[Samba] NT_STATUS_CONNECTION_REFUSED Joining Domain - Desperately need help
lingpanda101
lingpanda101 at gmail.com
Fri Mar 9 13:14:35 UTC 2018
On 3/9/2018 4:06 AM, Rowland Penny via samba wrote:
> On Thu, 8 Mar 2018 15:58:43 -0600 (CST)
> Brent Davidson via samba <samba at lists.samba.org> wrote:
>
>> I am desperately in need of help. I have a Centos 7.2 server running
>> Samba 4.6.13 as an active directory domain controller. I am trying to
>> join a new Centos 7.4 server running Samba 4.6.13 to the domain. The
>> domain command will not connect to the other server.
>>
>> How this problem started:
>> I originally had two domain controllers, both of which were running
>> Samba 4.5. I was troubleshooting a time sync issue between Windows 10
>> workstations and the server that appeared to come from a bug in the
>> older Samba 4.5 version. I update the secondary domain controller to
>> Samba 4.6.13 and that appeared to go fine, so I switched over to the
>> primary domain controller and tried to upgrade it to 4.6.13.
>> Something went wrong, and users were no longer able to access the
>> domain. I switched to the backup domain controller and promoted it to
>> primary and all was well again, so I took the original primary
>> off-line and tried to solve the issue. After taking the old primary
>> off-line, DNS stopped resolving for the network. Things get a bit
>> murky at this part because my phone was runing off the hook, but I
>> managed to wipe out the /var/lib/samba/private folder from one of the
>> servers. Since my backups were of the old 4.5 database versions and I
>> was unable to roll back the Samba version, I had to copy
>> the /var/lib/samba/private folder from one server to the other, then
>> remove the server entries for the non-working server.
>>
> I don't know what your original problem was, but you made it a
> magnitude times worse when you copied /var/lib/samba/private from one
> DC to another. Whilst DCs replicate between one another, not everything
> is replicated and some things are specific to each DC.
>
> Do you have a backup of the original 4.5 DC that held all the FSMO
> roles (note, you didn't have a primary domain controller or a secondary
> domain controller or a backup domain controller, you just had DCs. All
> DCs are equal except for the FSMO roles). If you do have this backup, I
> would suggest you turn off all your DCS and reinstall the DC from the
> backup and start again.
>
> Rowland
>
Not much more I can say outside of what Rowland has suggested. I did
find this interesting with regards to your DNS problems.
getlmhostsent: lmhost entry: 127.0.0.1 localhost
getlmhostsent: lmhost entry: 10.10.11.4 old-dc.redacteddomain.redacted.com
I wouldn't normally expect to see lmhost entries unless explicitly
created. I would allow DNS to find your domain.
--
James
More information about the samba
mailing list