[Samba] Unable to "rejoin" existing DC after upgrade (infamous WERR_FILE_NOT_FOUND)
Rowland Penny
rpenny at samba.org
Wed Mar 8 16:01:34 UTC 2023
Please do not 'cc' me or reply to 'all', just reply to the list
On 08/03/2023 15:20, Fabrizio Rompani wrote:
>
>
> ----- Messaggio originale -----
> Da: "Rowland Penny via samba" <samba at lists.samba.org>
> A: "samba" <samba at lists.samba.org>
> Cc: "Rowland Penny" <rpenny at samba.org>
> Inviato: Mercoledì, 8 marzo 2023 16:05:30
> Oggetto: Re: [Samba] Unable to "rejoin" existing DC after upgrade (infamous WERR_FILE_NOT_FOUND)
>
> On 08/03/2023 14:38, Fabrizio Rompani via samba wrote:
>> hi ,
>> thank's for your reply .
>> no , current DC doesn't have that GUID:
>>
>> samba-tool spn list zimbra$
>> zimbra$
>> ...
>> ldap/3ecb2a51-b21d-4bef-84ed-700db7963ff4._msdcs.domain.lan
>>
>>
>> samba-tool spn list landc$
>> landc$
>> ...
>> ldap/5bf8cf1f-1e35-40c6-a20d-0abc88238d92._msdcs.domain.lan
>>
>>
>> that GUID is of the machine we are trying to join to:
>> samba-tool spn list nextcloud$
>> nextcloud$
>> ...
>> ldap/3fa4ff9a-7fdc-4912-ad73-08b98f6bf347._msdcs.domain.lan
>>
>> is there some other we can look at?
>> thank's
>>
>
> I might be misunderstanding something here, but it sounds like you are
> trying to join a running DC to a running domain
>
> Forget you have three 'potential' DC's for a moment, the way to join a
> new DC goes like this:
>
> You have a fully working DC, lets call it DC1
> You now want to add another DC, lets call this DC2
>
> You go to DC2 (which it this point isn't a DC), you configure it to use
> DC1 as its name server, you remove the smb.conf and stop any running
> Samba daemons. You then run the command to join as a DC:
> samba-tool domain join domain.lan DC ...................
>
> This should then replicate most of the AD records from an existing AD DC
> to what is becoming your new DC (the rest are created when the new DC is
> started or shortly after)
>
> Is this basically what you are doing ?
>
>
> Yes, that's exactly what we 're doing.
> more precisly:
> previously we have dc2 joined as DC and all fully functioning .
> we have demoted and removed samba .
> than upgraded from 4.14 to samba 4.17
> and finally triyng to re-join as you described : remove smb.conf , stop samba , samba-tool domain join domain.lan DC .
> at this stage , on the new dc node seems everything ok: ALL GOOD
> but the remote ones are in error with WERR_FILE_NOT_FOUND.
So, these errors are occurring after the join has completed, what, if
anything, are you doing to trigger them ?
Can you ping the other two DC's from each DC ?
Please define 'remote'.
Is each DC using its own ipaddress as its first nameserver in
/etc/resolv.conf ?
Have you checked replication with:
samba-tool drs relication
Have you checked each DC's database with:
samba-tool dbcheck
have you tried to replicate from the DC that holds the PDC_Emulator FSMO
role to the other two
Have you checked replication with:
samba-tool ldapcmp
Rowland
More information about the samba
mailing list