thr3ads.net - samba - [Samba] Unable to join a DC to a Site that doesn't already have a DC in that subnet [Jun 2014]

If this information is useful, please help other people find it:
Share via:

Chris Alavoine

2014-Jun-18 08:28 UTC

[Samba] Unable to join a DC to a Site that doesn't already have a DC in that subnet

Hi all,

Am having problems adding a new DC to a Site that doesn't already have a DC
in the same subnet. Whenever I try and do a domain join specifying a nearby
DC in a different subnet I get this:

ERROR(runtime): uncaught exception - (-1073741643,
'NT_STATUS_IO_TIMEOUT')
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line
552, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
1172, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
1082, in do_join
    ctx.join_finalise()
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
881, in join_finalise
    ctx.send_DsReplicaUpdateRefs(nc)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
866, in send_DsReplicaUpdateRefs
    ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)

I have managed to join a DC to a Site that already has a DC in that subnet
(although not in that Site).

Can anyone think of a workaround for this?

This is my join statement (names changed to protect the innocent):

/usr/local/samba/bin/samba-tool domain join essence.internal.com DC
-UAdministrator --realm=example.com --server=remotedc.example.com
--site=local


I am trying to do this due to the bug that doesn't allow the manual moving
of DC's to new Sites by using the ADSS drag and drop method.

Thanks,
Chris.



-- 
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192

Davor Vusir

2014-Jun-18 18:40 UTC

head link

[Samba] Unable to join a DC to a Site that doesn't already have a DC in that subnet

2014-06-18 10:28 GMT+02:00 Chris Alavoine <chrisa at
acs-info.co.uk>:> Hi all,
>
> Am having problems adding a new DC to a Site that doesn't already have
a DC
> in the same subnet. Whenever I try and do a domain join specifying a nearby
> DC in a different subnet I get this:
>
> ERROR(runtime): uncaught exception - (-1073741643,
'NT_STATUS_IO_TIMEOUT')
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line
> 552, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
> 1172, in join_DC
>     ctx.do_join()
>   File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
> 1082, in do_join
>     ctx.join_finalise()
>   File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
> 881, in join_finalise
>     ctx.send_DsReplicaUpdateRefs(nc)
>   File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
> 866, in send_DsReplicaUpdateRefs
>     ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
>
> I have managed to join a DC to a Site that already has a DC in that subnet
> (although not in that Site).
>
> Can anyone think of a workaround for this?
>
> This is my join statement (names changed to protect the innocent):
>
> /usr/local/samba/bin/samba-tool domain join essence.internal.com DC
> -UAdministrator --realm=example.com --server=remotedc.example.com
> --site=local
>
>
> I am trying to do this due to the bug that doesn't allow the manual
moving
> of DC's to new Sites by using the ADSS drag and drop method.
>
Hi Chris!

Actually there is a way. If you use a DNS that does not reside on the
DC's but standalone, the manual moving works.

As a start I put the following RRs in a static dns: A, ptr and 'basic'
SRV RR
_gc._tcp, _kerberos._tcp, _kerberos._tcp, _kerberos._udp,
_kpasswd._tcp, _kpasswd._udp, _ldap._tcp, _ldap._tcp.dc._msdcs,
_ldap._tcp.gc._msdcs, _ldap._tcp.pdc._msdcs.

That ended in following errors in syslog (amongst others):

[2014/06/18 11:56:36.078267, 3]
../source4/libcli/resolve/dns_ex.c:492(pipe_handler)
 dns child failed to find name
'5d6f52ac-640c-4dc1-a84b-42aac923d256._msdcs.example.org' of type A.

All SRV RR for a DC have to be present in DNS. But I have had no time
to test it. And I have not tested multiple subnets.

My guess is that the bug is DNS related or the account that makes the
changes cannot edit the AD database. And that results in that no SRV
RR are added/changed and the MMC eventually times out.

Regards
Davor

 Thanks,> Chris.
>
>
>
> --
> ACS (Alavoine Computer Services Ltd)
> Chris Alavoine
> mob +44 (0)7724 710 730
> www.alavoinecs.co.uk
> http://twitter.com/#!/alavoinecs
> http://www.linkedin.com/pub/chris-alavoine/39/606/192
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Reasonably Related Threads

Search for more possibly parallel threads

samba - Jun 2014 - Unable to join a DC to a Site that doesn't already have a DC in that subnet

[Samba] Unable to join a DC to a Site that doesn't already have a DC in that subnet

[Samba] Unable to join a DC to a Site that doesn't already have a DC in that subnet

Reasonably Related Threads