Daniel McFeeters
2017-Dec-21 22:20 UTC
[Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
OK, we're getting closer here I think. I repeated with -d 2 without much
help. Here is -d 3, which may point us in the right direction. As I suspected,
it seems to point to some corruption in the DNS still, perhaps?
The key line seems to be here:
Missing parent while attempting to apply records: No parent with GUID
60e25dda-6d35-4aab-bfa5-6137cb271e27 found for object remotely known as
CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local
Failed to commit objects: WERR_DS_DRA_MISSING_PARENT
Here is the full output in context:
$ sudo samba-tool domain join redacted.domain.local DC
-U"REDACTED\my.domain.admin" --dns-backend=SAMBA_INTERNAL -d 3
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'redacted.domain.local'
resolve_lmhosts: Attempting lmhosts lookup for name
_ldap._tcp.redacted.domain.local<0x0>
Found DC samba4dom.redacted.domain.local
resolve_lmhosts: Attempting lmhosts lookup for name
samba4dom.redacted.domain.local<0x20>
cli_credentials(REDACTED\my.domain.admin) without realm, cannot use kerberos for
this connection ldap/samba4dom.redacted.domain.local
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
Password for [REDACTED\my.domain.admin]:
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NO DNS zone information found in source domain, not replicating DNS
workgroup is REDACTED
realm is redacted.domain.local
Adding CN=SAMBA4DC2,OU=Domain Controllers,DC=redacted,DC=domain,DC=local
Adding
CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local
Adding CN=NTDS
Settings,CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local
Using binding ncacn_ip_tcp:samba4dom.redacted.domain.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
samba4dom.redacted.domain.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
samba4dom.redacted.domain.local<0x20>
cli_credentials(REDACTED\my.domain.admin) without realm, cannot use kerberos for
this connection ldap/SAMBA4DOM.REDACTED.DOMAIN.LOCAL
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Adding SPNs to CN=SAMBA4DC2,OU=Domain Controllers,DC=redacted,DC=domain,DC=local
Setting account password for SAMBA4DC2$
Enabling account
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave:
(null)
A Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=redacted,DC=domain,DC=local
Starting replication
Using binding ncacn_ip_tcp:samba4dom.redacted.domain.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
samba4dom.redacted.domain.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
samba4dom.redacted.domain.local<0x20>
cli_credentials(REDACTED\my.domain.admin) without realm, cannot use kerberos for
this connection ldap/SAMBA4DOM.REDACTED.DOMAIN.LOCAL
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local]
objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local]
objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local]
objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local]
objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Replicated 1550 objects (0 linked attributes) for
CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local
Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[402/1610]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=redacted,DC=domain,DC=local
Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[804/1610]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=redacted,DC=domain,DC=local
Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[1206/1610]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=redacted,DC=domain,DC=local
Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[1608/1610]
linked_values[0/15]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=redacted,DC=domain,DC=local
Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[1609/1610]
linked_values[22/22]
Replicated 1 objects (22 linked attributes) for
CN=Configuration,DC=redacted,DC=domain,DC=local
Replicating critical objects from the base DN of the domain
Partition[DC=redacted,DC=domain,DC=local] objects[76/74] linked_values[21/21]
Replicated 76 objects (21 linked attributes) for DC=redacted,DC=domain,DC=local
Partition[DC=redacted,DC=domain,DC=local] objects[478/19962] linked_values[0/0]
Missing parent while attempting to apply records: No parent with GUID
60e25dda-6d35-4aab-bfa5-6137cb271e27 found for object remotely known as
CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local
Failed to commit objects: WERR_DS_DRA_MISSING_PARENT
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine
account password for REDACTED from both secrets.ldb (Could not find entry to
match filter: '(&(flatname=REDACTED)(objectclass=primaryDomain))'
base: 'cn=Primary Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private/secrets.tdb:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=SAMBA4DC2,OU=Domain Controllers,DC=redacted,DC=domain,DC=local
Deleted CN=NTDS
Settings,CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local
Deleted
CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local
ERROR(runtime): uncaught exception - (8460, "Failed to process
'chunk' of DRS replicated objects: WERR_DS_DRA_MISSING_PARENT")
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
661, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
join_DC
ctx.do_join()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1377, in
do_join
ctx.join_replicate()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 936, in
join_replicate
replica_flags=ctx.domain_replica_flags)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
295, in replicate
schema=schema, req_level=req_level, req=req)
$
Daniel McFeeters
----- Original Message -----> From: "samba" <samba at lists.samba.org>
> To: "Daniel McFeeters" <danielj.mcfeeters at lcdhd.org>,
"Andrew Bartlett" <abartlet at samba.org>
> Cc: "samba" <samba at lists.samba.org>
> Sent: Thursday, December 21, 2017 4:47:46 PM
> Subject: Re: [Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to
Samba4 Domain
> Hi,
> If you slowly turn up the debug level for the join, there may be some
> clues as to which object is causing the issues. Do note, that these logs
> can contain sensitive data.
> Cheers,
> Garming
> On 22/12/17 08:51, Daniel McFeeters via samba wrote:
>> Yes, I am running 4.7.3 on both servers. One has been upgraded (many
times). The
> > new one, obviously, is freshly installed.
>> I am running DNS on the domain controller. In fact, I'm running all
the default
>> "server services". As I said, I have had some problems in the
past, and for a
>> while the DNS was not working (perhaps due to some database corruption)
and I
>> had to switch it off in smb.conf. DNS seems to be working fine now.
However, I
>> am wondering if there are still some inconsistencies in the database
which
> > would cause this?
> > Here is my smb.conf file:
> > [global]
> > workgroup = REDACTED
> > realm = redacted.domain.local
> > netbios name = SAMBA4DOM
> > server role = active directory domain controller
> > log level = 2
> > allow dns updates = signed
> > encrypt passwords = yes
> > lanman auth = No
> > client ntlmv2 auth = Yes
> > ntlm auth = Yes
> > client lanman auth = No
> > client plaintext auth = No
> > client min protocol = SMB2
> > client signing = mandatory
> > server signing = mandatory
> > [netlogon]
> > path = /var/lib/samba/sysvol/redacted.domain.local/scripts
> > read only = No
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> > Daniel McFeeters
> > ----- Original Message -----
> >> From: "samba" <samba at lists.samba.org>
>>> To: "Daniel McFeeters" <danielj.mcfeeters at
lcdhd.org>, "samba"
> >> <samba at lists.samba.org>
> >> Sent: Thursday, December 21, 2017 1:44:41 PM
>>> Subject: Re: [Samba] WERR_DS_DRA_MISSING_PARENT while Joining
Samba4 DC to
> >> Samba4 Domain
> >> On Thu, 2017-12-21 at 11:04 -0500, Daniel McFeeters via samba
wrote:
> >>> I have a Samba4 Domain Controller, which we have run in
production since ~2009
> >>> (early alpha). It's had a few issues over the years which
we've managed to
> >>> recover from. I'm trying to join a second Samba4 DC to the
domain, but having
> >>> trouble when I issue the join. I have run dbcheck on the
existing DC, which
> >>> found and fixed some errors. There are still about 60+ errors
like this:
> >>> # samba-tool dbcheck --cross-ncs
> >>> ...
> >>> ERROR: no target object found for GUID component for
objectCategory in object
> >>> DC=...
> >>> Not removing dangling forward link
> >>> I'm running the same Samba version on both systems. Just
upgraded to 4.7.3
> >>> (Ubuntu 18.04 beta) in attempting to resolve this problem. (I
attempted with
> >>> earlier versions with the same problem.)
> >>> Any suggestions would be greatly appreciated!
> >>> Here is the output from the second DC when I attempt to join:
> >>> $ samba --version
> >>> Version 4.7.3-Ubuntu
> >> So both versions servers run Samba 4.7.3? I would normally expect
this
> >> only if the existing server was much older.
> >> Thanks,
> >> Andrew Bartlett
> >> --
> >> Andrew Bartlett http://samba.org/~abartlet/
> >> Authentication Developer, Samba Team http://samba.org
> >> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Daniel McFeeters
2017-Dec-21 22:58 UTC
[Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
Perhaps I'm rooting around at a lower level than I should be, and somewhat beyond what I can understand, but here is a bit of info I dug up. It might be helpful? The GUID in the first search matches the one referred to in the error message. $ sudo ldbsearch -H /var/lib/samba/private/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=REDACTED\,DC\=DOMAIN\,DC\=LOCAL.ldb "(DC=DomainDnsZones)" # record 1 dn: DC=DomainDnsZones,DC=redacted,DC=domain,DC=local objectClass: top objectClass: domain objectClass: domainDNS description: Microsoft DNS Directory instanceType: 13 whenCreated: 20171218211518.0Z whenChanged: 20171218211518.0Z uSNCreated: 3620 nTSecurityDescriptor: REDACTED name: DomainDnsZones objectGUID: 60e25dda-6d35-4aab-bfa5-6137cb271e27 objectCategory: <GUID=b7263211-731a-43fe-a2f4-b522bf2d1a9d>;CN=Domain-DNS,CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local msDS-NcType: 0 dc: DomainDnsZones wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:<GUID=ff815094-bd8e-49 08-ac71-c62beeb47896>;CN=NTDS Quotas,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:<GUID=d3806832-94c6-41 3b-9406-0f512a8a6cd5>;CN=Deleted Objects,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local wellKnownObjects: B:32:2FBAC1870ADE11D297C400C04FD8D5CD:<GUID=e72f6718-5cb2-45 35-9410-c1fc3e4ea084>;CN=Infrastructure,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local wellKnownObjects: B:32:AB8153B7768811D1ADED00C04FD8D5CD:<GUID=5e3f945f-a07e-4d 5a-bf69-6d191f5a6bc2>;CN=LostAndFound,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local replPropertyMetaData:: REDACTED uSNChanged: 3627 distinguishedName: DC=DomainDnsZones,DC=redacted,DC=domain,DC=local # record 2 dn: DC=DomainDnsZones,DC=lc.lcdhd.org,CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20171218211518.0Z whenChanged: 20171218211518.0Z uSNCreated: 3672 uSNChanged: 3672 showInAdvancedViewOnly: TRUE name: DomainDnsZones objectGUID: 4f08c35a-d330-4e01-8cd7-7a6790397b3a replPropertyMetaData:: REDACTED dnsRecord:: BAABAAXwAAABAAAAAAADhAAAAAAAAAAACmMAFQ=objectCategory: <GUID=30c12cc0-3c1f-43d6-9498-5ca8856a6156>;CN=Dns-Node,CN=Sch ema,CN=Configuration,DC=redacted,DC=domain,DC=local dc: DomainDnsZones nTSecurityDescriptor: REDACTED distinguishedName: DC=DomainDnsZones,DC=lc.lcdhd.org,CN=MicrosoftDNS,DC=Domain DnsZones,DC=redacted,DC=domain,DC=local # returned 2 records # 2 entries # 0 referrals $ sudo ldbsearch -H /var/lib/samba/private/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=REDACTED\,DC\=DOMAIN\,DC\=LOCAL.ldb "(CN=MicrosoftDNS)" # record 1 dn: CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local objectClass: top objectClass: container cn: MicrosoftDNS instanceType: 4 whenCreated: 20171218211518.0Z uSNCreated: 3638 showInAdvancedViewOnly: TRUE name: MicrosoftDNS objectGUID: 249ac0c0-b3fd-4998-84b7-950066285b78 nTSecurityDescriptor: REDACTED objectCategory: <GUID=591defdf-e2f7-4c9e-9b5a-d6c2d0744b44>;CN=Container,CN=Sc hema,CN=Configuration,DC=redacted,DC=domain,DC=local replPropertyMetaData:: REDACTED whenChanged: 20171220011156.0Z uSNChanged: 887580 distinguishedName: CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local # returned 1 records # 1 entries # 0 referrals $ sudo ldbsearch -H /var/lib/samba/private/sam.ldb.d/DC\=REDACTED\,DC\=DOMAIN\,DC\=LOCAL.ldb "(CN=MicrosoftDNS)" # record 1 dn: CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local objectClass: top objectClass: container cn: MicrosoftDNS instanceType: 4 whenCreated: 20100113175618.0Z whenChanged: 20121217022721.0Z displayName: DNS Servers uSNCreated: 3330 uSNChanged: 3330 showInAdvancedViewOnly: TRUE name: MicrosoftDNS objectGUID: 6e2ba870-34a5-494c-82a9-ab06f109c3dd replPropertyMetaData:: REDACTED objectCategory: <GUID=591defdf-e2f7-4c9e-9b5a-d6c2d0744b44>;CN=Container,CN=Sc hema,CN=Configuration,DC=redacted,DC=domain,DC=local nTSecurityDescriptor: REDACTED distinguishedName: CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local # returned 1 records # 1 entries # 0 referrals Daniel McFeeters ----- Original Message -----> From: "samba" <samba at lists.samba.org> > To: "Garming Sam" <garming at catalyst.net.nz> > Cc: "samba" <samba at lists.samba.org>, "Andrew Bartlett" <abartlet at samba.org> > Sent: Thursday, December 21, 2017 5:20:30 PM > Subject: Re: [Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain> OK, we're getting closer here I think. I repeated with -d 2 without much help. > Here is -d 3, which may point us in the right direction. As I suspected, it > seems to point to some corruption in the DNS still, perhaps?> The key line seems to be here: > Missing parent while attempting to apply records: No parent with GUID > 60e25dda-6d35-4aab-bfa5-6137cb271e27 found for object remotely known as > CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > Failed to commit objects: WERR_DS_DRA_MISSING_PARENT> Here is the full output in context:> $ sudo samba-tool domain join redacted.domain.local DC > -U"REDACTED\my.domain.admin" --dns-backend=SAMBA_INTERNAL -d 3 > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Finding a writeable DC for domain 'redacted.domain.local' > resolve_lmhosts: Attempting lmhosts lookup for name > _ldap._tcp.redacted.domain.local<0x0> > Found DC samba4dom.redacted.domain.local > resolve_lmhosts: Attempting lmhosts lookup for name > samba4dom.redacted.domain.local<0x20> > cli_credentials(REDACTED\my.domain.admin) without realm, cannot use kerberos for > this connection ldap/samba4dom.redacted.domain.local > Got challenge flags: > Got NTLMSSP neg_flags=0x62898235 > Password for [REDACTED\my.domain.admin]: > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NO DNS zone information found in source domain, not replicating DNS > workgroup is REDACTED > realm is redacted.domain.local > Adding CN=SAMBA4DC2,OU=Domain Controllers,DC=redacted,DC=domain,DC=local > Adding > CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local > Adding CN=NTDS > Settings,CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local > Using binding ncacn_ip_tcp:samba4dom.redacted.domain.local[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > samba4dom.redacted.domain.local<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > samba4dom.redacted.domain.local<0x20> > cli_credentials(REDACTED\my.domain.admin) without realm, cannot use kerberos for > this connection ldap/SAMBA4DOM.REDACTED.DOMAIN.LOCAL > Got challenge flags: > Got NTLMSSP neg_flags=0x62898235 > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > Adding SPNs to CN=SAMBA4DC2,OU=Domain Controllers,DC=redacted,DC=domain,DC=local > Setting account password for SAMBA4DC2$ > Enabling account > Calling bare provision > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up share.ldb > Setting up secrets.ldb > Setting up the registry > ldb_wrap open of hklm.ldb > Key 'key=SOFTWARE,hive=NONE' not found > key added: key=SOFTWARE,hive=NONE > Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not > found > key added: key=CurrentVersion,key=Windows > NT,key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=SYSTEM,hive=NONE' not found > key added: key=SYSTEM,hive=NONE > Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: key=Terminal > Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not > found > key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not > found > key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > partition_metadata: Migrating partition metadata: open of metadata.tdb gave: > (null) > A Kerberos configuration suitable for Samba AD has been generated at > /var/lib/samba/private/krb5.conf > Provision OK for domain DN DC=redacted,DC=domain,DC=local > Starting replication > Using binding ncacn_ip_tcp:samba4dom.redacted.domain.local[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > samba4dom.redacted.domain.local<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > samba4dom.redacted.domain.local<0x20> > cli_credentials(REDACTED\my.domain.admin) without realm, cannot use kerberos for > this connection ldap/SAMBA4DOM.REDACTED.DOMAIN.LOCAL > Got challenge flags: > Got NTLMSSP neg_flags=0x62898235 > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] > objects[402/1550] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] > objects[804/1550] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] > objects[1206/1550] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] > objects[1550/1550] linked_values[0/0] > Analyze and apply schema objects > Replicated 1550 objects (0 linked attributes) for > CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local > Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[402/1610] > linked_values[0/0] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=redacted,DC=domain,DC=local > Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[804/1610] > linked_values[0/0] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=redacted,DC=domain,DC=local > Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[1206/1610] > linked_values[0/0] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=redacted,DC=domain,DC=local > Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[1608/1610] > linked_values[0/15] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=redacted,DC=domain,DC=local > Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] objects[1609/1610] > linked_values[22/22] > Replicated 1 objects (22 linked attributes) for > CN=Configuration,DC=redacted,DC=domain,DC=local > Replicating critical objects from the base DN of the domain > Partition[DC=redacted,DC=domain,DC=local] objects[76/74] linked_values[21/21] > Replicated 76 objects (21 linked attributes) for DC=redacted,DC=domain,DC=local > Partition[DC=redacted,DC=domain,DC=local] objects[478/19962] linked_values[0/0] > Missing parent while attempting to apply records: No parent with GUID > 60e25dda-6d35-4aab-bfa5-6137cb271e27 found for object remotely known as > CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > Failed to commit objects: WERR_DS_DRA_MISSING_PARENT > Join failed - cleaning up > ldb_wrap open of secrets.ldb > Could not find machine account in secrets database: Failed to fetch machine > account password for REDACTED from both secrets.ldb (Could not find entry to > match filter: '(&(flatname=REDACTED)(objectclass=primaryDomain))' base: > 'cn=Primary Domains': No such object: dsdb_search at > ../source4/dsdb/common/util.c:4636) and from > /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > Deleted CN=SAMBA4DC2,OU=Domain Controllers,DC=redacted,DC=domain,DC=local > Deleted CN=NTDS > Settings,CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local > Deleted > CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local > ERROR(runtime): uncaught exception - (8460, "Failed to process 'chunk' of DRS > replicated objects: WERR_DS_DRA_MISSING_PARENT") > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in > _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC > ctx.do_join() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1377, in do_join > ctx.join_replicate() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 936, in > join_replicate > replica_flags=ctx.domain_replica_flags) > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 295, in > replicate > schema=schema, req_level=req_level, req=req) > $> Daniel McFeeters
Rowland Penny
2017-Dec-22 09:01 UTC
[Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
On Thu, 21 Dec 2017 17:58:54 -0500 (EST) Daniel McFeeters via samba <samba at lists.samba.org> wrote:> Perhaps I'm rooting around at a lower level than I should be, and > somewhat beyond what I can understand, but here is a bit of info I > dug up. It might be helpful? The GUID in the first search matches the > one referred to in the error message. > > $ sudo ldbsearch > -H /var/lib/samba/private/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=REDACTED\,DC\=DOMAIN\,DC\=LOCAL.ldb > "(DC=DomainDnsZones)" # record 1 dn: > DC=DomainDnsZones,DC=redacted,DC=domain,DC=local objectClass: top > objectClass: domain > objectClass: domainDNS > description: Microsoft DNS Directory > instanceType: 13 > whenCreated: 20171218211518.0Z > whenChanged: 20171218211518.0Z > uSNCreated: 3620 > nTSecurityDescriptor: REDACTED > name: DomainDnsZones > objectGUID: 60e25dda-6d35-4aab-bfa5-6137cb271e27 > objectCategory: > <GUID=b7263211-731a-43fe-a2f4-b522bf2d1a9d>;CN=Domain-DNS,CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local > msDS-NcType: 0 dc: DomainDnsZones > wellKnownObjects: > B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:<GUID=ff815094-bd8e-49 > 08-ac71-c62beeb47896>;CN=NTDS > Quotas,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > wellKnownObjects: > B:32:18E2EA80684F11D2B9AA00C04F79F805:<GUID=d3806832-94c6-41 > 3b-9406-0f512a8a6cd5>;CN=Deleted > Objects,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > wellKnownObjects: > B:32:2FBAC1870ADE11D297C400C04FD8D5CD:<GUID=e72f6718-5cb2-45 > 35-9410-c1fc3e4ea084>;CN=Infrastructure,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > wellKnownObjects: > B:32:AB8153B7768811D1ADED00C04FD8D5CD:<GUID=5e3f945f-a07e-4d > 5a-bf69-6d191f5a6bc2>;CN=LostAndFound,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > replPropertyMetaData:: REDACTED uSNChanged: 3627 distinguishedName: > DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > > # record 2 > dn: > DC=DomainDnsZones,DC=lc.lcdhd.org,CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > objectClass: top objectClass: dnsNode > instanceType: 4 > whenCreated: 20171218211518.0Z > whenChanged: 20171218211518.0Z > uSNCreated: 3672 > uSNChanged: 3672 > showInAdvancedViewOnly: TRUE > name: DomainDnsZones > objectGUID: 4f08c35a-d330-4e01-8cd7-7a6790397b3a > replPropertyMetaData:: REDACTED > dnsRecord:: BAABAAXwAAABAAAAAAADhAAAAAAAAAAACmMAFQ=> objectCategory: > <GUID=30c12cc0-3c1f-43d6-9498-5ca8856a6156>;CN=Dns-Node,CN=Sch > ema,CN=Configuration,DC=redacted,DC=domain,DC=local dc: DomainDnsZones > nTSecurityDescriptor: REDACTED > distinguishedName: > DC=DomainDnsZones,DC=lc.lcdhd.org,CN=MicrosoftDNS,DC=Domain > DnsZones,DC=redacted,DC=domain,DC=local > > # returned 2 records > # 2 entries > # 0 referrals > > $ sudo ldbsearch > -H /var/lib/samba/private/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=REDACTED\,DC\=DOMAIN\,DC\=LOCAL.ldb > "(CN=MicrosoftDNS)" # record 1 dn: > CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > objectClass: top objectClass: container > cn: MicrosoftDNS > instanceType: 4 > whenCreated: 20171218211518.0Z > uSNCreated: 3638 > showInAdvancedViewOnly: TRUE > name: MicrosoftDNS > objectGUID: 249ac0c0-b3fd-4998-84b7-950066285b78 > nTSecurityDescriptor: REDACTED > objectCategory: > <GUID=591defdf-e2f7-4c9e-9b5a-d6c2d0744b44>;CN=Container,CN=Sc > hema,CN=Configuration,DC=redacted,DC=domain,DC=local > replPropertyMetaData:: REDACTED whenChanged: 20171220011156.0Z > uSNChanged: 887580 > distinguishedName: > CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > > # returned 1 records > # 1 entries > # 0 referrals > > > $ sudo ldbsearch > -H /var/lib/samba/private/sam.ldb.d/DC\=REDACTED\,DC\=DOMAIN\,DC\=LOCAL.ldb > "(CN=MicrosoftDNS)" # record 1 dn: > CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > objectClass: top objectClass: container > cn: MicrosoftDNS > instanceType: 4 > whenCreated: 20100113175618.0Z > whenChanged: 20121217022721.0Z > displayName: DNS Servers > uSNCreated: 3330 > uSNChanged: 3330 > showInAdvancedViewOnly: TRUE > name: MicrosoftDNS > objectGUID: 6e2ba870-34a5-494c-82a9-ab06f109c3dd > replPropertyMetaData:: REDACTED > objectCategory: > <GUID=591defdf-e2f7-4c9e-9b5a-d6c2d0744b44>;CN=Container,CN=Sc > hema,CN=Configuration,DC=redacted,DC=domain,DC=local > nTSecurityDescriptor: REDACTED distinguishedName: > CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > > # returned 1 records > # 1 entries > # 0 referrals > > > Daniel McFeeters > > > ----- Original Message ----- > > From: "samba" <samba at lists.samba.org> > > To: "Garming Sam" <garming at catalyst.net.nz> > > Cc: "samba" <samba at lists.samba.org>, "Andrew Bartlett" > > <abartlet at samba.org> Sent: Thursday, December 21, 2017 5:20:30 PM > > Subject: Re: [Samba] WERR_DS_DRA_MISSING_PARENT while Joining > > Samba4 DC to Samba4 Domain > > > OK, we're getting closer here I think. I repeated with -d 2 without > > much help. Here is -d 3, which may point us in the right direction. > > As I suspected, it seems to point to some corruption in the DNS > > still, perhaps? > > > The key line seems to be here: > > Missing parent while attempting to apply records: No parent with > > GUID 60e25dda-6d35-4aab-bfa5-6137cb271e27 found for object remotely > > known as > > CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > > Failed to commit objects: WERR_DS_DRA_MISSING_PARENT > > > Here is the full output in context: > > > $ sudo samba-tool domain join redacted.domain.local DC > > -U"REDACTED\my.domain.admin" --dns-backend=SAMBA_INTERNAL -d 3 > > GENSEC backend 'gssapi_spnego' registered > > GENSEC backend 'gssapi_krb5' registered > > GENSEC backend 'gssapi_krb5_sasl' registered > > GENSEC backend 'spnego' registered > > GENSEC backend 'schannel' registered > > GENSEC backend 'naclrpc_as_system' registered > > GENSEC backend 'sasl-EXTERNAL' registered > > GENSEC backend 'ntlmssp' registered > > GENSEC backend 'ntlmssp_resume_ccache' registered > > GENSEC backend 'http_basic' registered > > GENSEC backend 'http_ntlm' registered > > GENSEC backend 'krb5' registered > > GENSEC backend 'fake_gssapi_krb5' registered > > Finding a writeable DC for domain 'redacted.domain.local' > > resolve_lmhosts: Attempting lmhosts lookup for name > > _ldap._tcp.redacted.domain.local<0x0> > > Found DC samba4dom.redacted.domain.local > > resolve_lmhosts: Attempting lmhosts lookup for name > > samba4dom.redacted.domain.local<0x20> > > cli_credentials(REDACTED\my.domain.admin) without realm, cannot use > > kerberos for this connection ldap/samba4dom.redacted.domain.local > > Got challenge flags: > > Got NTLMSSP neg_flags=0x62898235 > > Password for [REDACTED\my.domain.admin]: > > NTLMSSP: Set final flags: > > Got NTLMSSP neg_flags=0x62088235 > > NTLMSSP Sign/Seal - Initialising with flags: > > Got NTLMSSP neg_flags=0x62088235 > > NTLMSSP Sign/Seal - Initialising with flags: > > Got NTLMSSP neg_flags=0x62088235 > > NO DNS zone information found in source domain, not replicating DNS > > workgroup is REDACTED > > realm is redacted.domain.local > > Adding CN=SAMBA4DC2,OU=Domain > > Controllers,DC=redacted,DC=domain,DC=local Adding > > CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local > > Adding CN=NTDS > > Settings,CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local > > Using binding ncacn_ip_tcp:samba4dom.redacted.domain.local[,seal] > > resolve_lmhosts: Attempting lmhosts lookup for name > > samba4dom.redacted.domain.local<0x20> > > resolve_lmhosts: Attempting lmhosts lookup for name > > samba4dom.redacted.domain.local<0x20> > > cli_credentials(REDACTED\my.domain.admin) without realm, cannot use > > kerberos for this connection ldap/SAMBA4DOM.REDACTED.DOMAIN.LOCAL > > Got challenge flags: > > Got NTLMSSP neg_flags=0x62898235 > > NTLMSSP: Set final flags: > > Got NTLMSSP neg_flags=0x62088235 > > NTLMSSP Sign/Seal - Initialising with flags: > > Got NTLMSSP neg_flags=0x62088235 > > NTLMSSP Sign/Seal - Initialising with flags: > > Got NTLMSSP neg_flags=0x62088235 > > Adding SPNs to CN=SAMBA4DC2,OU=Domain > > Controllers,DC=redacted,DC=domain,DC=local Setting account password > > for SAMBA4DC2$ Enabling account > > Calling bare provision > > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > > Looking up IPv4 addresses > > Looking up IPv6 addresses > > No IPv6 address will be assigned > > Setting up share.ldb > > Setting up secrets.ldb > > Setting up the registry > > ldb_wrap open of hklm.ldb > > Key 'key=SOFTWARE,hive=NONE' not found > > key added: key=SOFTWARE,hive=NONE > > Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found > > key added: key=Microsoft,key=SOFTWARE,hive=NONE > > Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > > key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE > > Key 'key=CurrentVersion,key=Windows > > NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > > key added: key=CurrentVersion,key=Windows > > NT,key=Microsoft,key=SOFTWARE,hive=NONE > > Key 'key=SYSTEM,hive=NONE' not found > > key added: key=SYSTEM,hive=NONE > > Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > > key added: key=CurrentControlSet,key=SYSTEM,hive=NONE > > Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not > > found key added: > > key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key > > 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' > > not found key added: > > key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > > Key > > 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' > > not found key added: > > key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > > Key 'key=Terminal > > Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not > > found key added: key=Terminal > > Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key > > 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > > key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > > Key > > 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > > not found key added: > > key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > > Key > > 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > > not found key added: > > key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > > Key > > 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > > not found key added: > > key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > > Key > > 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > > not found key added: > > key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > > Setting up the privileges database Setting up idmap db Setting up > > SAM db Setting up sam.ldb partitions and settings > > Setting up sam.ldb rootDSE > > Pre-loading the Samba 4 and AD schema > > partition_metadata: Migrating partition metadata: open of > > metadata.tdb gave: (null) > > A Kerberos configuration suitable for Samba AD has been generated at > > /var/lib/samba/private/krb5.conf > > Provision OK for domain DN DC=redacted,DC=domain,DC=local > > Starting replication > > Using binding ncacn_ip_tcp:samba4dom.redacted.domain.local[,seal] > > resolve_lmhosts: Attempting lmhosts lookup for name > > samba4dom.redacted.domain.local<0x20> > > resolve_lmhosts: Attempting lmhosts lookup for name > > samba4dom.redacted.domain.local<0x20> > > cli_credentials(REDACTED\my.domain.admin) without realm, cannot use > > kerberos for this connection ldap/SAMBA4DOM.REDACTED.DOMAIN.LOCAL > > Got challenge flags: > > Got NTLMSSP neg_flags=0x62898235 > > NTLMSSP: Set final flags: > > Got NTLMSSP neg_flags=0x62088235 > > NTLMSSP Sign/Seal - Initialising with flags: > > Got NTLMSSP neg_flags=0x62088235 > > NTLMSSP Sign/Seal - Initialising with flags: > > Got NTLMSSP neg_flags=0x62088235 > > Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] > > objects[402/1550] linked_values[0/0] > > Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] > > objects[804/1550] linked_values[0/0] > > Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] > > objects[1206/1550] linked_values[0/0] > > Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local] > > objects[1550/1550] linked_values[0/0] > > Analyze and apply schema objects > > Replicated 1550 objects (0 linked attributes) for > > CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local > > Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] > > objects[402/1610] linked_values[0/0] > > Replicated 402 objects (0 linked attributes) for > > CN=Configuration,DC=redacted,DC=domain,DC=local > > Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] > > objects[804/1610] linked_values[0/0] > > Replicated 402 objects (0 linked attributes) for > > CN=Configuration,DC=redacted,DC=domain,DC=local > > Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] > > objects[1206/1610] linked_values[0/0] > > Replicated 402 objects (0 linked attributes) for > > CN=Configuration,DC=redacted,DC=domain,DC=local > > Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] > > objects[1608/1610] linked_values[0/15] > > Replicated 402 objects (0 linked attributes) for > > CN=Configuration,DC=redacted,DC=domain,DC=local > > Partition[CN=Configuration,DC=redacted,DC=domain,DC=local] > > objects[1609/1610] linked_values[22/22] > > Replicated 1 objects (22 linked attributes) for > > CN=Configuration,DC=redacted,DC=domain,DC=local > > Replicating critical objects from the base DN of the domain > > Partition[DC=redacted,DC=domain,DC=local] objects[76/74] > > linked_values[21/21] Replicated 76 objects (21 linked attributes) > > for DC=redacted,DC=domain,DC=local > > Partition[DC=redacted,DC=domain,DC=local] objects[478/19962] > > linked_values[0/0] Missing parent while attempting to apply > > records: No parent with GUID 60e25dda-6d35-4aab-bfa5-6137cb271e27 > > found for object remotely known as > > CN=MicrosoftDNS,DC=DomainDnsZones,DC=redacted,DC=domain,DC=local > > Failed to commit objects: WERR_DS_DRA_MISSING_PARENT Join failed - > > cleaning up ldb_wrap open of secrets.ldb Could not find machine > > account in secrets database: Failed to fetch machine account > > password for REDACTED from both secrets.ldb (Could not find entry > > to match filter: > > '(&(flatname=REDACTED)(objectclass=primaryDomain))' base: > > 'cn=Primary Domains': No such object: dsdb_search > > at ../source4/dsdb/common/util.c:4636) and > > from /var/lib/samba/private/secrets.tdb: > > NT_STATUS_CANT_ACCESS_DOMAIN_INFO Deleted CN=SAMBA4DC2,OU=Domain > > Controllers,DC=redacted,DC=domain,DC=local Deleted CN=NTDS > > Settings,CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local > > Deleted > > CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local > > ERROR(runtime): uncaught exception - (8460, "Failed to process > > 'chunk' of DRS replicated objects: WERR_DS_DRA_MISSING_PARENT") > > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > > line 176, in _run return self.run(*args, **kwargs) File > > "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line > > 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, > > dns_backend=dns_backend) File > > "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in > > join_DC ctx.do_join() File > > "/usr/lib/python2.7/dist-packages/samba/join.py", line 1377, in > > do_join ctx.join_replicate() File > > "/usr/lib/python2.7/dist-packages/samba/join.py", line 936, in > > join_replicate replica_flags=ctx.domain_replica_flags) File > > "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 295, in > > replicate schema=schema, req_level=req_level, req=req) > > $ > > > Daniel McFeeters >As I said, you do not seem to have a dns server, what you could try is: Backup the DC, then run 'samba_upgradedns', this should recreate the dns. Rowland
Possibly Parallel Threads
- WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
- WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
- WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
- WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
- WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain