I am desperately in need of help. I have a Centos 7.2 server running
Samba 4.6.13 as an active directory domain controller. I am trying to
join a new Centos 7.4 server running Samba 4.6.13 to the domain. The
domain command will not connect to the other server.

How this problem started:
I originally had two domain controllers, both of which were running
Samba 4.5. I was troubleshooting a time sync issue between Windows 10
workstations and the server that appeared to come from a bug in the
older Samba 4.5 version. I update the secondary domain controller to
Samba 4.6.13 and that appeared to go fine, so I switched over to the
primary domain controller and tried to upgrade it to 4.6.13.
Something went wrong, and users were no longer able to access the
domain. I switched to the backup domain controller and promoted it to
primary and all was well again, so I took the original primary
off-line and tried to solve the issue. After taking the old primary
off-line, DNS stopped resolving for the network. Things get a bit
murky at this part because my phone was runing off the hook, but I
managed to wipe out the /var/lib/samba/private folder from one of the
servers. Since my backups were of the old 4.5 database versions and I
was unable to roll back the Samba version, I had to copy
the /var/lib/samba/private folder from one server to the other, then
remove the server entries for the non-working server.

I don't know what your original problem was, but you made it a
magnitude times worse when you copied /var/lib/samba/private from one
DC to another. Whilst DCs replicate between one another, not everything
is replicated and some things are specific to each DC.

Do you have a backup of the original 4.5 DC that held all the FSMO
roles (note, you didn't have a primary domain controller or a secondary
domain controller or a backup domain controller, you just had DCs. All
DCs are equal except for the FSMO roles). If you do have this backup, I
would suggest you turn off all your DCS and reinstall the DC from the
backup and start again.


Not much more I can say outside of what Rowland has suggested. I did find this interesting with regards to your DNS problems.

getlmhostsent: lmhost entry: localhost
getlmhostsent: lmhost entry: old-dc.redacteddomain.redacted.com

I wouldn't normally expect to see lmhost entries unless explicitly created. I would allow DNS to find your domain.



