[Samba] Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE

Stefan Bellon bellon at axivion.com
Tue Mar 30 12:43:00 UTC 2021

Hi all,

I have set up two Samba 4.13.5 AD DC on Debian Bullseye recently and
the logfile log.smbd is full of

[2021/03/30 11:19:46.883518,  0] ../../source3/rpc_server/rpc_server.c:1086(dcesrv_auth_gensec_prepare)
  dcesrv_auth_gensec_prepare: Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE

I have not yet traced it down to the root cause, that's why I am here
to ask for help. I have seen the message appear in the log file for
unsuccessful login attempts as well as successful login attempts to
a domain computer, but I've also seen the message appear when working
in the GPMC.

Background story follows:

I was handed over a Samba 4.2.14 AD DC instance on an old Debian 8.11
(Jessie) VM which was running with a Samba process uptime for 3 years
and where the Samba daemon did not survive a restart any more (VM
snapshot restore to the rescue!).

I figured it would be a good idea to move the domain to two newly set
up Samba AD DC instances (with redundancy) and retire the old 4.2.14
instance completely.

After reading through almost all of the pages at
https://wiki.samba.org/index.php I set up the two new Samba 4.13.5 AD
DC instances on Debian Bullseye, configured BIND9 9.16 accordingly
(with DLZ and mirroring the other zones), moved DHCP and NTP to those
machines as well and finally joined the domain and even made the first
of the new DCs (DC1) the PDC. Additionally I set up Sysvol replication
between the new DCs using unison (the old one will be retired anyway
and PDC is one of the new ones).

So far, I think, everything looks fine and "works". The old Samba
4.2.14 is still in the domain until I have confidence that I can safely
remove it.

And here those log messages come into play: I have the feeling that
something is not quite right if I continuously get

[2021/03/30 11:19:46.883518,  0] ../../source3/rpc_server/rpc_server.c:1086(dcesrv_auth_gensec_prepare)
  dcesrv_auth_gensec_prepare: Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE

messages in the log.

Can you give me any hints of how to debug this any further and find out
what's the root cause?

I'm happy to supply configuration snippets and log files if the
necessity arises.



Dipl.-Inf. Stefan Bellon
Axivion GmbH
Nobelstr. 15
70569 Stuttgart

Tel: +49 711 6204378-11
Fax: +49 711 6204378-99

Geschaeftsfuehrung / Managing Directors:
Stefan Bellon, Thomas Eisenbarth, Sebastian Rummler
Sitz der Gesellschaft / Registered Office: Stuttgart
Registergericht / Registration Court: Amtsgericht Stuttgart, HRB 720590
Pflichtangaben nach Art. 13 DSGVO / Mandatory information according to
Art. 13 GDPR: https://www.axivion.com/pflichtangaben

Unser Qualitaetsmanagementsystem ist zertifiziert nach ISO 9001
Our quality management system is certified according to ISO 9001

Treffen Sie uns! / Meet us!
ICSA - International Conference on Software Architecture digital,
22.-26.03.2021 VECS - Vehicle Electronics and Connected Services,
Gothenburg/Sweden, 19.-20.05.2021

More information about the samba mailing list