thr3ads.net - samba - [Samba] Fw: Re: Made a join with a netbios name, which already existed, now replication errors [Aug 2017]

If this information is useful, please help other people find it:
Share via:

thom_schu at gmx.de

2017-Aug-01 11:05 UTC

[Samba] Fw: Re: Made a join with a netbios name, which already existed, now replication errors

> Get rid of samba3 by demoting it again as you did last time, search
> through sam.ldb for any mention of samba3 and samba4 (you will
> probably have to use '--cross-ncs' with ldbsearch or lbdedit), then
> remove them.
> Now start again with a new DC, but this time, call it anything but
> samba3 or samba4.
Getting worse and worse ....
I demoted samba3 and then also samba5, because samba5 reported successful
replication
with samba3, although samba3 was already demoted.

So I thought I can start with working samba1 and samba2.

I made a new clean installation of samba5 beginning with the OS ...
But the join failed with

  Unxpectedly got mismatching RDN values when checking RDN against name of
CN=NTDS Settings,CN=ISAMBA3,CN=Servers,CN=Default-First- 
Site-Name,CN=Sites,CN=Configuration,DC=domain Failed to convert object CN=NTDS
Settings,CN=ISAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain:
WERR_GEN_FAILURE

SAMBA3 again ??!! I thought I deleted everything !! 

A check on samba2 "ldbsearch --cross-ncs ... | egrep -i samba3"

  dn:
CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain
  cn: SAMBA3
  name: SAMBA3
  dNSHostName: samba3.domain
  distinguishedName: CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
  dn: DC=samba3,DC=domain,CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain
  name: samba3
  dc: samba3
  distinguishedName: DC=samba3,DC=domain.de,CN=MicrosoftD

I'm sure I checked already in the morning and didnt find any entries about
samba3, except the ones I deleted.
Im already confused and getting nervous not far from panic.
Im thinking about to start a complete new domain controller with a backup from
before I started all this, hopefully
my backup works.
Or should I delete now the mentioned entries ? (ldbdel ...
CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration)
They seem to be deep inside the DNS database. I really have the feeling, with
each step its getting worse.

thom_schu at gmx.de

2017-Aug-01 19:03 UTC

head link

[Samba] Fw: Re: Made a join with a netbios name, which already existed, now replication errors

Hello,
now with "ldbsearch --cross-ncs ..." I dont find entries of domain
controllers anymore except samba1 and samba2.
sam.ldb seems to be clean now.
But with the DNS-Tool from Windows I can see a lot of entries for samba3, all of
them for services like _gc, _kerberos, _ldap, _kpasswd.
Can this be the reason for the error I get when I join samba5 ? Do I have to
delete this entries ?

Because when I want to join samba5, I still get the following error. From where
comes that info about samba3 ?

samba-tool domain join domain.university.de DC
-U"domain\administrator" --dns-backend=SAMBA_INTERNAL

Finding a writeable DC for domain 'domain.university.de'
Found DC samba1.domain.university.de
Password for [domain\administrator]:
workgroup is domain
realm is domain.university.de
Adding CN=SAMBA5,OU=Domain Controllers,DC=domain,DC=university,DC=de
Adding
CN=SAMBA5,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=de
Adding CN=NTDS
Settings,CN=SAMBA5,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=de
Adding SPNs to CN=SAMBA5,OU=Domain Controllers,DC=domain,DC=university,DC=de
Setting account password for SAMBA5$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=domain,DC=university,DC=de
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=university,DC=de]
objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=university,DC=de]
objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=university,DC=de]
objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=university,DC=de]
objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=domain,DC=university,DC=de] objects[402/1655]
linked_values[0/0]
Partition[CN=Configuration,DC=domain,DC=university,DC=de] objects[804/1655]
linked_values[0/0]
Partition[CN=Configuration,DC=domain,DC=university,DC=de] objects[1206/1655]
linked_values[0/0]
Partition[CN=Configuration,DC=domain,DC=university,DC=de] objects[1608/1655]
linked_values[0/0]
Partition[CN=Configuration,DC=domain,DC=university,DC=de] objects[1655/1655]
linked_values[52/0]
Unxpectedly got mismatching RDN values when checking RDN against name of CN=NTDS
Settings,CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=deFailed
to convert object CN=NTDS
Settings,CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=de:
WERR_GEN_FAILURE
Failed to convert objects: WERR_GEN_FAILURE
Join failed - cleaning up
Deleted CN=SAMBA5,OU=Domain Controllers,DC=domain,DC=university,DC=de
Deleted CN=NTDS
Settings,CN=SAMBA5,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=de
Deleted
CN=SAMBA5,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=de
ERROR(runtime): uncaught exception - (31, "Failed to process
'chunk' of DRS replicated objects: WERR_GEN_FAILURE")
                  File
"/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line
176, in _run
                    return self.run(*args, **kwargs)
                  File
"/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 661,
in run
                    machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
                  File
"/usr/lib64/python2.7/site-packages/samba/join.py", line 1269, in
join_DC
                    ctx.do_join()
                  File
"/usr/lib64/python2.7/site-packages/samba/join.py", line 1177, in
do_join
                    ctx.join_replicate()
                  File
"/usr/lib64/python2.7/site-packages/samba/join.py", line 895, in
join_replicate
                    replica_flags=ctx.replica_flags)
                  File
"/usr/lib64/python2.7/site-packages/samba/drs_utils.py", line 258, in
replicate
                    schema=schema, req_level=req_level, req=req)


Regards

>> Get rid of samba3 by demoting it again as you did last time, search
>> through sam.ldb for any mention of samba3 and samba4 (you will
>> probably have to use '--cross-ncs' with ldbsearch or lbdedit),
then
>> remove them.
>> Now start again with a new DC, but this time, call it anything but
>> samba3 or samba4.
> Getting worse and worse ....
> I demoted samba3 and then also samba5, because samba5 reported successful
replication
> with samba3, although samba3 was already demoted.
> 
> So I thought I can start with working samba1 and samba2.
> 
> I made a new clean installation of samba5 beginning with the OS ...
> But the join failed with
> 
> Unxpectedly got mismatching RDN values when checking RDN against name of
CN=NTDS Settings,CN=ISAMBA3,CN=Servers,CN=Default-First-
Site-Name,CN=Sites,CN=Configuration,DC=domain Failed to convert object CN=NTDS
Settings,CN=ISAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain:
WERR_GEN_FAILURE
> 
> SAMBA3 again ??!! I thought I deleted everything !!
> 
> A check on samba2 "ldbsearch --cross-ncs ... | egrep -i samba3"
> 
> dn:
CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain
> cn: SAMBA3
> name: SAMBA3
> dNSHostName: samba3.domain
> distinguishedName: CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> dn: DC=samba3,DC=domain,CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain
> name: samba3
> dc: samba3
> distinguishedName: DC=samba3,DC=domain.de,CN=MicrosoftD
> 
> I'm sure I checked already in the morning and didnt find any entries
about samba3, except the ones I deleted.
> Im already confused and getting nervous not far from panic.
> Im thinking about to start a complete new domain controller with a backup
from before I started all this, hopefully
> my backup works.
> Or should I delete now the mentioned entries ? (ldbdel ...
CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration)
> They seem to be deep inside the DNS database. I really have the feeling,
with each step its getting worse.

thom_schu at gmx.de

2017-Aug-01 21:42 UTC

head link

[Samba] Fw: Re: Made a join with a netbios name, which already existed, now replication errors

> But with the DNS-Tool from Windows I can see a lot of entries for samba3,
all of them for services like _gc, _kerberos, _ldap, _kpasswd.
Cleaned the DNS manually with the DNS application, but still I can't join.
Same error.

Maybe Matching Threads

Search for more apparently analagous threads

samba - Aug 2017 - Fw: Re: Made a join with a netbios name, which already existed, now replication errors

[Samba] Fw: Re: Made a join with a netbios name, which already existed, now replication errors

[Samba] Fw: Re: Made a join with a netbios name, which already existed, now replication errors

[Samba] Fw: Re: Made a join with a netbios name, which already existed, now replication errors

Maybe Matching Threads