Hi!
I want to get down to the root cause of the issue I am having with my new
DC in my domain. I have followed some tutorials on the internet and
basically do not get the results.
I have 1 old DC, that is providing the AD domain for the whole local
network. I wanted to add another one. Both are Ubuntus 16.04, fully
updated.
I have followed this https://www.tecmint.com/join-additional-ubuntu-dc-to-
samba4-ad-dc-failover-replication/ but basically most howtos discuss this
the same way.
- samba-tool drs showrepl on the old, existing DC (yes, it's named pdc)
Default-First-Site-Name\PDC
DSA Options: 0x00000001
DSA object GUID: 0b562545-29f5-4d2f-a6d9-81e4359fc6b1
DSA invocationId: 2c0b1f12-f0c5-40a0-8de1-a562a93b7839
==== INBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\QDC via RPC
DSA object GUID: 8d384b11-053d-486b-bfb6-3e00ff8d3d34
Last attempt @ Tue Apr 24 23:36:05 2018 CEST failed, result 2 (WERR_BADFILE)
10695 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\QDC via RPC
DSA object GUID: 8d384b11-053d-486b-bfb6-3e00ff8d3d34
Last attempt @ Tue Apr 24 23:36:06 2018 CEST failed, result 2 (WERR_BADFILE)
10695 consecutive failure(s).
Last success @ NTTIME(0)
DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\QDC via RPC
DSA object GUID: 8d384b11-053d-486b-bfb6-3e00ff8d3d34
Last attempt @ Tue Apr 24 23:36:07 2018 CEST failed, result 2 (WERR_BADFILE)
10698 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\QDC via RPC
DSA object GUID: 8d384b11-053d-486b-bfb6-3e00ff8d3d34
Last attempt @ Tue Apr 24 23:36:08 2018 CEST failed, result 2 (WERR_BADFILE)
10701 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\QDC via RPC
DSA object GUID: 8d384b11-053d-486b-bfb6-3e00ff8d3d34
Last attempt @ Tue Apr 24 23:36:09 2018 CEST failed, result 2 (WERR_BADFILE)
10695 consecutive failure(s).
Last success @ NTTIME(0)
==== OUTBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\QDC via RPC
DSA object GUID: 8d384b11-053d-486b-bfb6-3e00ff8d3d34
Last attempt @ Tue Apr 24 23:36:36 2018 CEST failed, result 2 (WERR_BADFILE)
17 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\QDC via RPC
DSA object GUID: 8d384b11-053d-486b-bfb6-3e00ff8d3d34
Last attempt @ Tue Apr 24 23:36:37 2018 CEST failed, result 2 (WERR_BADFILE)
16 consecutive failure(s).
Last success @ NTTIME(0)
DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\QDC via RPC
DSA object GUID: 8d384b11-053d-486b-bfb6-3e00ff8d3d34
Last attempt @ Tue Apr 24 23:36:38 2018 CEST failed, result 2 (WERR_BADFILE)
16 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\QDC via RPC
DSA object GUID: 8d384b11-053d-486b-bfb6-3e00ff8d3d34
Last attempt @ Tue Apr 24 23:36:39 2018 CEST failed, result 2 (WERR_BADFILE)
16 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\QDC via RPC
DSA object GUID: 8d384b11-053d-486b-bfb6-3e00ff8d3d34
Last attempt @ Tue Apr 24 23:36:40 2018 CEST failed, result 2 (WERR_BADFILE)
16 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: 68561cc1-c436-4276-8b11-1077a40ea1da
Enabled : TRUE
Server DNS name : qdc.biuro.gpm-vindexus.pl
Server DN name : CN=NTDS
Settings,CN=QDC,CN=Servers,CNDefault-First-Site-Name,CN=Sites,CN=Configuration,DCbiuro,DC=gpm-vindexus,DC=pl
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
- samba-tool drs showrepl on the new DC (named QDC)
# samba-tool drs showrepl
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_INVALID_PARAMETER
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_INVALID_PARAMETER
Default-First-Site-Name\QDC
DSA Options: 0x00000001
DSA object GUID: 8d384b11-053d-486b-bfb6-3e00ff8d3d34
DSA invocationId: 9a82eb7f-0215-48f4-92be-c5708ff9acf3
==== INBOUND NEIGHBORS ===
CN=Configuration,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\PDC via RPC
DSA object GUID: 0b562545-29f5-4d2f-a6d9-81e4359fc6b1
Last attempt @ Tue Apr 24 23:35:13 2018 CEST was successful
0 consecutive failure(s).
Last success @ Tue Apr 24 23:35:13 2018 CEST
DC=ForestDnsZones,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\PDC via RPC
DSA object GUID: 0b562545-29f5-4d2f-a6d9-81e4359fc6b1
Last attempt @ Tue Apr 24 23:35:13 2018 CEST was successful
0 consecutive failure(s).
Last success @ Tue Apr 24 23:35:13 2018 CEST
CN=Schema,CN=Configuration,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\PDC via RPC
DSA object GUID: 0b562545-29f5-4d2f-a6d9-81e4359fc6b1
Last attempt @ Tue Apr 24 23:35:13 2018 CEST was successful
0 consecutive failure(s).
Last success @ Tue Apr 24 23:35:13 2018 CEST
DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\PDC via RPC
DSA object GUID: 0b562545-29f5-4d2f-a6d9-81e4359fc6b1
Last attempt @ Tue Apr 24 23:35:14 2018 CEST was successful
0 consecutive failure(s).
Last success @ Tue Apr 24 23:35:14 2018 CEST
DC=DomainDnsZones,DC=biuro,DC=gpm-vindexus,DC=pl
Default-First-Site-Name\PDC via RPC
DSA object GUID: 0b562545-29f5-4d2f-a6d9-81e4359fc6b1
Last attempt @ Tue Apr 24 23:35:13 2018 CEST was successful
0 consecutive failure(s).
Last success @ Tue Apr 24 23:35:13 2018 CEST
==== OUTBOUND NEIGHBORS ===
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: 971792df-8fbe-4b10-b2e7-4a51c376cd47
Enabled : TRUE
Server DNS name : pdc.biuro.gpm-vindexus.pl
Server DN name : CN=NTDS
Settings,CN=PDC,CN=Servers,CNDefault-First-Site-Name,CN=Sites,CN=Configuration,DCbiuro,DC=gpm-vindexus,DC=pl
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
- the DNS queries
# host –t SRV _ldap._tcp.biuro.gpm-vindexus.pl
host: couldn't get address for 'SRV': not found
# host biuro.gpm-vindexus.pl
biuro.gpm-vindexus.pl has address 192.168.0.251
So I guess something is not working with the DNS settings right. I also had
to add these records by hand: https://wiki.samba.org/
index.php/Verifying_and_Creating_a_DC_DNS_Record but the SRV above still is
empty. I can manually add this, but if this will solve the issue - don't
know, whould prefer to read about the next steps.
I guess that what I need is some manual on how to add a DC to the AD by
hand, so I don't miss any part of the process and I'll find what went
bad
during the joining procedure.