join -UAdministrator` after setting the DNS resolver to be the test DC 
and synchronising with NTP on the DC. This failed with the error:

"Failed to join domain: failed to lookup DC info for domain 
'ADS.TEST.LOCAL' over rpc: An internal error occurred."

Finally, I tried to connect to RPC on the DC using `rpcclient` which 
failed, as before, with NT_STATUS_INTERNAL_ERROR.

Is there some inherent problem with the Debian packages and the RPC 
server component of the DC? Alternatively, is there somewhere else I 
should be looking for the root cause of this?

Regards,

Richard


On 04/10/2017 22:14, Richard Connon wrote:
> Hi,
>
> I have a samba 4.5.8 AD DC (debian 9.1 package) which is having 
> problems with RPC requests. This DC has been updated from the 
> wheezy-backports package (4.1.17) via the jessie package (4.2.14) but 
> I'm not sure if RPC worked immediately before the upgrade either since 
> most of the time it only serves LDAP and krb5.
>
> Connecting using RSAT from windows gives "RPC Server Unavailable" 
> message.
>
> To try and isolate the problem I firewalled traffic from all but one 
> host and attempted to connect using rpcclient. From this I see 
> NT_STATUS_INTERNAL_ERROR
>
> Attached are files containing the output from rpcclient, the logs from 
> samba and smbd and the smb.conf from the client and the AD DC. The 
> logs are all at log level 3 but I can re-generate them at a higher 
> debug level if someone thinks this may be helpful.
>
> The internal error seems to be shown in the smbd log but there's 
> nothing which really indicates (to me) what might have gone wrong to 
> cause it.
>
> Anyone have any ideas?
>

More information about the samba mailing list