[Samba] dcpromo on W2k8 R2 server with existing Samba AD domin fails to complete
mmx at exm0.net
Thu Apr 11 06:20:50 UTC 2019
I’m attempting to stand up a Windows 2008 R2 server as a domain controller to integrate with an existing Samba AD environment with 6x Samba AD servers (4.10.1) and multiple sites. This is the first Windows DC.
I have a couple other Win2012 servers that are already domain joined, and ~ 300 Win 10 desktop/laptop hosts
I’ve followed the guide on the wiki:
I reach the last step in the process and see this window
I watch messages in the status window as shown in the .png file until I see this message:
“Replicating data CN=Configuration,DC=my,DC=company,DC=com: Received 1712 out of approximately 1712 objects and 88 out of approximately 88 distinguished name (DN) values …”
The DC promotion process hangs and never progresses after this message appears.
I enabled log level 5 on the Samba DC that I chose for replication. I can’t see any obvious errors there.
The W2k8 R2 event log contains:
"Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
The remote procedure call failed. (1726)”
Also, when I view my domain info with RSAT “Active Directory Users and Computers” I don’t see any CN called “Configuration” which is the CN that the dcpromo window is displaying when it stops progressing.
The little animation in the status window just keeps going too! It’s taunting me with the illusion of progress.
Anyone have any ideas here?
I tried removing all custom GPOs from my DC’s and that didn’t help.
I’m using BIND 9.10 backend and I’m running on Ubuntu 16.04. I compile new versions of samba on a fresh Ubuntu 16.04 container and use ‘checkinstall’ to generate a .deb package which I use to distribute the build(s) to the DCs
# Global parameters
netbios name = DC1
realm = MY.COMPANY.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = COMPANY
# dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
dns zone scavenging = yes
idmap_ldb:use rfc2307 = yes
tls enabled = yes
tls keyfile = tls/cert.key
tls certfile = tls/cert.pem
tls cafile = tls/int_ca.pem
logging = file
log level = all:5
# rpc_parse:5 rpc_srv:5 rpc_cli:5 dns:3 dsdb_audit:4 dsdb_password_audit:4 auth_audit:4 auth:1 passdb:3 winbind:2
path = /var/lib/samba/sysvol/my.company.com/scripts
read only = No
path = /var/lib/samba/sysvol
read only = No
More information about the samba