[Samba] Can't join new samba dc to existing dc
Rowland Penny
rpenny at samba.org
Fri Aug 16 06:02:18 UTC 2024
On Fri, 16 Aug 2024 10:30:29 +0700
fransnicho via samba <samba at lists.samba.org> wrote:
> Pada Kam, 15 Agu 2024 pukul 23.49 Rowland Penny via samba <
> samba at lists.samba.org> menulis:
>
> > On Thu, 15 Aug 2024 23:19:29 +0700
> > fransnicho via samba <samba at lists.samba.org> wrote:
> >
> > > On Thu, Aug 15, 2024, 10:35 fransnicho <fransnicho at gmail.com>
> > > wrote:
> > >
> > > > Pada Rab, 14 Agu 2024 pukul 23.21 Rowland Penny via samba <
> > > > samba at lists.samba.org> menulis:
> > > >
> > > >> On Wed, 14 Aug 2024 16:58:12 +0700
> > > >> fransnicho via samba <samba at lists.samba.org> wrote:
> > > >>
> > > >> > I can not join an additional new samba dc ver. 4.19.5 to an
> > > >> > existing samba Ad version 4.19.5 functional level 2008 R2.
> > > >> >
> > > >> > Last week I successfully demote an offline dc3 and move the
> > > >> > fsmo role
> > > >>
> > > >> > /var/log/samba/log.samba
> > > >> >
> > > >> >
> > > >> > 16:34:51.368927, 0]
> > > >> >
> > > >>
> > ../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
> > > >> > ../../source4/dsdb/repl/replicated_objects.c:1244: Failed
> > > >> > add of CN=NTDS
> > > >> >
> > > >>
> > Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> > > >> > - objectclass_attrs: attribute 'hasMasterNCs' on entry
> > > >> > 'CN=NTDS
> > > >> >
> > > >>
> > Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
> > > >> > does not exist in the specified objectclasses!
> > > >> > [2024/08/14 16:34:51.369239, 0]
> > > >> >
> > > >>
> > ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
> > > >> > ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry
> > > >> > failed - WERR_DS_INTERNAL_FAILURE
> > > >>
> > > >> Have you checked your database with 'samba-tool dbcheck' ?
> > > >> Does 'DC6' exist ?
> > > >>
> > > >> Rowland
> > > >>
> > > >>
> > > > Hi Rowland,
> > > > Thanks for your response 🙏
> > > > DC6 exist in many deleted objects, when i run below command :
> > > >
> > > > it at dc4:~$ sudo samba-tool dbcheck -v
> > > > Checking 973 objects
> > > > Checking object
> > > > CN=DC6\0ADEL:7eec18e3-7f3f-49cc-86bc-8bc08b651bcb,CN=Deleted
> > > > Objects,DC=nicho,DC=com
> > > > Checking object
> > > > CN=DC6\0ADEL:51476d30-2626-4169-97a8-4c240e934c2b,CN=Deleted
> > > > Objects,DC=nicho,DC=com
> > > > Checking object
> > > > CN=DC6\0ADEL:54a0a479-a462-4ed1-b4f0-221c596aa455,CN=Deleted
> > > > Objects,DC=nicho,DC=com
> > > > Checking object
> > > > CN=DC6\0ADEL:26516d46-8b40-4837-a112-e2638268a8b5,CN=Deleted
> > > > Objects,DC=nicho,DC=com
> > > >
> > > > Best Regards,
> > > > Nicho.
> > > >
> > > >
> > > Hi Rowland,
> > > Is there anything wrong with my database ?
> > > I'm really2 stuck with the error. Please help..
> > >
> > > Best Regards,
> > >
> > > >
> >
> > The records that contain '0ADEL' are tombstone records, so you could
> > use samba-tool to remove them, see:
> > samba-tool domain tombstones expunge --help
> > for more info
> >
> > ONLY ATTEMPT THE FOLLOWING IF YOU HAVE A GOOD BACKUP!
> > However, your join seems to be failing because the attribute
> > 'hasMasterNCs' doesn't have its objectclass in CN=NTDS
> >
> > Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com',
> > but you say that DC6 no longer exists, so to me, it looks like that
> > DN needs removing, followed by any referrences to 'DC6' there may
> > be in your AD.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
> Hi Rowland,
> Thanks for your response 🙏
>
> Can I rebuild: CN=NTDS
> Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> ?
> Is it safe to remove: CN=NTDS
> Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> ?
Your problem isn't with:
CN=NTDS Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
it is with:
CN=NTDS Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
and you say that 'DC6' no longer exists.
You need to remove:
CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
and anything it contains, but only attempt this if you have a good
backup.
You also need to find and remove any reference to 'DC6' there may be in
your AD.
Rowland
More information about the samba
mailing list