samba - Jun 2017 - Can't join domain as DC

Hello,

I have 2 offices connected through VPN (all ipv4 and ipv6 traffic allowed),
every office with it's own subnet. I built a DC in office1 for
mydomain.local, built a second one in same office and joined mydomain.local
with no problem. Then i built a DC in office2, but when i try it to join
mydomain.local, the join process blocks at "Setting account password for
OFFICE2-DC$" and throws an error after some time.

Here is the full output of the join:
root at office2-dc:~# samba-tool domain join mydomain.local DC -Umyuser
--realm=mydomain.local --server=dc.ip.from.office1
Password for [WORKGROUP\myuser]:
workgroup is MYDOMAIN
realm is mydomain.local
checking sAMAccountName
Deleted CN=OFFICE2-DC,OU=Domain Controllers,DC=mydomain,DC=local
Deleted CN=NTDS
Settings,CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Deleted
CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Adding CN=OFFICE2-DC,OU=Domain Controllers,DC=mydomain,DC=local
Adding
CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Adding CN=NTDS
Settings,CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Adding SPNs to CN=OFFICE2-DC,OU=Domain Controllers,DC=mydomain,DC=local
Setting account password for OFFICE2-DC$
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line
175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
621,
in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1170, in
join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1073, in
do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 605, in
join_add_objects
    attrs=["msDS-KeyVersionNumber"])

If it matters, i use samba 4.3.11-Ubuntu.

Any idea what could break the join process and how i could fix it?

On Fri, 23 Jun 2017 11:04:49 +0300
Mitocariu Emilian via samba <samba at lists.samba.org> wrote:
> Hello,
> 
> I have 2 offices connected through VPN (all ipv4 and ipv6 traffic
> allowed), every office with it's own subnet. I built a DC in office1
> for mydomain.local, built a second one in same office and joined
> mydomain.local with no problem. Then i built a DC in office2, but
> when i try it to join mydomain.local, the join process blocks at
> "Setting account password for OFFICE2-DC$" and throws an error
after
> some time.
I hope '.local' isn't your real TLD
> 
> Here is the full output of the join:
> root at office2-dc:~# samba-tool domain join mydomain.local DC -Umyuser
> --realm=mydomain.local --server=dc.ip.from.office1
> Password for [WORKGROUP\myuser]:
> workgroup is MYDOMAIN
> realm is mydomain.local
> checking sAMAccountName
> Deleted CN=OFFICE2-DC,OU=Domain Controllers,DC=mydomain,DC=local
> Deleted CN=NTDS
>
Settings,CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
> Deleted
>
CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
> Adding CN=OFFICE2-DC,OU=Domain Controllers,DC=mydomain,DC=local
> Adding
>
CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
> Adding CN=NTDS
>
Settings,CN=OFFICE2-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
> Adding SPNs to CN=OFFICE2-DC,OU=Domain
> Controllers,DC=mydomain,DC=local Setting account password for
> OFFICE2-DC$ Join failed - cleaning up
> checking sAMAccountName
> ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3)
Seems to be a network error, the response took to long.

I would also use a different site, see here for info:

https://wiki.samba.org/index.php/Active_Directory_Sites

Rowland