[Samba] Newly joined DC - Failed to bind to uuid for ncacn_ip_tcp .. NT_STATUS_INVALID_PARAMETER
jmhunter1 at gmail.com
Sun Feb 16 11:53:58 UTC 2020
Following up on this post for the benefit of the archives, I don't
want to be another DenverCoder9! 
I believe I have fixed this issue now (although I am at a loss to
explain how it occurred in the first place). Hopefully I correctly
figured out what SPNs should be present against each machine - I'm not
an expert in this area, but am describing the process I went through
below in the hope that it will help some future person who might have
the same issue.
If I've mis-understood SPNs then hopefully someone can correct me :)
On Tue, 28 Jan 2020 at 17:52, Jonathan Hunter <jmhunter1 at gmail.com> wrote:
> The error I am getting in the logs on other DCs is below (this example
> is from the log file on existing dc2, trying to replicate to newdc)
> Jan 28 14:19:37 dc2 samba: [2020/01/28 14:19:37.115584, 0]
> Jan 28 14:19:37 dc2 samba: Failed to bind to uuid
> 11111111-2222-3333-4444-5555555555 for
> Previous google searches uncovered some mentions of TLS issues but I
> I don't know much about SPNs - is there anything I can check there, perhaps?
The issue, as far as I can see, turned out to be nothing to do with
DNS entries, /etc/hosts files, TLS or anything of that sort.
In the end, and I have no idea why, it seems I had ended up with a
situation where DC2 (which was the existing and running DC) had some
*extra* SPNs stored in AD that belonged to an old instance of DC1 (the
DC I was trying to join).
A 'normal' DC looks like this (in my environment, at least - the
output shown below is from DC1 now that I have successfully joined it
to my domain):
user at dc2:~ $ sudo samba-tool spn list dc1$
User CN=DC1,OU=Domain Controllers,DC=mydomain,DC=org,DC=uk has the
However, before I was able to join DC1 successfully (when I was having
the issues described in the original post), I finally spotted that DC2
had the following SPN entries which didn't seem correct:
(I have annoted the output below)
user at dc2:~ $ sudo samba-tool spn list dc2$
User CN=DC2,OU=Domain Controllers,DC=mydomain,DC=org,DC=uk has the
---> the below is all correct as it relates to DC2 <---
---> everything below this line is not correct as it relates to DC1,
not DC2 <---
I ran 'sudo samba-tool spn delete' for each of the entries that I felt
shouldn't have been there, e.g.
$ sudo samba-tool spn delete HOST/dc1.mydomain.org.uk DC2$
$ sudo samba-tool spn delete HOST/dc1.mydomain.org.uk/MYDOMAIN DC2$
After that point, I was able to join DC1 to the domain without any issue.
"If we knew what it was we were doing, it would not be called
research, would it?"
- Albert Einstein
More information about the samba