Daniel McFeeters
2017-Dec-21 16:04 UTC
[Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
I have a Samba4 Domain Controller, which we have run in production since ~2009 (early alpha). It's had a few issues over the years which we've managed to recover from. I'm trying to join a second Samba4 DC to the domain, but having trouble when I issue the join. I have run dbcheck on the existing DC, which found and fixed some errors. There are still about 60+ errors like this: # samba-tool dbcheck --cross-ncs ... ERROR: no target object found for GUID component for objectCategory in object DC=... Not removing dangling forward link I'm running the same Samba version on both systems. Just upgraded to 4.7.3 (Ubuntu 18.04 beta) in attempting to resolve this problem. (I attempted with earlier versions with the same problem.) Any suggestions would be greatly appreciated! Here is the output from the second DC when I attempt to join: $ samba --version Version 4.7.3-Ubuntu $ sudo samba-tool domain join redacted.domain.local DC -U"REDACTED\my.domain.admin" --dns-backend=SAMBA_INTERNAL Finding a writeable DC for domain 'redacted.domain.local' Found DC samba4dom.redacted.domain.local Password for [REDACTED\my.domain.admin]: NO DNS zone information found in source domain, not replicating DNS workgroup is REDACTED realm is redacted.domain.local Adding CN=SAMBA4DC2,OU=Domain Controllers,DC=redacted,DC=domain,DC=local Adding CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local Adding CN=NTDS Settings,CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local Adding SPNs to CN=SAMBA4DC2,OU=Domain Controllers,DC=redacted,DC=domain,DC=local Setting account password for SAMBA4DC2$ Enabling account Calling bare provision Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=redacted,DC=domain,DC=local Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] objects[1550/1550] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[402/1606] linked_values[0/0] Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[804/1606] linked_values[0/0] Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[1206/1606] linked_values[0/0] Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[1605/1606] linked_values[22/22] Replicating critical objects from the base DN of the domain Partition[DC=redacted,DC=domain,DC=local] objects[76/74] linked_values[21/21] Partition[DC=redacted,DC=domain,DC=local] objects[478/19960] linked_values[0/0] Failed to commit objects: WERR_DS_DRA_MISSING_PARENT Join failed - cleaning up Deleted CN=SAMBA4DC2,OU=Domain Controllers,DC=redacted,DC=domain,DC=local Deleted CN=NTDS Settings,CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local Deleted CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local ERROR(runtime): uncaught exception - (8460, "Failed to process 'chunk' of DRS replicated objects: WERR_DS_DRA_MISSING_PARENT") File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1377, in do_join ctx.join_replicate() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 936, in join_replicate replica_flags=ctx.domain_replica_flags) File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 295, in replicate schema=schema, req_level=req_level, req=req) Daniel McFeeters
Rowland Penny
2017-Dec-21 16:34 UTC
[Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
On Thu, 21 Dec 2017 11:04:22 -0500 (EST) Daniel McFeeters via samba <samba at lists.samba.org> wrote:> I have a Samba4 Domain Controller, which we have run in production > since ~2009 (early alpha). It's had a few issues over the years which > we've managed to recover from. I'm trying to join a second Samba4 DC > to the domain, but having trouble when I issue the join. I have run > dbcheck on the existing DC, which found and fixed some errors. There > are still about 60+ errors like this: > > # samba-tool dbcheck --cross-ncs > ... > ERROR: no target object found for GUID component for > objectCategory in object DC=... Not removing dangling forward link > > I'm running the same Samba version on both systems. Just upgraded to > 4.7.3 (Ubuntu 18.04 beta) in attempting to resolve this problem. (I > attempted with earlier versions with the same problem.) > > Any suggestions would be greatly appreciated! >You can ignore these, they seemingly have always been there, but until a fix for something was added, nobody knew they were there. A fix is being worked on, but until it is released, you can safely ignore the 'dangling forward links' Rowland
Daniel McFeeters
2017-Dec-21 17:16 UTC
[Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
I am not able to join a second domain controller to the domain, though. Is this a samba bug, or is there something I can do to fix the WERR_DS_DRA_MISSING_PARENT error? Daniel McFeeters ----- Original Message -----> From: "samba" <samba at lists.samba.org> > To: "samba" <samba at lists.samba.org> > Sent: Thursday, December 21, 2017 11:34:09 AM > Subject: Re: [Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain> On Thu, 21 Dec 2017 11:04:22 -0500 (EST) > Daniel McFeeters via samba <samba at lists.samba.org> wrote:> > I have a Samba4 Domain Controller, which we have run in production > > since ~2009 (early alpha). It's had a few issues over the years which > > we've managed to recover from. I'm trying to join a second Samba4 DC > > to the domain, but having trouble when I issue the join. I have run > > dbcheck on the existing DC, which found and fixed some errors. There > > are still about 60+ errors like this:> > # samba-tool dbcheck --cross-ncs > > ... > > ERROR: no target object found for GUID component for > > objectCategory in object DC=... Not removing dangling forward link> > I'm running the same Samba version on both systems. Just upgraded to > > 4.7.3 (Ubuntu 18.04 beta) in attempting to resolve this problem. (I > > attempted with earlier versions with the same problem.)> > Any suggestions would be greatly appreciated!> You can ignore these, they seemingly have always been there, but until > a fix for something was added, nobody knew they were there. A fix is > being worked on, but until it is released, you can safely ignore the > 'dangling forward links'> Rowland> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Andrew Bartlett
2017-Dec-21 18:44 UTC
[Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
On Thu, 2017-12-21 at 11:04 -0500, Daniel McFeeters via samba wrote:> I have a Samba4 Domain Controller, which we have run in production since ~2009 (early alpha). It's had a few issues over the years which we've managed to recover from. I'm trying to join a second Samba4 DC to the domain, but having trouble when I issue the join. I have run dbcheck on the existing DC, which found and fixed some errors. There are still about 60+ errors like this: > > # samba-tool dbcheck --cross-ncs > ... > ERROR: no target object found for GUID component for objectCategory in object DC=... > Not removing dangling forward link > > I'm running the same Samba version on both systems. Just upgraded to 4.7.3 (Ubuntu 18.04 beta) in attempting to resolve this problem. (I attempted with earlier versions with the same problem.) > > Any suggestions would be greatly appreciated! > > Here is the output from the second DC when I attempt to join: > > $ samba --version > Version 4.7.3-UbuntuSo both versions servers run Samba 4.7.3? I would normally expect this only if the existing server was much older. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Daniel McFeeters
2017-Dec-21 19:51 UTC
[Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
Yes, I am running 4.7.3 on both servers. One has been upgraded (many times). The new one, obviously, is freshly installed. I am running DNS on the domain controller. In fact, I'm running all the default "server services". As I said, I have had some problems in the past, and for a while the DNS was not working (perhaps due to some database corruption) and I had to switch it off in smb.conf. DNS seems to be working fine now. However, I am wondering if there are still some inconsistencies in the database which would cause this? Here is my smb.conf file: [global] workgroup = REDACTED realm = redacted.domain.local netbios name = SAMBA4DOM server role = active directory domain controller log level = 2 allow dns updates = signed encrypt passwords = yes lanman auth = No client ntlmv2 auth = Yes ntlm auth = Yes client lanman auth = No client plaintext auth = No client min protocol = SMB2 client signing = mandatory server signing = mandatory [netlogon] path = /var/lib/samba/sysvol/redacted.domain.local/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Daniel McFeeters ----- Original Message -----> From: "samba" <samba at lists.samba.org> > To: "Daniel McFeeters" <danielj.mcfeeters at lcdhd.org>, "samba" <samba at lists.samba.org> > Sent: Thursday, December 21, 2017 1:44:41 PM > Subject: Re: [Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain> On Thu, 2017-12-21 at 11:04 -0500, Daniel McFeeters via samba wrote: >> I have a Samba4 Domain Controller, which we have run in production since ~2009 >> (early alpha). It's had a few issues over the years which we've managed to >> recover from. I'm trying to join a second Samba4 DC to the domain, but having >> trouble when I issue the join. I have run dbcheck on the existing DC, which > > found and fixed some errors. There are still about 60+ errors like this:> > # samba-tool dbcheck --cross-ncs > > ... >> ERROR: no target object found for GUID component for objectCategory in object > > DC=... > > Not removing dangling forward link>> I'm running the same Samba version on both systems. Just upgraded to 4.7.3 >> (Ubuntu 18.04 beta) in attempting to resolve this problem. (I attempted with > > earlier versions with the same problem.)> > Any suggestions would be greatly appreciated!> > Here is the output from the second DC when I attempt to join:> > $ samba --version > > Version 4.7.3-Ubuntu> So both versions servers run Samba 4.7.3? I would normally expect this > only if the existing server was much older.> Thanks,> Andrew Bartlett> -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Maybe Matching Threads
- WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
- WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
- WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
- WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
- WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain