hi all i have problem with my multi-site AD-DC installation, one of my DC, suddently cant start well, i think problem(corrupt) with the LDAP database then i try to re join it, but every time i try to join it i always has issue like this /Finding a writeable DC for domain 'domain.co.id' Found DC pdc.domain.co.id Password for [domain\administrator]: workgroup is domain realm is domain.co.id checking sAMAccountName Adding CN=DC24,OU=Domain Controllers,DC=domain,DC=co,DC=id Adding CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,D C=domain,DC=co,DC=id Adding CN=NTDS Settings,CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N=Configuration,DC=domain,DC=co,DC=id Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11 d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:pdc.domain.co.id[1024,seal] NT_STATUS_IO_TIM EOUT Join failed - cleaning up checking sAMAccountName Deleted CN=DC24,OU=Domain Controllers,DC=domain,DC=co,DC=id Deleted CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration, DC=domain,DC=co,DC=id ERROR(runtime): uncaught exception - (-1073741643, 'NT_STATUS_IO_TIMEOUT') File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py" , line 175, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 555, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1172 , in join_DC ctx.do_join() File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1075 , in do_join ctx.join_add_objects() File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 541, in join_add_objects ctx.join_add_ntdsdsa() File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 474, in join_add_ntdsdsa ctx.DsAddEntry([rec]) File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 384, in DsAddEntry ctx.drsuapi_connect() File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 362, in drsuapi_connect ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds)/ i have about 1mbps OpenVPN connection between this site to another DC to join i try to ping from each DC , i think its fine /[root at dc24 ~]# ping pdc PING pdc.domain.co.id (172.16.99.3) 56(84) bytes of data. 64 bytes from 172.16.99.3: icmp_seq=1 ttl=61 time=140 ms 64 bytes from 172.16.99.3: icmp_seq=2 ttl=61 time=51.2 ms 64 bytes from 172.16.99.3: icmp_seq=3 ttl=61 time=48.5 ms 64 bytes from 172.16.99.3: icmp_seq=4 ttl=61 time=59.3 ms 64 bytes from 172.16.99.3: icmp_seq=5 ttl=61 time=194 ms 64 bytes from 172.16.99.3: icmp_seq=6 ttl=61 time=50.2 ms 64 bytes from 172.16.99.3: icmp_seq=7 ttl=61 time=65.5 ms 64 bytes from 172.16.99.3: icmp_seq=8 ttl=61 time=62.3 ms 64 bytes from 172.16.99.3: icmp_seq=9 ttl=61 time=50.1 ms ^C --- pdc.domain.co.id ping statistics --- 9 packets transmitted, 9 received, 0% packet loss, time 8835ms rtt min/avg/max/mdev = 48.567/80.214/194.278/48.556 ms/ but still i cant re joint the dc any suggest to overcome this problem ? Thanks In Advance
and you have added the following to the /etc/hosts 172.16.99.3 pdc.domain.co.id pdc and you did setup your krb5.conf in that way you point directly to the correct hosts without the use of a search like: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = SMBDOM.EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] EXAMPLE.COM = { kdc = kerberos.example.com admin_server = kerberos.example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM and maybe you should also find out where your latency delay is comming from.>64 bytes from 172.16.99.3: icmp_seq=5 ttl=61 time=194 ms >64 bytes from 172.16.99.3: icmp_seq=6 ttl=61 time=50.2 msinstall for example smokeping and track with mtr. Louis>-----Oorspronkelijk bericht----- >Van: bentunx at gmail.com [mailto:samba-bounces at lists.samba.org] >Namens zhia chandra >Verzonden: donderdag 12 februari 2015 9:10 >Aan: samba at lists.samba.org >Onderwerp: [Samba] multi-site DC - AD > >hi all > >i have problem with my multi-site AD-DC installation, one of my DC, >suddently cant start well, i think problem(corrupt) with the >LDAP database >then i try to re join it, but every time i try to join it i always has >issue like this > >/Finding a writeable DC for domain 'domain.co.id' >Found DC pdc.domain.co.id >Password for [domain\administrator]: >workgroup is domain >realm is domain.co.id >checking sAMAccountName >Adding CN=DC24,OU=Domain Controllers,DC=domain,DC=co,DC=id >Adding >CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,D C=domain,DC=co,DC=id>Adding CN=NTDS >Settings,CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C >N=Configuration,DC=domain,DC=co,DC=id >Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for >e3514235-4b06-11 >d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:pdc.domain.co.id[1024,seal] >NT_STATUS_IO_TIM EOUT >Join failed - cleaning up >checking sAMAccountName >Deleted CN=DC24,OU=Domain Controllers,DC=domain,DC=co,DC=id >Deleted >CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,>DC=domain,DC=co,DC=id >ERROR(runtime): uncaught exception - (-1073741643, >'NT_STATUS_IO_TIMEOUT') > File >"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py" ,>line 175, in _run > return self.run(*args, **kwargs) > File >"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",>line 555, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, >dns_backend=dns_backend) > File >"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >line 1172 , in join_DC > ctx.do_join() > File >"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >line 1075 , in do_join > ctx.join_add_objects() > File >"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >line 541, in join_add_objects > ctx.join_add_ntdsdsa() > File >"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >line 474, in join_add_ntdsdsa > ctx.DsAddEntry([rec]) > File >"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >line 384, in DsAddEntry > ctx.drsuapi_connect() > File >"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >line 362, in drsuapi_connect > ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds)/ > >i have about 1mbps OpenVPN connection between this site to >another DC to >join >i try to ping from each DC , i think its fine > >/[root at dc24 ~]# ping pdc >PING pdc.domain.co.id (172.16.99.3) 56(84) bytes of data. >64 bytes from 172.16.99.3: icmp_seq=1 ttl=61 time=140 ms >64 bytes from 172.16.99.3: icmp_seq=2 ttl=61 time=51.2 ms >64 bytes from 172.16.99.3: icmp_seq=3 ttl=61 time=48.5 ms >64 bytes from 172.16.99.3: icmp_seq=4 ttl=61 time=59.3 ms >64 bytes from 172.16.99.3: icmp_seq=5 ttl=61 time=194 ms >64 bytes from 172.16.99.3: icmp_seq=6 ttl=61 time=50.2 ms >64 bytes from 172.16.99.3: icmp_seq=7 ttl=61 time=65.5 ms >64 bytes from 172.16.99.3: icmp_seq=8 ttl=61 time=62.3 ms >64 bytes from 172.16.99.3: icmp_seq=9 ttl=61 time=50.1 ms >^C >--- pdc.domain.co.id ping statistics --- >9 packets transmitted, 9 received, 0% packet loss, time 8835ms >rtt min/avg/max/mdev = 48.567/80.214/194.278/48.556 ms/ > >but still i cant re joint the dc >any suggest to overcome this problem ? > >Thanks In Advance >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
hi Louise i have follow ur instruction but i think my problem is on the openvpn network latency are there any /NT_STATUS_IO_TIMEOUT/ parameter that i can config to add more time of /IO_TIMEOUT/ ? regards zhia On 2/12/2015 4:04 PM, L.P.H. van Belle wrote:> and you have added the following to the /etc/hosts > > 172.16.99.3 pdc.domain.co.id pdc > > and you did setup your krb5.conf in that way you point directly to the correct hosts without the use of a search > > like: > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = SMBDOM.EXAMPLE.COM > dns_lookup_realm = false > dns_lookup_kdc = true > ticket_lifetime = 24h > renew_lifetime = 7d > forwardable = true > > [realms] > EXAMPLE.COM = { > kdc = kerberos.example.com > admin_server = kerberos.example.com > } > > [domain_realm] > .example.com = EXAMPLE.COM > example.com = EXAMPLE.COM > > > and maybe you should also find out where your latency delay is comming from. >> 64 bytes from 172.16.99.3: icmp_seq=5 ttl=61 time=194 ms >> 64 bytes from 172.16.99.3: icmp_seq=6 ttl=61 time=50.2 ms > install for example smokeping and track with mtr. > > > Louis > > > > >> -----Oorspronkelijk bericht----- >> Van: bentunx at gmail.com [mailto:samba-bounces at lists.samba.org] >> Namens zhia chandra >> Verzonden: donderdag 12 februari 2015 9:10 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] multi-site DC - AD >> >> hi all >> >> i have problem with my multi-site AD-DC installation, one of my DC, >> suddently cant start well, i think problem(corrupt) with the >> LDAP database >> then i try to re join it, but every time i try to join it i always has >> issue like this >> >> /Finding a writeable DC for domain 'domain.co.id' >> Found DC pdc.domain.co.id >> Password for [domain\administrator]: >> workgroup is domain >> realm is domain.co.id >> checking sAMAccountName >> Adding CN=DC24,OU=Domain Controllers,DC=domain,DC=co,DC=id >> Adding >> CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi > guration,D C=domain,DC=co,DC=id >> Adding CN=NTDS >> Settings,CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C >> N=Configuration,DC=domain,DC=co,DC=id >> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for >> e3514235-4b06-11 >> d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:pdc.domain.co.id[1024,seal] >> NT_STATUS_IO_TIM EOUT >> Join failed - cleaning up >> checking sAMAccountName >> Deleted CN=DC24,OU=Domain Controllers,DC=domain,DC=co,DC=id >> Deleted >> CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi > guration, >> DC=domain,DC=co,DC=id >> ERROR(runtime): uncaught exception - (-1073741643, >> 'NT_STATUS_IO_TIMEOUT') >> File >> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__ > init__.py" , >> line 175, in _run >> return self.run(*args, **kwargs) >> File >> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/do > main.py", >> line 555, in run >> machinepass=machinepass, use_ntvfs=use_ntvfs, >> dns_backend=dns_backend) >> File >> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >> line 1172 , in join_DC >> ctx.do_join() >> File >> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >> line 1075 , in do_join >> ctx.join_add_objects() >> File >> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >> line 541, in join_add_objects >> ctx.join_add_ntdsdsa() >> File >> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >> line 474, in join_add_ntdsdsa >> ctx.DsAddEntry([rec]) >> File >> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >> line 384, in DsAddEntry >> ctx.drsuapi_connect() >> File >> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", >> line 362, in drsuapi_connect >> ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds)/ >> >> i have about 1mbps OpenVPN connection between this site to >> another DC to >> join >> i try to ping from each DC , i think its fine >> >> /[root at dc24 ~]# ping pdc >> PING pdc.domain.co.id (172.16.99.3) 56(84) bytes of data. >> 64 bytes from 172.16.99.3: icmp_seq=1 ttl=61 time=140 ms >> 64 bytes from 172.16.99.3: icmp_seq=2 ttl=61 time=51.2 ms >> 64 bytes from 172.16.99.3: icmp_seq=3 ttl=61 time=48.5 ms >> 64 bytes from 172.16.99.3: icmp_seq=4 ttl=61 time=59.3 ms >> 64 bytes from 172.16.99.3: icmp_seq=5 ttl=61 time=194 ms >> 64 bytes from 172.16.99.3: icmp_seq=6 ttl=61 time=50.2 ms >> 64 bytes from 172.16.99.3: icmp_seq=7 ttl=61 time=65.5 ms >> 64 bytes from 172.16.99.3: icmp_seq=8 ttl=61 time=62.3 ms >> 64 bytes from 172.16.99.3: icmp_seq=9 ttl=61 time=50.1 ms >> ^C >> --- pdc.domain.co.id ping statistics --- >> 9 packets transmitted, 9 received, 0% packet loss, time 8835ms >> rtt min/avg/max/mdev = 48.567/80.214/194.278/48.556 ms/ >> >> but still i cant re joint the dc >> any suggest to overcome this problem ? >> >> Thanks In Advance >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >>