[Samba] NT_STATUS_CONNECTION_REFUSED Joining Domain - Desperately need help

Rowland Penny rpenny at samba.org
Fri Mar 9 09:06:52 UTC 2018 

On Thu, 8 Mar 2018 15:58:43 -0600 (CST)
Brent Davidson via samba <samba at lists.samba.org> wrote:

> I am desperately in need of help. I have a Centos 7.2 server running
> Samba 4.6.13 as an active directory domain controller. I am trying to
> join a new Centos 7.4 server running Samba 4.6.13 to the domain. The
> domain command will not connect to the other server. 
> 
> How this problem started: 
> I originally had two domain controllers, both of which were running
> Samba 4.5. I was troubleshooting a time sync issue between Windows 10
> workstations and the server that appeared to come from a bug in the
> older Samba 4.5 version. I update the secondary domain controller to
> Samba 4.6.13 and that appeared to go fine, so I switched over to the
> primary domain controller and tried to upgrade it to 4.6.13.
> Something went wrong, and users were no longer able to access the
> domain. I switched to the backup domain controller and promoted it to
> primary and all was well again, so I took the original primary
> off-line and tried to solve the issue. After taking the old primary
> off-line, DNS stopped resolving for the network. Things get a bit
> murky at this part because my phone was runing off the hook, but I
> managed to wipe out the /var/lib/samba/private folder from one of the
> servers. Since my backups were of the old 4.5 database versions and I
> was unable to roll back the Samba version, I had to copy
> the /var/lib/samba/private folder from one server to the other, then
> remove the server entries for the non-working server. 
> 

I don't know what your original problem was, but you made it a
magnitude times worse when you copied /var/lib/samba/private from one
DC to another. Whilst DCs replicate between one another, not everything
is replicated and some things are specific to each DC.

Do you have a backup of the original 4.5 DC that held all the FSMO
roles (note, you didn't have a primary domain controller or a secondary
domain controller or a backup domain controller, you just had DCs. All
DCs are equal except for the FSMO roles). If you do have this backup, I
would suggest you turn off all your DCS and reinstall the DC from the
backup and start again.

Rowland

More information about the samba mailing list