Hello, I try to migrate form an old windows AD ( win 2000 ) So I use a temporary windows2008R2 to move AD from win2000 to S4. Forest and domain level are W2008R2. Now I have some problems with the dns in samba4. I have no answers even in local from samba4. If I try to move from a new empty windows 2008 ad, The service start and answer well... So I think something in my old DNS database is missing or disturbing... I just have done this on the dns : (http://support.microsoft.com/fr-fr/kb/817470) But in the new Windows 2008, I can see something that I don't have in the old: What I am missing? Is there a best practice guide for preparing DNS to follow before joining a samba4? ( remove windows 2000 AD compatibility for instance...) Thanks all! Samuel ps : here is my syslog details : Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u bind -4 Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' Mar 27 11:46:00 S4 named[2226]: ---------------------------------------------------- Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet Systems Consortium, Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Mar 27 11:46:00 S4 named[2226]: corporation. Support and training for BIND 9 are Mar 27 11:46:00 S4 named[2226]: available at https://www.isc.org/support Mar 27 11:46:00 S4 named[2226]: ---------------------------------------------------- Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from 4096 to 1048576 Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets Mar 27 11:46:00 S4 named[2226]: loading configuration from '/etc/bind/named.conf' Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from file '/etc/bind/bind.keys' Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range: [1024, 65535] Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range: [1024, 65535] Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo, 127.0.0.1#53 Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0, 172.20.2.2#53 Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver dlopen Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 11:05:48 UTC 2015 (1) Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP 123 Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2 UDP 123 Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18 for interface updates Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently block ntpd degrading service to all clients. Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0] ../source4/smbd/server.c:370(binary_smbd_main) Mar 27 11:46:02 S4 samba[2374]: samba version 4.1.17-SerNet-Debian-10.wheezy started. Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the Samba Team 1992-2013 Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN DC=ariane,DC=intra Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone '_msdcs.ariane.intra' Mar 27 11:46:03 S4 named[2226]: using built-in root key for view _default Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view _default, file 'managed-keys.bind' Mar 27 11:46:03 S4 named[2226]: command channel listening on 127.0.0.1#953 Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1 Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded serial 1 Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded serial 1 Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2 Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2 Mar 27 11:46:03 S4 named[2226]: running Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3) Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok) Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running @reboot jobs) Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0] ../source4/smbd/server.c:488(binary_smbd_main) Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0] ../lib/util/become_daemon.c:136(daemon_ready) Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0] ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid 12345678-1234-abcd-ef00-01234567cffb for 12345678-1234-abcd-ef00-01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_ACCESS_DENIED Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0] ../lib/util/become_daemon.c:136(daemon_ready) Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0] ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit) Mar 27 11:46:21 S4 samba[2791]: ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit of transaction: operations error at ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0] ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger) Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
On 27/03/15 10:57, Sam wrote:> Hello, > > I try to migrate form an old windows AD ( win 2000 ) > So I use a temporary windows2008R2 to move AD from win2000 to S4. > Forest and domain level are W2008R2. > Now I have some problems with the dns in samba4. I have no answers > even in local from samba4. > > If I try to move from a new empty windows 2008 ad, The service start > and answer well... > So I think something in my old DNS database is missing or disturbing... > > I just have done this on the dns : > (http://support.microsoft.com/fr-fr/kb/817470) > > > But in the new Windows 2008, I can see something that I don't have in > the old: > > > What I am missing? Is there a best practice guide for preparing DNS to > follow before joining a samba4? ( remove windows 2000 AD compatibility > for instance...) > > Thanks all! > > Samuel > > ps : here is my syslog details : > > Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 > -u bind -4 > Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr' > '--mandir=/usr/share/man' '--infodir=/usr/share/info' > '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' > '--enable-largefile' '--with-libtool' '--enable-shared' > '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' > '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' > 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' > Mar 27 11:46:00 S4 named[2226]: > ---------------------------------------------------- > Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet > Systems Consortium, > Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3) > public-benefit > Mar 27 11:46:00 S4 named[2226]: corporation. Support and training for > BIND 9 are > Mar 27 11:46:00 S4 named[2226]: available at https://www.isc.org/support > Mar 27 11:46:00 S4 named[2226]: > ---------------------------------------------------- > Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from 4096 > to 1048576 > Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads > Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets > Mar 27 11:46:00 S4 named[2226]: loading configuration from > '/etc/bind/named.conf' > Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from > file '/etc/bind/bind.keys' > Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range: > [1024, 65535] > Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range: > [1024, 65535] > Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found > Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo, > 127.0.0.1#53 > Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0, > 172.20.2.2#53 > Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS > Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones > Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver dlopen > Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 > 11:05:48 UTC 2015 (1) > Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec > Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP 123 > Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2 > UDP 123 > Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed > Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18 > for interface updates > Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently > block ntpd degrading service to all clients. > Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0] > ../source4/smbd/server.c:370(binary_smbd_main) > Mar 27 11:46:02 S4 samba[2374]: samba version > 4.1.17-SerNet-Debian-10.wheezy started. > Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the > Samba Team 1992-2013 > Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN > DC=ariane,DC=intra > Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure > Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone > '_msdcs.ariane.intra' > Mar 27 11:46:03 S4 named[2226]: using built-in root key for view _default > Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view > _default, file 'managed-keys.bind' > Mar 27 11:46:03 S4 named[2226]: command channel listening on > 127.0.0.1#953 > Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2 > Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2 > Mar 27 11:46:03 S4 named[2226]: running > Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3) > Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok) > Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running @reboot > jobs) > Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0] > ../source4/smbd/server.c:488(binary_smbd_main) > Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model > Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0] > ../lib/util/become_daemon.c:136(daemon_ready) > Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present > Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0] > ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) > Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid > 12345678-1234-abcd-ef00-01234567cffb for > 12345678-1234-abcd-ef00-01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] > NT_STATUS_ACCESS_DENIED > Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0] > ../lib/util/become_daemon.c:136(daemon_ready) > Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present > Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0] > ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit) > Mar 27 11:46:21 S4 samba[2791]: > ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit > of transaction: operations error at > ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 > Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0] > ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger) > Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects: > WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE >Hi, never had this problem, but I wonder if this would work, join a samba 4 DC directly to the 2K Server and then run 'samba_upgradedns' Worth a try on a test network, there is this in the middle of the 'samba_upgradedns' python code: # dnsprovision creates application partitions for AD based DNS mainly if the existing # provision was created using earlier snapshots of samba4 which did not have support # for DNS partitions Rowland
Hello Rowland, I'm going to test That way. And I'll tell you! See you! Le 27/03/2015 16:13, Rowland Penny a ?crit :> On 27/03/15 10:57, Sam wrote: >> Hello, >> >> I try to migrate form an old windows AD ( win 2000 ) >> So I use a temporary windows2008R2 to move AD from win2000 to S4. >> Forest and domain level are W2008R2. >> Now I have some problems with the dns in samba4. I have no answers >> even in local from samba4. >> >> If I try to move from a new empty windows 2008 ad, The service start >> and answer well... >> So I think something in my old DNS database is missing or disturbing... >> >> I just have done this on the dns : >> (http://support.microsoft.com/fr-fr/kb/817470) >> >> >> But in the new Windows 2008, I can see something that I don't have in >> the old: >> >> >> What I am missing? Is there a best practice guide for preparing DNS >> to follow before joining a samba4? ( remove windows 2000 AD >> compatibility for instance...) >> >> Thanks all! >> >> Samuel >> >> ps : here is my syslog details : >> >> Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 >> -u bind -4 >> Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr' >> '--mandir=/usr/share/man' '--infodir=/usr/share/info' >> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' >> '--enable-largefile' '--with-libtool' '--enable-shared' >> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' >> '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' >> 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' >> Mar 27 11:46:00 S4 named[2226]: >> ---------------------------------------------------- >> Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet >> Systems Consortium, >> Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3) >> public-benefit >> Mar 27 11:46:00 S4 named[2226]: corporation. Support and training >> for BIND 9 are >> Mar 27 11:46:00 S4 named[2226]: available at https://www.isc.org/support >> Mar 27 11:46:00 S4 named[2226]: >> ---------------------------------------------------- >> Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from >> 4096 to 1048576 >> Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads >> Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets >> Mar 27 11:46:00 S4 named[2226]: loading configuration from >> '/etc/bind/named.conf' >> Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from >> file '/etc/bind/bind.keys' >> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range: >> [1024, 65535] >> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range: >> [1024, 65535] >> Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found >> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo, >> 127.0.0.1#53 >> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0, >> 172.20.2.2#53 >> Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS >> Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones >> Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver >> dlopen >> Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 >> 11:05:48 UTC 2015 (1) >> Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec >> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP 123 >> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2 >> UDP 123 >> Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed >> Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18 >> for interface updates >> Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently >> block ntpd degrading service to all clients. >> Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0] >> ../source4/smbd/server.c:370(binary_smbd_main) >> Mar 27 11:46:02 S4 samba[2374]: samba version >> 4.1.17-SerNet-Debian-10.wheezy started. >> Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the >> Samba Team 1992-2013 >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN >> DC=ariane,DC=intra >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone >> '_msdcs.ariane.intra' >> Mar 27 11:46:03 S4 named[2226]: using built-in root key for view >> _default >> Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view >> _default, file 'managed-keys.bind' >> Mar 27 11:46:03 S4 named[2226]: command channel listening on >> 127.0.0.1#953 >> Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded >> serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded >> serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2 >> Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2 >> Mar 27 11:46:03 S4 named[2226]: running >> Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3) >> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok) >> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running @reboot >> jobs) >> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0] >> ../source4/smbd/server.c:488(binary_smbd_main) >> Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model >> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0] >> ../lib/util/become_daemon.c:136(daemon_ready) >> Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present >> Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0] >> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) >> Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid >> 12345678-1234-abcd-ef00-01234567cffb for >> 12345678-1234-abcd-ef00-01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] >> NT_STATUS_ACCESS_DENIED >> Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0] >> ../lib/util/become_daemon.c:136(daemon_ready) >> Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present >> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0] >> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit) >> >> Mar 27 11:46:21 S4 samba[2791]: >> ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare >> commit of transaction: operations error at >> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 >> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0] >> ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger) >> >> Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects: >> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE >> > > Hi, never had this problem, but I wonder if this would work, join a > samba 4 DC directly to the 2K Server and then run 'samba_upgradedns' > > Worth a try on a test network, there is this in the middle of the > 'samba_upgradedns' python code: > > # dnsprovision creates application partitions for AD based DNS mainly > if the existing > # provision was created using earlier snapshots of samba4 which did > not have support > # for DNS partitions > > Rowland >
Hi Sam,> I try to migrate form an old windows AD ( win 2000 ) > So I use a temporary windows2008R2 to move AD from win2000 to S4. > Forest and domain level are W2008R2. > Now I have some problems with the dns in samba4. I have no answers even > in local from samba4. > > If I try to move from a new empty windows 2008 ad, The service start and > answer well... > So I think something in my old DNS database is missing or disturbing...You may check if it is not an issue with the _msdcs zone: in win2k, the _msdcs zone was a subzone under the domain.lan zone. From win2k3 onward, it is a separate zone because it is located in a separate AD partition. The change from dc=domain,dc=lan partition to the dc=ForestDNSZones,dc=domain,dc=lan partition is not automatic. You may take a look at http://support.microsoft.com/en-us/kb/817470 Cheers, Denis> > I just have done this on the dns : > (http://support.microsoft.com/fr-fr/kb/817470) > > > But in the new Windows 2008, I can see something that I don't have in > the old: > > > What I am missing? Is there a best practice guide for preparing DNS to > follow before joining a samba4? ( remove windows 2000 AD compatibility > for instance...) > > Thanks all! > > Samuel > > ps : here is my syslog details : > > Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u > bind -4 > Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr' > '--mandir=/usr/share/man' '--infodir=/usr/share/info' > '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' > '--enable-largefile' '--with-libtool' '--enable-shared' > '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' > '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' > 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' > Mar 27 11:46:00 S4 named[2226]: > ---------------------------------------------------- > Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet Systems > Consortium, > Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3) > public-benefit > Mar 27 11:46:00 S4 named[2226]: corporation. Support and training for > BIND 9 are > Mar 27 11:46:00 S4 named[2226]: available at https://www.isc.org/support > Mar 27 11:46:00 S4 named[2226]: > ---------------------------------------------------- > Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from 4096 > to 1048576 > Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads > Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets > Mar 27 11:46:00 S4 named[2226]: loading configuration from > '/etc/bind/named.conf' > Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from file > '/etc/bind/bind.keys' > Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range: > [1024, 65535] > Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range: > [1024, 65535] > Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found > Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo, > 127.0.0.1#53 > Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0, > 172.20.2.2#53 > Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS > Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones > Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver dlopen > Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 11:05:48 > UTC 2015 (1) > Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec > Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP 123 > Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2 UDP 123 > Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed > Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18 for > interface updates > Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently block > ntpd degrading service to all clients. > Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0] > ../source4/smbd/server.c:370(binary_smbd_main) > Mar 27 11:46:02 S4 samba[2374]: samba version > 4.1.17-SerNet-Debian-10.wheezy started. > Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the > Samba Team 1992-2013 > Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN > DC=ariane,DC=intra > Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure > Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone > '_msdcs.ariane.intra' > Mar 27 11:46:03 S4 named[2226]: using built-in root key for view _default > Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view > _default, file 'managed-keys.bind' > Mar 27 11:46:03 S4 named[2226]: command channel listening on 127.0.0.1#953 > Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded serial 1 > Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2 > Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2 > Mar 27 11:46:03 S4 named[2226]: running > Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting > Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3) > Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok) > Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running @reboot jobs) > Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0] > ../source4/smbd/server.c:488(binary_smbd_main) > Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model > Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0] > ../lib/util/become_daemon.c:136(daemon_ready) > Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present > Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0] > ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) > Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid > 12345678-1234-abcd-ef00-01234567cffb for > 12345678-1234-abcd-ef00-01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_ACCESS_DENIED > > Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0] > ../lib/util/become_daemon.c:136(daemon_ready) > Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present > Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0] > ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit) > > Mar 27 11:46:21 S4 samba[2791]: > ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit > of transaction: operations error at > ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 > Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0] > ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger) > > Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects: > WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, b?timent A 12 avenue Jules Verne 44230 Saint S?bastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr
Maybe this KB 817470 MUST be done only on windows 2003 srv? I don't find the KB for 2008... and 2008 is not on the APPLIES TO section... I think I'm going to test this KB on a 2003... ( window2000 -> windows 2003 -> KB 817470 -> Samba4 join ) I Hope it will rocks! Le 30/03/2015 11:17, Denis Cardon a ?crit :> Hi Sam, > >> I try to migrate form an old windows AD ( win 2000 ) >> So I use a temporary windows2008R2 to move AD from win2000 to S4. >> Forest and domain level are W2008R2. >> Now I have some problems with the dns in samba4. I have no answers even >> in local from samba4. >> >> If I try to move from a new empty windows 2008 ad, The service start and >> answer well... >> So I think something in my old DNS database is missing or disturbing... > > You may check if it is not an issue with the _msdcs zone: in win2k, > the _msdcs zone was a subzone under the domain.lan zone. From win2k3 > onward, it is a separate zone because it is located in a separate AD > partition. The change from dc=domain,dc=lan partition to the > dc=ForestDNSZones,dc=domain,dc=lan partition is not automatic. > > You may take a look at http://support.microsoft.com/en-us/kb/817470 > > Cheers, > > Denis > >> >> I just have done this on the dns : >> (http://support.microsoft.com/fr-fr/kb/817470) >> >> >> But in the new Windows 2008, I can see something that I don't have in >> the old: >> >> >> What I am missing? Is there a best practice guide for preparing DNS to >> follow before joining a samba4? ( remove windows 2000 AD compatibility >> for instance...) >> >> Thanks all! >> >> Samuel >> >> ps : here is my syslog details : >> >> Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u >> bind -4 >> Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr' >> '--mandir=/usr/share/man' '--infodir=/usr/share/info' >> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' >> '--enable-largefile' '--with-libtool' '--enable-shared' >> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' >> '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' >> 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' >> Mar 27 11:46:00 S4 named[2226]: >> ---------------------------------------------------- >> Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet Systems >> Consortium, >> Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3) >> public-benefit >> Mar 27 11:46:00 S4 named[2226]: corporation. Support and training for >> BIND 9 are >> Mar 27 11:46:00 S4 named[2226]: available at https://www.isc.org/support >> Mar 27 11:46:00 S4 named[2226]: >> ---------------------------------------------------- >> Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from 4096 >> to 1048576 >> Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads >> Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets >> Mar 27 11:46:00 S4 named[2226]: loading configuration from >> '/etc/bind/named.conf' >> Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from file >> '/etc/bind/bind.keys' >> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range: >> [1024, 65535] >> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range: >> [1024, 65535] >> Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found >> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo, >> 127.0.0.1#53 >> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0, >> 172.20.2.2#53 >> Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS >> Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones >> Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver >> dlopen >> Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 11:05:48 >> UTC 2015 (1) >> Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec >> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP 123 >> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2 >> UDP 123 >> Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed >> Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18 for >> interface updates >> Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently block >> ntpd degrading service to all clients. >> Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0] >> ../source4/smbd/server.c:370(binary_smbd_main) >> Mar 27 11:46:02 S4 samba[2374]: samba version >> 4.1.17-SerNet-Debian-10.wheezy started. >> Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the >> Samba Team 1992-2013 >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN >> DC=ariane,DC=intra >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure >> Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone >> '_msdcs.ariane.intra' >> Mar 27 11:46:03 S4 named[2226]: using built-in root key for view >> _default >> Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view >> _default, file 'managed-keys.bind' >> Mar 27 11:46:03 S4 named[2226]: command channel listening on >> 127.0.0.1#953 >> Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded >> serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded >> serial 1 >> Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2 >> Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2 >> Mar 27 11:46:03 S4 named[2226]: running >> Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting >> Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3) >> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok) >> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running @reboot >> jobs) >> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0] >> ../source4/smbd/server.c:488(binary_smbd_main) >> Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model >> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0] >> ../lib/util/become_daemon.c:136(daemon_ready) >> Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present >> Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0] >> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) >> Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid >> 12345678-1234-abcd-ef00-01234567cffb for >> 12345678-1234-abcd-ef00-01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] >> NT_STATUS_ACCESS_DENIED >> >> Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0] >> ../lib/util/become_daemon.c:136(daemon_ready) >> Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present >> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0] >> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit) >> >> >> Mar 27 11:46:21 S4 samba[2791]: >> ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit >> of transaction: operations error at >> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 >> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0] >> ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger) >> >> >> Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects: >> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE >> >
Apparently Analagous Threads
- Win 2008srv to Samba4 DNS problems
- samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
- Win 2008srv to Samba4 DNS problems
- Win 2008srv to Samba4 DNS problems
- Fwd: samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)