Sven Schwedas
2017-Mar-29 14:51 UTC
[Samba] NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC
Situation: Trying to upgrade Samba from 4.1 to 4.5 without disruption too much by adding new DCs and demoting old ones. After bringing online the first 4.5 DC, I ran `demote --remove-other-dead-server=` on that DC to remove one of the old 4.1 DCs (held no FSMO roles). That seemed to run fine (the DC had been offline for a few weeks at that point and I didn't want to restore it just for demotion.) At that point, some (but not all) of our file servers started throwing NT_STATUS_NO_LOGON_SERVERS (smbd) and NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (winbind -P). Windows' RSAT tools also completely fail to connect to the domain. Some of the old DCs started throwing "Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:7e4973ba-4093-4523-a70f-7caa4845e34d._msdcs.ad.tao.at[1024,seal,krb5] NT_STATUS_UNSUCCESSFUL" errors Attempts to remove the new ADDC fail with "(2, 'WERR_BADFILE')". So… How the fuck do I recover from this? What's even wrong? -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz https://www.tao-digital.at | Tel +43 680 301 7167 https://pave.software – PAVE Password Manager -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20170329/d3fb504d/signature.sig>
Marc Muehlfeld
2017-Mar-29 16:12 UTC
[Samba] NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC
Hello Sven, Am 29.03.2017 um 16:51 schrieb Sven Schwedas via samba:> Situation: Trying to upgrade Samba from 4.1 to 4.5 without disruption > too much by adding new DCs and demoting old ones. > > After bringing online the first 4.5 DC, I ran `demote > --remove-other-dead-server=` on that DC to remove one of the old 4.1 DCs > (held no FSMO roles). That seemed to run fine (the DC had been offline > for a few weeks at that point and I didn't want to restore it just for > demotion.)This sounds like a very inconvenient way to update. The --remove-other-dead-server should be used only for desaster situations if there is no chance that the DC can demote itself. That's the way how to update Samba: https://wiki.samba.org/index.php/Updating_Samba#The_Update_Process > So… How the fuck do I recover from this? What's even wrong? 1.) Stop using such words on the lists. 2.) Calm down. 4.) Verify that the clients use a DNS that is able to resolve the AD DNS zones. 3.) Check if there are some of the DNS entries of the removed DCs left. For example, the ones you created manually when you join a Samba DC: https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record Some further things to check are listed here: https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC Verify this at least on the DNS server the clients are using. 5.) Tell us all steps you ran, that lead to this situation. 6.) Show us the full "samba-tool drs showrepl" output. 7.) Is replication working between the remaining DCs? Regads, Marc
Sven Schwedas
2017-Mar-30 09:43 UTC
[Samba] NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC
On 2017-03-29 18:12, Marc Muehlfeld wrote:> Hello Sven, > > Am 29.03.2017 um 16:51 schrieb Sven Schwedas via samba: >> Situation: Trying to upgrade Samba from 4.1 to 4.5 without disruption >> too much by adding new DCs and demoting old ones. >> >> After bringing online the first 4.5 DC, I ran `demote >> --remove-other-dead-server=` on that DC to remove one of the old 4.1 DCs >> (held no FSMO roles). That seemed to run fine (the DC had been offline >> for a few weeks at that point and I didn't want to restore it just for >> demotion.) > > This sounds like a very inconvenient way to update.We're moving all internal services to a new infrastructure, migrating Samba to a new version is more an incidental bonus. I can (temporarily) upgrade the old DCs if it helps with the migration, but their whole infrastructure is going to be decommissioned soon™, so I need the new DCs either way.> The --remove-other-dead-server should be used only for desaster > situations if there is no chance that the DC can demote itself.So I should recommission the old server, rather than upgrading the old DCs?> 4.) Verify that the clients use a DNS that is able to resolve > the AD DNS zones.Nothing changed here, the clients use a dnsmasq that has all Samba DCs as backend. If I remove the new DC from dnsmasq, clients work again.> 3.) Check if there are some of the DNS entries of the removed DCs > left. For example, the ones you created manually when you > join a Samba DC: > https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record > Some further things to check are listed here: > https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC > Verify this at least on the DNS server the clients are using.All records are still there. So the remote demotion apparently didn't work at all and failed silently.> 5.) Tell us all steps you ran, that lead to this situation.1. Installed Debian Stretch on a new machine (Samba 4.5.6) 2. Prepared a join as per https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory: – Set up Kerberos, confirmed with kinit – Ran `samba-tool domain join ad.tao.at DC -U"ad.tao.at\sven.schwedas" --dns-backend=SAMBA_INTERNAL` – I noticed a typo in the server's `netbios name` setting, corrected it, and restarted the DC – Noticed I had problems with the LDAP SSL certificates for this node and restarted it a few times while fixing that (paths, permissions, etc.) 3. Afterwards, everything seemed to work fine (showrepl showed successful replication, DNS records were created, LDAP bind worked), so I added the server to dnsmasq as upstream nameserver 4. Ran `samba-tool domain demote --remove-other-dead-server=GRAZ-DC-BIS` to remove the old, dead DC. The command ran without any error messages. 5. At the same time, winbind started to sporadically fail on file servers (timing was close enough that it /could/ be unrelated to the demotion attempt.) 6. I tried to demote the new DC to restore the domain back to a working state, received WERR_BADFILE 7. Removed new DC from dnsmasq, this seemed to mostly restore the fileservers' winbind functionality for whatever reason.> 6.) Show us the full "samba-tool drs showrepl" output.Attached for verbosity reasons. graz-dc-bis has replication failures because it is still offline, graz-dc-1b started showing replication errors after attempting to demote it.> 7.) Is replication working between the remaining DCs?If showrepl is anything to go by, apparently yes. Nobody made any further changes apart from the changes listed above. -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz https://www.tao-digital.at | Tel +43 680 301 7167 https://pave.software – PAVE Password Manager -------------- next part -------------- root at graz-dc-1b:~# samba-tool drs showrepl Default-First-Site-Name\GRAZ-DC-1A DSA Options: 0x00000001 DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 DSA invocationId: 7511b2e2-2e0c-41b1-a65f-7af4d7d374ec ==== INBOUND NEIGHBORS === CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:29:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:04 2017 CEST CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:29:05 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:05 2017 CEST CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:29:05 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:05 2017 CEST CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:29:06 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:06 2017 CEST DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:29:03 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:03 2017 CEST DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:29:03 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:03 2017 CEST DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:29:03 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:03 2017 CEST DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:29:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:04 2017 CEST DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:29:06 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:06 2017 CEST DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:29:06 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:06 2017 CEST ==== OUTBOUND NEIGHBORS === ==== KCC CONNECTION OBJECTS === Connection -- Connection name: 06d34691-7d7f-4816-befe-3ff9c300ab16 Enabled : TRUE Server DNS name : graz-dc-sem.ad.tao.at Server DN name : CN=NTDS Settings,CN=GRAZ-DC-SEM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Connection -- Connection name: c073b4d7-bdc5-4151-b299-c4654c37dddb Enabled : TRUE Server DNS name : VILLACH-DC-BIS.ad.tao.at Server DN name : CN=NTDS Settings,CN=VILLACH-DC-BIS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! -------------- next part -------------- Default-First-Site-Name\GRAZ-DC-SEM DSA Options: 0x00000001 DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 DSA invocationId: 34d4ced7-ed98-4dfc-905c-9b638e877f5c ==== INBOUND NEIGHBORS === DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:29:56 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4240 consecutive failure(s). Last success @ Wed Mar 15 17:12:48 2017 CET DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ Thu Mar 30 11:29:56 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:56 2017 CEST DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:29:57 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:57 2017 CEST DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:29:57 2017 CEST failed, result 2 (WERR_BADFILE) 240 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:29:57 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4240 consecutive failure(s). Last success @ Wed Mar 15 17:12:49 2017 CET DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ Thu Mar 30 11:29:58 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:58 2017 CEST DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:29:59 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:29:59 2017 CEST DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:29:59 2017 CEST failed, result 2 (WERR_BADFILE) 240 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:29:59 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4240 consecutive failure(s). Last success @ Wed Mar 15 17:12:51 2017 CET DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ Thu Mar 30 11:30:00 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:30:00 2017 CEST DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:30:01 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:30:01 2017 CEST DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:30:01 2017 CEST failed, result 2 (WERR_BADFILE) 240 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:30:01 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4240 consecutive failure(s). Last success @ Wed Mar 15 17:12:53 2017 CET CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ Thu Mar 30 11:30:02 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:30:02 2017 CEST CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:30:03 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:30:03 2017 CEST CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:30:03 2017 CEST failed, result 2 (WERR_BADFILE) 241 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:30:03 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4240 consecutive failure(s). Last success @ Wed Mar 15 17:12:54 2017 CET CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ Thu Mar 30 11:30:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:30:04 2017 CEST CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:30:07 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:30:07 2017 CEST CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:30:07 2017 CEST failed, result 2 (WERR_BADFILE) 240 consecutive failure(s). Last success @ NTTIME(0) ==== OUTBOUND NEIGHBORS === DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:34:48 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 13088 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:34:49 2017 CEST failed, result 2 (WERR_BADFILE) 10 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:34:49 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 229366 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:34:44 2017 CEST failed, result 2 (WERR_BADFILE) 9 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:34:44 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 163031 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:34:44 2017 CEST failed, result 2 (WERR_BADFILE) 8 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:34:45 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 13043 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:34:45 2017 CEST failed, result 2 (WERR_BADFILE) 8 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:34:45 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 13877 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:34:45 2017 CEST failed, result 2 (WERR_BADFILE) 8 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS === Connection -- Connection name: 6fab070a-6d50-4e4c-be6f-8516ec918a56 Enabled : TRUE Server DNS name : VILLACH-DC-BIS.ad.tao.at Server DN name : CN=NTDS Settings,CN=VILLACH-DC-BIS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Connection -- Connection name: 7dc51aa1-a698-4092-8997-a4fde7c26cd7 Enabled : TRUE Server DNS name : GRAZ-DC-BIS.ad.tao.at Server DN name : CN=NTDS Settings,CN=GRAZ-DC-BIS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Connection -- Connection name: 8091b1c5-87b7-4f91-a33c-1d563eb06dd3 Enabled : TRUE Server DNS name : VILLACH-DC-SEM.ad.tao.at Server DN name : CN=NTDS Settings,CN=VILLACH-DC-SEM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Connection -- Connection name: c77f92b7-56c5-4b24-8dee-e279c98f5668 Enabled : TRUE Server DNS name : graz-dc-1a.ad.tao.at Server DN name : CN=NTDS Settings,CN=GRAZ-DC-1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! -------------- next part -------------- Default-First-Site-Name\VILLACH-DC-BIS DSA Options: 0x00000001 DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd DSA invocationId: b2ce5f4d-eabd-4e9c-9a2d-3ceb314b588f ==== INBOUND NEIGHBORS === CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:32:11 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:32:11 2017 CEST CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ Thu Mar 30 11:32:11 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:32:11 2017 CEST CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:32:12 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4235 consecutive failure(s). Last success @ Wed Mar 15 17:11:29 2017 CET CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:32:12 2017 CEST failed, result 2 (WERR_BADFILE) 244 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:32:13 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:32:13 2017 CEST CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ Thu Mar 30 11:32:14 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:32:14 2017 CEST CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:32:14 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4235 consecutive failure(s). Last success @ Wed Mar 15 17:11:31 2017 CET CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:32:15 2017 CEST failed, result 2 (WERR_BADFILE) 238 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:32:05 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:32:05 2017 CEST DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ Thu Mar 30 11:32:06 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:32:06 2017 CEST DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:32:07 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4235 consecutive failure(s). Last success @ Wed Mar 15 17:11:25 2017 CET DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:32:07 2017 CEST failed, result 2 (WERR_BADFILE) 238 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:32:08 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:32:08 2017 CEST DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ Thu Mar 30 11:32:08 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:32:08 2017 CEST DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:32:09 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4235 consecutive failure(s). Last success @ Wed Mar 15 17:11:27 2017 CET DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:32:09 2017 CEST failed, result 2 (WERR_BADFILE) 238 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:35:24 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:35:24 2017 CEST DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ Thu Mar 30 11:35:29 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:35:29 2017 CEST DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:32:17 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4235 consecutive failure(s). Last success @ Wed Mar 15 17:11:32 2017 CET DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:32:17 2017 CEST failed, result 2 (WERR_BADFILE) 238 consecutive failure(s). Last success @ NTTIME(0) ==== OUTBOUND NEIGHBORS === CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:36:36 2017 CEST failed, result 2 (WERR_BADFILE) 28 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:36:36 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 13720 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:36:40 2017 CEST failed, result 2 (WERR_BADFILE) 28 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:36:32 2017 CEST failed, result 2 (WERR_BADFILE) 29 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:36:34 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 83412 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:36:35 2017 CEST failed, result 2 (WERR_BADFILE) 28 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:36:30 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 74140 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:36:30 2017 CEST failed, result 2 (WERR_BADFILE) 25 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-SEM via RPC DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS === Connection -- Connection name: 2e9d1ac9-81a8-418a-831b-91d0fb6ff62b Enabled : TRUE Server DNS name : graz-dc-sem.ad.tao.at Server DN name : CN=NTDS Settings,CN=GRAZ-DC-SEM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Connection -- Connection name: 3aaea5d6-b01f-4233-8a28-8b38749312d8 Enabled : TRUE Server DNS name : graz-dc-1a.ad.tao.at Server DN name : CN=NTDS Settings,CN=GRAZ-DC-1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Connection -- Connection name: 48b2d06b-bd02-4d27-86bf-353c8e259a1e Enabled : TRUE Server DNS name : VILLACH-DC-SEM.ad.tao.at Server DN name : CN=NTDS Settings,CN=VILLACH-DC-SEM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Connection -- Connection name: 96101b58-f886-4d28-9c76-3927c9602bc2 Enabled : TRUE Server DNS name : GRAZ-DC-BIS.ad.tao.at Server DN name : CN=NTDS Settings,CN=GRAZ-DC-BIS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! -------------- next part -------------- Default-First-Site-Name\VILLACH-DC-SEM DSA Options: 0x00000001 DSA object GUID: eb5f9772-cd8f-4cde-9629-f1898c94aedd DSA invocationId: 9a773314-30ed-4f64-aba8-f5d49a81dc76 ==== INBOUND NEIGHBORS === CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:33:43 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:33:43 2017 CEST CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:33:44 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4241 consecutive failure(s). Last success @ Wed Mar 15 17:08:26 2017 CET CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:33:45 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:33:45 2017 CEST CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:33:45 2017 CEST failed, result 2 (WERR_BADFILE) 240 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:33:46 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:33:46 2017 CEST CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:33:46 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4241 consecutive failure(s). Last success @ Wed Mar 15 17:08:28 2017 CET CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:33:48 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:33:48 2017 CEST CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:33:48 2017 CEST failed, result 2 (WERR_BADFILE) 240 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:33:38 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:33:38 2017 CEST DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:33:38 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4241 consecutive failure(s). Last success @ Wed Mar 15 17:08:22 2017 CET DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:33:40 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:33:40 2017 CEST DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:33:40 2017 CEST failed, result 2 (WERR_BADFILE) 240 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:33:41 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:33:41 2017 CEST DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:33:41 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4241 consecutive failure(s). Last success @ Wed Mar 15 17:08:23 2017 CET DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:33:43 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:33:43 2017 CEST DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:33:43 2017 CEST failed, result 2 (WERR_BADFILE) 240 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ Thu Mar 30 11:35:21 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:35:21 2017 CEST DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:33:49 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 4241 consecutive failure(s). Last success @ Wed Mar 15 17:08:30 2017 CET DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ Thu Mar 30 11:35:31 2017 CEST was successful 0 consecutive failure(s). Last success @ Thu Mar 30 11:35:31 2017 CEST DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-1A via RPC DSA object GUID: d613fa11-064b-4bcc-ab01-20264f870f47 Last attempt @ Thu Mar 30 11:33:50 2017 CEST failed, result 2 (WERR_BADFILE) 240 consecutive failure(s). Last success @ NTTIME(0) ==== OUTBOUND NEIGHBORS === CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:35:46 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 26248 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:35:46 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 25990 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:35:44 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 26746 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:35:45 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 66213 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-BIS via RPC DSA object GUID: 7e4973ba-4093-4523-a70f-7caa4845e34d Last attempt @ Thu Mar 30 11:35:46 2017 CEST failed, result 31 (WERR_GENERAL_FAILURE) 60988 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\GRAZ-DC-SEM via RPC DSA object GUID: 160f5a53-5c29-4a83-aeee-6cb1dbabeed7 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ad,DC=tao,DC=at Default-First-Site-Name\VILLACH-DC-BIS via RPC DSA object GUID: e1569c90-50f9-4bb5-bd85-79145e3ff6fd Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS === Connection -- Connection name: 7d758464-a1f2-41f3-a2af-9b9479acf163 Enabled : TRUE Server DNS name : GRAZ-DC-BIS.ad.tao.at Server DN name : CN=NTDS Settings,CN=GRAZ-DC-BIS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Connection -- Connection name: b82fa121-7a62-405b-a1b7-45c169513667 Enabled : TRUE Server DNS name : VILLACH-DC-BIS.ad.tao.at Server DN name : CN=NTDS Settings,CN=VILLACH-DC-BIS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Connection -- Connection name: f50b2f9c-3090-4db2-bcf8-c8e32b5cf1a4 Enabled : TRUE Server DNS name : graz-dc-1a.ad.tao.at Server DN name : CN=NTDS Settings,CN=GRAZ-DC-1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Connection -- Connection name: f9245b65-e161-453f-8590-a1f519b5039a Enabled : TRUE Server DNS name : graz-dc-sem.ad.tao.at Server DN name : CN=NTDS Settings,CN=GRAZ-DC-SEM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=tao,DC=at TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20170330/a9cb0da2/signature.sig>
L.P.H. van Belle
2017-Mar-30 09:54 UTC
[Samba] NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC
> > – I noticed a typo in the server's `netbios name` setting, corrected > it, and restarted the DCWhere did you change this, in smb.conf or /etc/hosts ?? By default netbios name is adapted from the hostname. If you changed the hostname you might have found the source of your problem.> > – Noticed I had problems with the LDAP SSL certificates for this node > and restarted it a few times while fixing that (paths, permissions, etc.)If you renamed the hostname, you probely need new ssl cert. Greetz, Louis
Sven Schwedas
2017-Apr-07 11:44 UTC
[Samba] NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC
In the end I just upgraded all DCs to 4.5 and remote-deleted the broken ones. Seemed to work without a hitch, manual removal was only necessary to remove the IPs from DNS\_msdcs.ourdomain\gc\. I'll try adding new DCs on a date that's not "Friday two hours before I disappear for vacation". On 2017-03-29 16:51, Sven Schwedas via samba wrote:> Situation: Trying to upgrade Samba from 4.1 to 4.5 without disruption > too much by adding new DCs and demoting old ones. > > After bringing online the first 4.5 DC, I ran `demote > --remove-other-dead-server=` on that DC to remove one of the old 4.1 DCs > (held no FSMO roles). That seemed to run fine (the DC had been offline > for a few weeks at that point and I didn't want to restore it just for > demotion.) > > At that point, some (but not all) of our file servers started throwing > NT_STATUS_NO_LOGON_SERVERS (smbd) and > NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (winbind -P). Windows' RSAT tools > also completely fail to connect to the domain. > > Some of the old DCs started throwing "Failed to bind to uuid > e3514235-4b06-11d1-ab04-00c04fc2dcd2 for > e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:7e4973ba-4093-4523-a70f-7caa4845e34d._msdcs.ad.tao.at[1024,seal,krb5] > NT_STATUS_UNSUCCESSFUL" errors > > Attempts to remove the new ADDC fail with "(2, 'WERR_BADFILE')". > > > So… How the fuck do I recover from this? What's even wrong? > > >-- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz https://www.tao-digital.at | Tel +43 680 301 7167 https://pave.software – PAVE Password Manager -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20170407/d7f34d7a/signature.sig>
Sven Schwedas
2017-Apr-20 16:00 UTC
[Samba] NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC
On 2017-04-07 13:44, Sven Schwedas via samba wrote:> In the end I just upgraded all DCs to 4.5 and remote-deleted the broken > ones. Seemed to work without a hitch, manual removal was only necessary > to remove the IPs from DNS\_msdcs.ourdomain\gc\.Apparently not, adding new DCs failed with "WERR_DS_DATABASE_ERROR". `samba-tool dbcheck --fix` solved that. With that out of the way, the join seemed to work. • DNS records as per https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record were missing, after adding them, the replication is working as well. • File server verified to work, including authentication. • However, the server is still missing from the following DNS records: – Domain [host -t A ad.tao.at.] – LDAP SRV records [host -t SRV _ldap._tcp.ad.tao.at.] – KRB5 SRV records [host -t SRV _kerberos._tcp.ad.tao.at.] – …and all the others I can find in the MMC DNS snap-in (_gc, _kpasswd, etc. pp.) • Kerberos works, but I'm not sure it's actually using the new server, given the DNS issues. Can I just add the SRV records manually? Should this be documented in the wiki?> I'll try adding new DCs on a date that's not "Friday two hours before I > disappear for vacation". > > On 2017-03-29 16:51, Sven Schwedas via samba wrote: >> Situation: Trying to upgrade Samba from 4.1 to 4.5 without disruption >> too much by adding new DCs and demoting old ones. >> >> After bringing online the first 4.5 DC, I ran `demote >> --remove-other-dead-server=` on that DC to remove one of the old 4.1 DCs >> (held no FSMO roles). That seemed to run fine (the DC had been offline >> for a few weeks at that point and I didn't want to restore it just for >> demotion.) >> >> At that point, some (but not all) of our file servers started throwing >> NT_STATUS_NO_LOGON_SERVERS (smbd) and >> NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (winbind -P). Windows' RSAT tools >> also completely fail to connect to the domain. >> >> Some of the old DCs started throwing "Failed to bind to uuid >> e3514235-4b06-11d1-ab04-00c04fc2dcd2 for >> e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:7e4973ba-4093-4523-a70f-7caa4845e34d._msdcs.ad.tao.at[1024,seal,krb5] >> NT_STATUS_UNSUCCESSFUL" errors >> >> Attempts to remove the new ADDC fail with "(2, 'WERR_BADFILE')". >> >> >> So… How the fuck do I recover from this? What's even wrong? >> >> >> > > >-- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz https://www.tao-digital.at | Tel +43 680 301 7167 https://pave.software – PAVE Password Manager -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20170420/71e8d046/signature.sig>
Possibly Parallel Threads
- NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC
- Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
- Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
- Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
- Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown