[Samba] Newly joined DC - Failed to bind to uuid for ncacn_ip_tcp .. NT_STATUS_INVALID_PARAMETER

Jonathan Hunter jmhunter1 at gmail.com
Tue Jan 28 21:25:45 UTC 2020 

On Tue, 28 Jan 2020 at 21:04, Rowland penny via samba
<samba at lists.samba.org> wrote:
>
> On 28/01/2020 20:49, Jonathan Hunter via samba wrote:
> >> /etc/resolv.conf
> > newdc$ cat /etc/resolv.conf
> > # Generated by resolvconf
> > nameserver 192.168.1.3  <--- dc2
> > nameserver 192.168.1.6  <--- newdc
> I would swap the order of the first two nameservers, each DC should use
> itself as its nameserver

Fair enough, good point - have now fixed (on dc2 and newdc, I'll do
the other DCs in a minute too)

> > nameserver 192.168.200.10  <--- regular nameserver
> > nameserver 192.168.250.10  <--- regular nameserver
> Those should be in the DC smb.conf as 'dns forwarders'
> > (This matches the format of resolv.conf from my other DCs)
>
> It might do, but those will be wrong as well ;-)

I'll accept that! :) Have now removed those from resolv.conf (they are
indeed in smb.conf as forwarders)

Sadly even after having edited resolv.conf and restarted samba on both
dc2 and newdc, I am still getting the same 'failed to bind to uuid /
NT_STATUS_INVALID_PARAMETER' errors in dc2's log.

I also have an hourly script set up to check replication (via
'samba-tool drs showrepl') and this is showing that dc2 has changes
that it can't send over to newdc.

Interestingly this time round (i.e. today with 4.10.13, rather than
the other day with 4.11.4) I have noticed that only dc2 is reporting
replication failures to newdc. My other DCs haven't yet picked up
newdc in their replication pairings, by the looks of things - I'm not
sure why.

On dc2:
dc2$ sudo samba-tool drs showrepl
[..]
DC=ForestDnsZones,DC=mydomain,DC=org,DC=uk
        Mysite\NEWDC via RPC
                DSA object GUID: <guid here>
                Last attempt @ Tue Jan 28 21:13:57 2020 UTC failed,
result 87 (WERR_INVALID_PARAMETER)
                89 consecutive failure(s).
                Last success @ NTTIME(0)

On dc3 and dc4, NEWDC isn't listed at all (yet?). I gather that a KCC
component runs in the background and updates this; I'm not sure what
frequency it runs at, although I suspect it should be appearing by
now.

DC3 and DC4 run the same hourly script (which essentially greps for
the "failure(s)" string in the output of samba-tool drs showrepl), and
there are no replication failures showing on those.

Cheers

J

-- 
"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein

More information about the samba mailing list