Web lists-archives.com

Re: [Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain




Il 05/03/2018 09:55, denis.shigapov via samba ha scritto:
Hi, run please to Windows DC command
dcdiag
Already did it, both plain dcdiag and dcdiag /test:DNS.
Nothing interesting in the output except for a warning at the end of /test:dns execution (Warning: Failed to delete the test record dcdiag-test-record in zone SAMDOM.LOCAL):

=================
PS C:\Users\Administrator.SAMDOM> dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = SRVAD-OLD
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SRVAD-OLD
      Starting test: Connectivity
         ......................... SRVAD-OLD passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SRVAD-OLD
      Starting test: Advertising
         ......................... SRVAD-OLD passed test Advertising
      Starting test: FrsEvent
         ......................... SRVAD-OLD passed test FrsEvent
      Starting test: DFSREvent
         ......................... SRVAD-OLD passed test DFSREvent
      Starting test: SysVolCheck
         ......................... SRVAD-OLD passed test SysVolCheck
      Starting test: KccEvent
         ......................... SRVAD-OLD passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... SRVAD-OLD passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SRVAD-OLD passed test MachineAccount
      Starting test: NCSecDesc
         ......................... SRVAD-OLD passed test NCSecDesc
      Starting test: NetLogons
         ......................... SRVAD-OLD passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SRVAD-OLD passed test ObjectsReplicated
      Starting test: Replications
         ......................... SRVAD-OLD passed test Replications
      Starting test: RidManager
         ......................... SRVAD-OLD passed test RidManager
      Starting test: Services
         ......................... SRVAD-OLD passed test Services
      Starting test: SystemLog
         ......................... SRVAD-OLD passed test SystemLog
      Starting test: VerifyReferences
         ......................... SRVAD-OLD passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : SAMDOM
      Starting test: CheckSDRefDom
         ......................... SAMDOM passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... SAMDOM passed test CrossRefValidation

   Running enterprise tests on : SAMDOM.LOCAL
      Starting test: LocatorCheck
         ......................... SAMDOM.LOCAL passed test LocatorCheck
      Starting test: Intersite
         ......................... SAMDOM.LOCAL passed test Intersite

         PS C:\Users\Administrator.SAMDOM> dcdiag /test:DNS

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = SRVAD-OLD
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SRVAD-OLD
      Starting test: Connectivity
         ......................... SRVAD-OLD passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SRVAD-OLD

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... SRVAD-OLD passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : SAMDOM

   Running enterprise tests on : SAMDOM.LOCAL
      Starting test: DNS
         Test results for domain controllers:

            DC: SRVAD-OLD.samdom.local
            Domain: SAMDOM.LOCAL


               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record in zone SAMDOM.LOCAL

               SRVAD-OLD                    PASS PASS PASS PASS WARN PASS n/a
         ......................... SAMDOM.LOCAL passed test DNS

=================
PS C:\Users\Administrator.SAMDOM> dcdiag /test:DNS

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = SRVAD-OLD
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SRVAD-OLD
      Starting test: Connectivity
         ......................... SRVAD-OLD passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SRVAD-OLD

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... SRVAD-OLD passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : SAMDOM

   Running enterprise tests on : SAMDOM.LOCAL
      Starting test: DNS
         Test results for domain controllers:

            DC: SRVAD-OLD.samdom.local
            Domain: SAMDOM.LOCAL


               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record in zone SAMDOM.LOCAL

               SRVAD-OLD                    PASS PASS PASS PASS WARN PASS n/a
         ......................... SAMDOM.LOCAL passed test DNS
=================

Not really sure where to go from here, I don't have a windows 2008 DC to
join to, is there anything in the windows event log ?
Did you run your tests on a newer (2012/2016) or older (2003) Windows Server version? Since I'm upgrading from 2000 and using a temporary Windows server in between 2000 --> Samba, it's indifferent to me what trial Windows Server version to use.

Event viewer "Directory services" log contains this record, created just after the failed join attempt (and a new record is created at each attempt, so I'm sure it's related to them):

=======
The attempt to establish a replication link for the following writable directory partition failed.

Directory partition:
DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Source directory service:
CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Source directory service address:
74d3c251-b6dd-4018-b6a3-4cbc02bcb383._msdcs.SAMDOM.LOCAL
Intersite transport (if any):


This directory service will be unable to replicate with the source directory service until this problem is corrected.

User Action
Verify if the source directory service is accessible or network connectivity is available.

Additional Data
Error value:
1722 The RPC server is unavailable.
======

The reported missing "74d3c251-b6dd-4018-b6a3-4cbc02bcb383._msdcs.SAMDOM.LOCAL" value is the same that fails in samba-tool join log. It seems to me that it's trying to update the DNS on the samba machine, which is not yet available because its config files are generated at the end of "samba-tool join" run.


That's why I didn't use it, I just turned off systemd-resolved and went
back to basics i.e. what I know and like.

Rowland
Same here ;)

Claudio

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba