samba - Apr 2013 - Problems attaching Windows server as secondary DC.

I have my Samba4 up and running. I was able to get a Windows 2012 server 
to join the samba4 domain.

However, I have not been able to get the Windows server to promote itself 
to a secondary DC.

I would appreciate any suggestions on debugging this issue.

One the Server 2012 machine, in the "prerequisites check", I see the 
following message:
"Verification or prerequisites for Active Directory preparation failed 
......
Exception: THe RPC server is unavailable. ....."
Adprep could not retrieve data from the server <servername> ..."

The servername is correct and resolves to my samba4 server.

On the Samba4 server, I see the following in the logs:
[2013/04/12 12:02:30,  3] 
../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
   Got NTLMSSP neg_flags=0xe2088235
[2013/04/12 12:02:30,  3] 
../source4/rpc_server/dcerpc_server.c:961(dcesrv_request)
   Warning: 60 extra bytes in incoming RPC request
[2013/04/12 12:02:30,  3] 
../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74(dcesrv_drsuapi_DsBind)
   ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with 
system_session
[2013/04/12 12:02:33,  3] 
../source4/smbd/service_stream.c:63(stream_terminate_connection)
   Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
[2013/04/12 12:02:33,  3] 
../source4/smbd/process_single.c:114(single_terminate)
   single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]


Any ideas?
Simon

<simon+samba <at> matthews.eu> writes:
> I have my Samba4 up and running. I was able to get a Windows 2012 server 
> to join the samba4 domain.
> 
> However, I have not been able to get the Windows server to promote itself 
> to a secondary DC.
> 
> I would appreciate any suggestions on debugging this issue.
> 
> One the Server 2012 machine, in the "prerequisites check", I see
the
> following message:
> "Verification or prerequisites for Active Directory preparation failed
> ......
> Exception: THe RPC server is unavailable. ....."

Simon you are not alone!

Same here: Ubuntu 13.04 and samba4-4.0.1+dfsg1-1+. This exists since
long time (12.04 and S4 beta).
At present level it seems that Win DC could not join S4 Domains. So you could
not get ridd of samba4.

Bug or feature?

Only Win 2012 DC, 2008 R2 join fine as DC. Same here with fresh install of
S4 and Win 2012.


2013/4/15 Friedmar <friedmar.moch at me.com>
>  <simon+samba <at> matthews.eu> writes:
>
> > I have my Samba4 up and running. I was able to get a Windows 2012
server
> > to join the samba4 domain.
> >
> > However, I have not been able to get the Windows server to promote
itself
> > to a secondary DC.
> >
> > I would appreciate any suggestions on debugging this issue.
> >
> > One the Server 2012 machine, in the "prerequisites check", I
see the
> > following message:
> > "Verification or prerequisites for Active Directory preparation
failed
> > ......
> > Exception: THe RPC server is unavailable. ....."
>
>
> Simon you are not alone!
>
> Same here: Ubuntu 13.04 and samba4-4.0.1+dfsg1-1+. This exists since
> long time (12.04 and S4 beta).
> At present level it seems that Win DC could not join S4 Domains. So you
> could
> not get ridd of samba4.
>
> Bug or feature?
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Mon, 15 Apr 2013, Jonis Maurin Cear? wrote:
> Only Win 2012 DC, 2008 R2 join fine as DC. Same here with fresh install of
> S4 and Win 2012.
I am trying to join a Windows Server 2012 machine as a secondary DC. 
This should work, right?

Simon
>
>
> 2013/4/15 Friedmar <friedmar.moch at me.com>
>
>>  <simon+samba <at> matthews.eu> writes:
>>
>>> I have my Samba4 up and running. I was able to get a Windows 2012
server
>>> to join the samba4 domain.
>>>
>>> However, I have not been able to get the Windows server to promote
itself
>>> to a secondary DC.
>>>
>>> I would appreciate any suggestions on debugging this issue.
>>>
>>> One the Server 2012 machine, in the "prerequisites
check", I see the
>>> following message:
>>> "Verification or prerequisites for Active Directory
preparation failed
>>> ......
>>> Exception: THe RPC server is unavailable. ....."
>>
>>
>> Simon you are not alone!
>>
>> Same here: Ubuntu 13.04 and samba4-4.0.1+dfsg1-1+. This exists since
>> long time (12.04 and S4 beta).
>> At present level it seems that Win DC could not join S4 Domains. So you
>> could
>> not get ridd of samba4.
>>
>> Bug or feature?
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>

On 04/13/2013 04:38 PM, simon+samba at matthews.eu
wrote:
>
> I have my Samba4 up and running. I was able to get a Windows 2012 
> server to join the samba4 domain.
>
> However, I have not been able to get the Windows server to promote 
> itself to a secondary DC.
>
> I would appreciate any suggestions on debugging this issue.
>
> One the Server 2012 machine, in the "prerequisites check", I see
the
> following message:
> "Verification or prerequisites for Active Directory preparation failed
> ......
> Exception: THe RPC server is unavailable. ....."
> Adprep could not retrieve data from the server <servername> ..."
>
> The servername is correct and resolves to my samba4 server.
>
> On the Samba4 server, I see the following in the logs:
> [2013/04/12 12:02:30,  3] 
> ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
>   Got NTLMSSP neg_flags=0xe2088235
> [2013/04/12 12:02:30,  3] 
> ../source4/rpc_server/dcerpc_server.c:961(dcesrv_request)
>   Warning: 60 extra bytes in incoming RPC request
> [2013/04/12 12:02:30,  3] 
> ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74(dcesrv_drsuapi_DsBind)
>   ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with 
> system_session
> [2013/04/12 12:02:33,  3] 
> ../source4/smbd/service_stream.c:63(stream_terminate_connection)
>   Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
> [2013/04/12 12:02:33,  3] 
> ../source4/smbd/process_single.c:114(single_terminate)
>   single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
>
>
> Any ideas?
We don't support Windows 2012 yet, for multiple reasons:

In order to have a Windows 2012 DC you must have a 2012 compliant 
schema, up to Windows 2008R2 included the way to do was to run programs 
provided by Microsoft on existing DC to upgrade the schema and do some 
adaptation to the database. With windows 2012 they have introduced a way 
to do it also remotely via webservices that we don't support and we 
dont' plan to support. So usual upgrade path is not possible.

Up to now we have asked and received new schema from Microsoft after 
each new AD product but for 2012 we didn't really asked so we haven't 
received it yet, *if* we had it the way to go would be to run something 
like samba_upgradeprovision so that we would be able to add missing 
schema entries and modify needed objects, but this is not yet a solution 
(although it might be a much shorter delay before getting it).

Last would be to add an older version of Windows (2003, 2008, 2008R2) to 
the domain and run the program to upgrade the schema, it won't work 
until you migrate schema master role to the newly added Windows DC. Then 
you might run into problems while synchronizing this is a known problem 
that we are working on and you'll face for sure if you try to join samba 
to a domain with a Windows 2012 schema.

HTH.

Matthieu


-- 
Matthieu Patou
Samba Team
http://samba.org