Bruno Andrade
2014-Aug-12 09:50 UTC
[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET
Hey, Im trying to join a second domain controller to domain.
I'm using the following command o join:
*samba-tool domain join example.com DC -UAdministrator --password=xxxxxx
--realm=example.com --server=dc1.example.com --site=NEWSITE
--dns-backend=BIND9_DLZ --debuglevel=5*
Iptables and SELinux are turned off in both machines.
This is the debug I get...
(...)
Replicated 18 objects (0 linked attributes) for
DC=ForestDnsZones,DC=example,DC=com
Discarding older DRS linked attribute update to member on
CN=Guests,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Guests,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Windows
Authorization Access Group,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Enterprise
Admins,CN=Users,DC=example,DC=com from d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Pre-Windows
2000 Compatible Access,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Schema
Admins,CN=Users,DC=example,DC=com from d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Domain
Guests,CN=Users,DC=example,DC=com from d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,DC=example,DC=com from d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,DC=example,DC=com from d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on CN=Group
Policy Creator Owners,CN=Users,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
Discarding older DRS linked attribute update to member on
CN=IIS_IUSRS,CN=Builtin,DC=example,DC=com from
d7329302-6a0e-42d2-bb54-7073ffe6b353
drsuapi_DsReplicaUpdateRefs: struct drsuapi_DsReplicaUpdateRefs
in: struct drsuapi_DsReplicaUpdateRefs
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
a99a925a-a457-41e4-a9c1-07feb8cc9351
level : 0x00000001 (1)
req : union
drsuapi_DsReplicaUpdateRefsRequest(case 1)
req1: struct drsuapi_DsReplicaUpdateRefsRequest1
naming_context : *
naming_context: struct
drsuapi_DsReplicaObjectIdentifier
__ndr_size : 0x00000052 (82)
__ndr_size_sid : 0x00000000 (0)
guid :
00000000-0000-0000-0000-000000000000
sid : S-0-0
__ndr_size_dn : 0x0000000c (12)
dn : 'DC=example,DC=com'
dest_dsa_dns_name : *
dest_dsa_dns_name :
'24f5afa9-3f4e-4a9f-b993-31d1843712ee._msdcs.example.com'
dest_dsa_guid :
24f5afa9-3f4e-4a9f-b993-31d1843712ee
options : 0x0000001c (28)
0: DRSUAPI_DRS_ASYNC_OP
0: DRSUAPI_DRS_GETCHG_CHECK
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
1: DRSUAPI_DRS_ADD_REF
1: DRSUAPI_DRS_SYNC_ALL
1: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
0: DRSUAPI_DRS_INIT_SYNC
0: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
0: DRSUAPI_DRS_FULL_SYNC_NOW
0: DRSUAPI_DRS_NO_SOURCE
0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
0: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
0: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
0: DRSUAPI_DRS_USE_COMPRESSION
0: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
ERROR(runtime): uncaught exception - (-1073741299,
'NT_STATUS_CONNECTION_RESET')
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 552, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1172,
in join_DC
ctx.do_join()
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1082,
in do_join
ctx.join_finalise()
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 881,
in
join_finalise
ctx.send_DsReplicaUpdateRefs(nc)
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 866,
in
send_DsReplicaUpdateRefs
ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
Provision OK for domain DN DC=example,DC=com
Starting replication
Replicating critical objects from the base DN of the domain
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=example,DC=com
Replicating DC=ForestDnsZones,DC=example,DC=com
Committing SAM database
Sending DsReplicateUpdateRefs for all the replicated partitions
Join failed - cleaning up
checking sAMAccountName
Kind Regards,
Bruno Andrade.
Bruno Andrade
2014-Aug-18 08:43 UTC
[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET
Good moorning, Anyone on this or with similar problems? Regards, Bruno Andrade. On 08/12/2014 10:50 AM, Bruno Andrade wrote:> Hey, Im trying to join a second domain controller to domain. > > I'm using the following command o join: > *samba-tool domain join example.com DC -UAdministrator > --password=xxxxxx --realm=example.com --server=dc1.example.com > --site=NEWSITE --dns-backend=BIND9_DLZ --debuglevel=5* > > Iptables and SELinux are turned off in both machines. > This is the debug I get... > > (...) > Replicated 18 objects (0 linked attributes) for > DC=ForestDnsZones,DC=example,DC=com > Discarding older DRS linked attribute update to member on > CN=Guests,CN=Builtin,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on > CN=Guests,CN=Builtin,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Windows > Authorization Access Group,CN=Builtin,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on > CN=Users,CN=Builtin,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on > CN=Users,CN=Builtin,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on > CN=Users,CN=Builtin,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on > CN=Enterprise Admins,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on > CN=Administrators,CN=Builtin,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on > CN=Administrators,CN=Builtin,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on > CN=Administrators,CN=Builtin,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on > CN=Administrators,CN=Builtin,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on > CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=example,DC=com > from d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Schema > Admins,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Domain > Guests,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Denied > RODC Password Replication Group,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Denied > RODC Password Replication Group,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Denied > RODC Password Replication Group,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Denied > RODC Password Replication Group,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Denied > RODC Password Replication Group,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Denied > RODC Password Replication Group,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Denied > RODC Password Replication Group,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Denied > RODC Password Replication Group,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Domain > Admins,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Domain > Admins,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on CN=Group > Policy Creator Owners,CN=Users,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > Discarding older DRS linked attribute update to member on > CN=IIS_IUSRS,CN=Builtin,DC=example,DC=com from > d7329302-6a0e-42d2-bb54-7073ffe6b353 > drsuapi_DsReplicaUpdateRefs: struct drsuapi_DsReplicaUpdateRefs > in: struct drsuapi_DsReplicaUpdateRefs > bind_handle : * > bind_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > a99a925a-a457-41e4-a9c1-07feb8cc9351 > level : 0x00000001 (1) > req : union > drsuapi_DsReplicaUpdateRefsRequest(case 1) > req1: struct drsuapi_DsReplicaUpdateRefsRequest1 > naming_context : * > naming_context: struct > drsuapi_DsReplicaObjectIdentifier > __ndr_size : 0x00000052 (82) > __ndr_size_sid : 0x00000000 (0) > guid : > 00000000-0000-0000-0000-000000000000 > sid : S-0-0 > __ndr_size_dn : 0x0000000c (12) > dn : 'DC=example,DC=com' > dest_dsa_dns_name : * > dest_dsa_dns_name : > '24f5afa9-3f4e-4a9f-b993-31d1843712ee._msdcs.example.com' > dest_dsa_guid : > 24f5afa9-3f4e-4a9f-b993-31d1843712ee > options : 0x0000001c (28) > 0: DRSUAPI_DRS_ASYNC_OP > 0: DRSUAPI_DRS_GETCHG_CHECK > 0: DRSUAPI_DRS_UPDATE_NOTIFICATION > 1: DRSUAPI_DRS_ADD_REF > 1: DRSUAPI_DRS_SYNC_ALL > 1: DRSUAPI_DRS_DEL_REF > 1: DRSUAPI_DRS_WRIT_REP > 0: DRSUAPI_DRS_INIT_SYNC > 0: DRSUAPI_DRS_PER_SYNC > 0: DRSUAPI_DRS_MAIL_REP > 0: DRSUAPI_DRS_ASYNC_REP > 0: DRSUAPI_DRS_IGNORE_ERROR > 0: DRSUAPI_DRS_TWOWAY_SYNC > 0: DRSUAPI_DRS_CRITICAL_ONLY > 0: DRSUAPI_DRS_GET_ANC > 0: DRSUAPI_DRS_GET_NC_SIZE > 0: DRSUAPI_DRS_LOCAL_ONLY > 0: DRSUAPI_DRS_NONGC_RO_REP > 0: DRSUAPI_DRS_SYNC_BYNAME > 0: DRSUAPI_DRS_REF_OK > 0: DRSUAPI_DRS_FULL_SYNC_NOW > 0: DRSUAPI_DRS_NO_SOURCE > 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS > 0: DRSUAPI_DRS_FULL_SYNC_PACKET > 0: DRSUAPI_DRS_SYNC_REQUEUE > 0: DRSUAPI_DRS_SYNC_URGENT > 0: DRSUAPI_DRS_REF_GCSPN > 0: DRSUAPI_DRS_NO_DISCARD > 0: DRSUAPI_DRS_NEVER_SYNCED > 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING > 0: DRSUAPI_DRS_INIT_SYNC_NOW > 0: DRSUAPI_DRS_PREEMPTED > 0: DRSUAPI_DRS_SYNC_FORCED > 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC > 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC > 0: DRSUAPI_DRS_USE_COMPRESSION > 0: DRSUAPI_DRS_NEVER_NOTIFY > 0: DRSUAPI_DRS_SYNC_PAS > 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP > ERROR(runtime): uncaught exception - (-1073741299, > 'NT_STATUS_CONNECTION_RESET') > File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", > line 552, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, > dns_backend=dns_backend) > File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1172, > in join_DC > ctx.do_join() > File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1082, > in do_join > ctx.join_finalise() > File "/usr/lib64/python2.6/site-packages/samba/join.py", line 881, > in join_finalise > ctx.send_DsReplicaUpdateRefs(nc) > File "/usr/lib64/python2.6/site-packages/samba/join.py", line 866, > in send_DsReplicaUpdateRefs > ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r) > Provision OK for domain DN DC=example,DC=com > Starting replication > Replicating critical objects from the base DN of the domain > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=example,DC=com > Replicating DC=ForestDnsZones,DC=example,DC=com > Committing SAM database > Sending DsReplicateUpdateRefs for all the replicated partitions > Join failed - cleaning up > checking sAMAccountName > > > Kind Regards, > Bruno Andrade.