samba - Jul 2014 - net ads join fails in Ubuntu 14.04 in AWS

Hi all

EC2 Ubuntu 14.04 instances can't join domain. Same setup works fine for
local virtual machines.
Domain processes request normally.
Kinit works fine with generated config

root at new1404:~# net ads join -U dnscreate%password -d 1
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        in: struct libnet_JoinCtx
            dc_name                  : NULL
            machine_name             : 'NEW1404'
            domain_name              : *
                domain_name              : 'AWS.DOMAIN.COM'
            account_ou               : NULL
            admin_account            : 'dnscreate'
            machine_password         : NULL
            join_flags               : 0x00000023 (35)
                   0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
                   0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                   0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                   0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                   0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                   0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                   1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                   0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                   1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                   1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
            os_version               : NULL
            os_name                  : NULL
            create_upn               : 0x00 (0)
            upn                      : NULL
            modify_config            : 0x00 (0)
            ads                      : NULL
            debug                    : 0x01 (1)
            use_kerberos             : 0x00 (0)
            secure_channel_type      : SEC_CHAN_WKSTA (2)
kerberos_kinit_password dnscreate at AWS.DOMAIN.COM failed: Cannot contact any
KDC for requested realm
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            account_name             : NULL
            netbios_domain_name      : 'AWS'
            dns_domain_name          : 'aws.domain.com'
            forest_name              : 'domain.com'
            dn                       : NULL
            domain_sid               : *
                domain_sid               :
S-1-5-21-3703399817-2864286332-805048363
            modified_config          : 0x00 (0)
            error_string             : 'failed to connect to AD: Cannot
contact any KDC for requested realm'
            domain_is_ad             : 0x01 (1)
            result                   : WERR_GENERAL_FAILURE

root at new1404:~# net lookup kdc
172.30.192.5:389
172.30.192.5:88
172.30.160.5:88

Sincerely,
Alex Slynko
WDFC UK Limited. Registered in England & Wales with registered number
6374235 and registered office 88 Crawford Street, London W1H 2EJ. Authorised and
regulated by the Financial Conduct Authority. Interim Permission Number 611974.
Any communication sent by or on behalf of WDFC UK Limited or any of its
subsidiary, holding or affiliated companies or entities (together
"Wonga") is confidential and may be privileged or otherwise protected.
If you receive it in error please inform us and then delete it from your system.
You should not copy it or disclose its contents to anyone. Messages sent to and
from Wonga may be monitored to ensure compliance with our internal policies and
to protect our business. Emails are not secure and cannot be guaranteed to be
error free. Anyone who communicates with us by email is taken to accept these
risks.
---------------------------------------------------------------------------------------
 This email has been scanned for email related threats and delivered safely by
Mimecast.
 For more information please visit http://www.mimecast.com
---------------------------------------------------------------------------------------

There is no Domainname in your join-command:
Change to:

net ads join yourdomain -U dnscreate%password -d 1

Am 16.07.2014 11:07, schrieb Alex Slynko:
> Hi all
> 
> EC2 Ubuntu 14.04 instances can't join domain. Same setup works fine
> for local virtual machines.
> Domain processes request normally.
> Kinit works fine with generated config
> 
> root at new1404:~# net ads join -U dnscreate%password -d 1
> libnet_Join:
>     libnet_JoinCtx: struct libnet_JoinCtx
>         in: struct libnet_JoinCtx
>             dc_name                  : NULL
>             machine_name             : 'NEW1404'
>             domain_name              : *
>                 domain_name              : 'AWS.DOMAIN.COM'
>             account_ou               : NULL
>             admin_account            : 'dnscreate'
>             machine_password         : NULL
>             join_flags               : 0x00000023 (35)
>                    0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
>                    0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
>                    0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
>                    0: WKSSVC_JOIN_FLAGS_DEFER_SPN
>                    0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
>                    0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
>                    1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
>                    0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
>                    0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
>                    1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
>                    1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
>             os_version               : NULL
>             os_name                  : NULL
>             create_upn               : 0x00 (0)
>             upn                      : NULL
>             modify_config            : 0x00 (0)
>             ads                      : NULL
>             debug                    : 0x01 (1)
>             use_kerberos             : 0x00 (0)
>             secure_channel_type      : SEC_CHAN_WKSTA (2)
> kerberos_kinit_password dnscreate at AWS.DOMAIN.COM failed: Cannot
> contact any KDC for requested realm
> libnet_Join:
>     libnet_JoinCtx: struct libnet_JoinCtx
>         out: struct libnet_JoinCtx
>             account_name             : NULL
>             netbios_domain_name      : 'AWS'
>             dns_domain_name          : 'aws.domain.com'
>             forest_name              : 'domain.com'
>             dn                       : NULL
>             domain_sid               : *
>                 domain_sid               :
> S-1-5-21-3703399817-2864286332-805048363
>             modified_config          : 0x00 (0)
>             error_string             : 'failed to connect to AD:
> Cannot contact any KDC for requested realm'
>             domain_is_ad             : 0x01 (1)
>             result                   : WERR_GENERAL_FAILURE
> 
> root at new1404:~# net lookup kdc
> 172.30.192.5:389
> 172.30.192.5:88
> 172.30.160.5:88
> 
> Sincerely,
> Alex Slynko
> WDFC UK Limited. Registered in England & Wales with registered number
> 6374235 and registered office 88 Crawford Street, London W1H 2EJ.
> Authorised and regulated by the Financial Conduct Authority. Interim
> Permission Number 611974. Any communication sent by or on behalf of
> WDFC UK Limited or any of its subsidiary, holding or affiliated
> companies or entities (together "Wonga") is confidential and may
be
> privileged or otherwise protected. If you receive it in error please
> inform us and then delete it from your system. You should not copy it
> or disclose its contents to anyone. Messages sent to and from Wonga
> may be monitored to ensure compliance with our internal policies and
> to protect our business. Emails are not secure and cannot be
> guaranteed to be error free. Anyone who communicates with us by email
> is taken to accept these risks.
>
---------------------------------------------------------------------------------------
>  This email has been scanned for email related threats and delivered
> safely by Mimecast.
>  For more information please visit http://www.mimecast.com
>
---------------------------------------------------------------------------------------