[Samba] Error after upgrade NT_STATUS_INTERNAL_DB_CORRUPTION

Carlos carlos.hollow at gmail.com
Wed Jul 24 11:53:48 UTC 2019 

HI

As the reported problem occurred, it follows logs of the join attempt in 
DC with version 4.8.3.

======


samba-tool domain join INTERNO.XXXXXX.COM.BR DC 
-UAdministrator at INTERNO.XXXXXX.COM.BR --dns-backend=BIND9_DLZ --option
='idmap_ldb:use rfc2307 = yes'
Finding a writeable DC for domain 'INTERNO.XXXXXX.COM.BR'
Found DC dc-samba-a2.interno.XXXXXX.com.br
Password for [Administrator at INTERNO.XXXXXX.COM.BR]:
workgroup is SERVERAD
realm is interno.XXXXXX.com.br
Adding CN=DC-SAMBA-09,OU=Domain 
Controllers,DC=interno,DC=XXXXXX,DC=com,DC=br
Adding 
CN=DC-SAMBA-09,CN=Servers,CN=Filial-09,CN=Sites,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br
Adding CN=NTDS 
Settings,CN=DC-SAMBA-09,CN=Servers,CN=Filial-09,CN=Sites,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br
Adding SPNs to CN=DC-SAMBA-09,OU=Domain 
Controllers,DC=interno,DC=XXXXXX,DC=com,DC=br
Setting account password for DC-SAMBA-09$
Enabling account
Adding DNS account 
CN=dns-DC-SAMBA-09,CN=Users,DC=interno,DC=XXXXXX,DC=com,DC=br with dns/ SPN
Setting account password for dns-DC-SAMBA-09
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint 
on local domainSIDs

A Kerberos configuration suitable for Samba AD has been generated at 
/opt/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it 
with this one. Do not create a symlink!
Provision OK for domain DN DC=interno,DC=XXXXXX,DC=com,DC=br
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[402/1563] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[804/1563] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[1206/1563] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[1563/1563] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[402/1612] linked_values[0/0]
Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[804/1612] linked_values[0/0]
Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[1206/1612] linked_values[0/0]
Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[1608/1612] linked_values[0/51]
Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[1612/1612] linked_values[71/71]
Failed to commit objects: DOS code 0x000021bf
Missing target object - retrying with DRS_GET_TGT
Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[2014/1612] linked_values[0/0]
Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[2416/1612] linked_values[0/0]
Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[2818/1612] linked_values[0/0]
Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[3220/1612] linked_values[51/51]
Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[3224/1612] linked_values[20/71]
Replicating critical objects from the base DN of the domain
Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[97/97] 
linked_values[38/38]
Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[499/2393] 
linked_values[0/0]
Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[901/2393] 
linked_values[0/0]
Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[1303/2393] 
linked_values[0/96]
../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in 
CN=001-CONTABIL-04,CN=Computers,DC=interno,DC=XXXXXX,DC=com,DC=br for 
index on servicePrincipalName, duplicate of objectGUID 
a1defff7-33e8-4110-bc08-fd7b1d32dafd in 
@INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-CONTABIL-04.INTERNO.XXXXXX.COM.BR
Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[1705/2393] 
linked_values[0/437]
Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[2107/2393] 
linked_values[0/1473]
../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in 
CN=001-TI-03,OU=Computers_ERECHIM,OU=Erechim,OU=YYYYYY,DC=interno,DC=XXXXXX,DC=com,DC=br 
for index on servicePrincipalName, duplicate of objectGUID 
180bd2b9-93ec-4d98-98cd-36cba686d7a2 in 
@INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-TI-03.INTERNO.XXXXXX.COM.BR
Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[2490/2393] 
linked_values[1500/1983]
../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in 
CN=001-RECEB-08-PC,CN=Computers,DC=interno,DC=XXXXXX,DC=com,DC=br for 
index on servicePrincipalName, duplicate of objectGUID 
c7e5504d-a168-471e-90bf-736b942f216d in 
@INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-RECEB-08-PC.INTERNO.XXXXXX.COM.BR
../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in 
CN=001-FISCAL-05,CN=Computers,DC=interno,DC=XXXXXX,DC=com,DC=br for 
index on servicePrincipalName, duplicate of objectGUID 
c98215d2-86b3-4b6d-8935-8f34ed59074b in 
@INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-FISCAL-05.INTERNO.XXXXXX.COM.BR
../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in 
CN=001-COMPRAS-09,OU=Computers_Locked,OU=Erechim,OU=YYYYYY,DC=interno,DC=XXXXXX,DC=com,DC=br 
for index on servicePrincipalName, duplicate of objectGUID 
cd0e1577-46c5-4db4-9347-66ea41cbf448 in 
@INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-COMPRAS-09.INTERNO.XXXXXX.COM.BR
../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in 
CN=001-FISCAL-02,CN=Computers,DC=interno,DC=XXXXXX,DC=com,DC=br for 
index on servicePrincipalName, duplicate of objectGUID 
02b72eed-9377-48de-8a44-437ea22d618a in 
@INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-FISCAL-02.INTERNO.XXXXXX.COM.BR
Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[2490/2393] 
linked_values[483/1983]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br
Partition[DC=DomainDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[402/638] linked_values[0/0]
Partition[DC=DomainDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[638/638] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br
Partition[DC=ForestDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br] 
objects[15/15] linked_values[0/0]
WARNING: Unable to replicate own RID Set, as server 
dc-samba-a2.interno.XXXXXX.com.br (the server we joined) is not the RID 
Master.
NOTE: This is normal and expected, Samba will be able to create users 
after it contacts the RID Master at first startup.
Committing SAM database
Adding 1 remote DNS records for DC-SAMBA-09.interno.XXXXXX.com.br
Adding DNS A record DC-SAMBA-09.interno.XXXXXX.com.br for IPv4 IP: 
192.168.9.240
Adding DNS CNAME record 
05d6c868-de73-4899-affa-a934228cc186._msdcs.interno.XXXXXX.com.br for 
DC-SAMBA-09.interno.XXXXXX.com.br
Join failed - cleaning up
Deleted CN=DC-SAMBA-09,OU=Domain 
Controllers,DC=interno,DC=XXXXXX,DC=com,DC=br
Deleted CN=dns-DC-SAMBA-09,CN=Users,DC=interno,DC=XXXXXX,DC=com,DC=br
Deleted CN=NTDS 
Settings,CN=DC-SAMBA-09,CN=Servers,CN=Filial-09,CN=Sites,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br
Deleted 
CN=DC-SAMBA-09,CN=Servers,CN=Filial-09,CN=Sites,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br
Deleted 
DC=DC-SAMBA-09,DC=interno.XXXXXX.com.br,CN=MicrosoftDNS,DC=DomainDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br
ERROR(runtime): uncaught exception - (9003, 
'WERR_DNS_ERROR_RCODE_NAME_ERROR')
   File 
"/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 
176, in _run
     return self.run(*args, **kwargs)
   File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", 
line 706, in run
     plaintext_secrets=plaintext_secrets)
   File "/opt/samba/lib/python2.7/site-packages/samba/join.py", line 
1482, in join_DC
     ctx.do_join()
   File "/opt/samba/lib/python2.7/site-packages/samba/join.py", line 
1390, in do_join
     ctx.join_add_dns_records()
   File "/opt/samba/lib/python2.7/site-packages/samba/join.py", line 
1149, in join_add_dns_records
     dns_partition=forestdns_zone_dn)
   File "/opt/samba/lib/python2.7/site-packages/samba/samdb.py", line 
957, in dns_lookup
     dns_partition=dns_partition)

===

Regards


On 23/07/2019 18:36, Carlos wrote:
>
> Hi!
>
> I upgraded from 4.8.3 to 4.10.6 and the problem occurred again:
>
> smbclient // localhost / netlogon -UAdministrator -c 'ls'
> Enter XXXXXXXX \ Administrator's password:
> session setup failed: NT_STATUS_INTERNAL_DB_CORRUPTION
>
> Any suggestions or perform the process I did before?
>
> Regards;
>
>
> On 23/07/2019 13:48, Carlos wrote:
>> OK,
>>
>> Thanks for all.
>>
>> Regards;
>>
>> On 23/07/2019 12:06, Rowland penny via samba wrote:
>>> On 23/07/2019 16:02, Carlos via samba wrote:
>>>> I haven't more output log, because i need join in dc in last week, 
>>>> and i "resolved"(workaround) in used samba 4.6.X -> after -> 4.8.3.
>>>> Sorry.....
>>>
>>> OK, it would have been nice to have the output, this is because 
>>> there may be a bug.
>>>
>>>
>>>> But, now in all Dcs samba 4.8.3 i can update for 4.10.X or dont 
>>>> recommend? ?
>>>
>>> You should be able to upgrade to to 4.10.x from 4.8.3
>>>
>>> Rowland
>>>
>>>
>>>

More information about the samba mailing list