Hi, We were running Samba-AD - Version 4.7.6 for over 2 years without any errors. We have 4 Domain Controllers in our setup and DNS is BIND_DLZ (BIND 9.9.4). Off late (since 8th June 2019) we upgraded the Samba-AD version to 4.10.4 and all of sudden we started receiving the error "RPC Server not available" when we are trying to join the new PCs to domain. After multiple attempts the PC gets added to domain. We restart samba server on the log on server, the error goes off. There is no specific pattern for this appear to appear. We are receiving the same error whenever we are trying to add a new user or modify a user attribute in RSAT. When this error comes, we have to restart the RSAT server multiple times to start functioning again. Is there is any specific reason for this error? How do we fix it. My smb.conf is as shown below. -------------------------------------------------------------------------------------------------- Global parameters [global] ??????? netbios name = PDC ??????? realm = EXZA.COM ??????? server role = active directory domain controller ??????? workgroup = EXZA ??????? server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate ??????? idmap_ldb:use rfc2307 = yes ??????? ldap server require strong auth = No ??????? dns forwarder = 192.168.100.1 # Logs and events ??????? eventlog list = Security ??????? log level = 3 ??????? log file = /var/log/samba/pdc.%T.log ??????? max log size = 1000000 [sysvol] ??????? path = /usr/local/samba/var/locks/sysvol ??????? read only = No [netlogon] ??????? path = /usr/local/samba/var/locks/sysvol/exza.com/scripts ??????? read only = No -------------------------------------------------------------------------------------------------- Thanks & regards, Anantha Raghava eXzaTech Consulting And Services Pvt. Ltd. Ph: +91-9538849179, E-mail: raghav at exzatechconsulting.com <mailto:raghav at exzatechconsulting.com> URL: http://www.exzatechconsulting.com <http://www.exzatechconsulting.com/> DISCLAIMER: This e-mail communication and any attachments may be privileged and confidential to eXzatech Consulting And Services Pvt. Ltd., Bangalore, and are intended only for the use of the recipients named above If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. Do not print this e-mail unless required. Save Paper & trees.
On 17/06/2019 15:44, Anantha Raghava via samba wrote:> Hi, > > We were running Samba-AD - Version 4.7.6 for over 2 years without any > errors. We have 4 Domain Controllers in our setup and DNS is BIND_DLZ > (BIND 9.9.4). Off late (since 8th June 2019) we upgraded the Samba-AD > version to 4.10.4 and all of sudden we started receiving the error > "RPC Server not available" when we are trying to join the new PCs to > domain. After multiple attempts the PC gets added to domain. We > restart samba server on the log on server, the error goes off. There > is no specific pattern for this appear to appear. > > We are receiving the same error whenever we are trying to add a new > user or modify a user attribute in RSAT. When this error comes, we > have to restart the RSAT server multiple times to start functioning > again. > > Is there is any specific reason for this error? How do we fix it.Did you upgrade directly from 4.7.6 to 4.10.4 ? If so, it looks like a known bug isn't fixed, a new GUID index mode was introduced at 4.8.0 and if you bypassed the 4.8 versions, the later versions of Samba act as if it was now being used, but as it isn't, you get problems like this. The bug is supposed to be fixed, but it may not be for you. You will need to down grade to 4.7.6 again and then upgrade to 4.8.x before upgrading to 4.10.4 again. Rowland
On Mon, 2019-06-17 at 20:14 +0530, Anantha Raghava via samba wrote:> Hi, > > We were running Samba-AD - Version 4.7.6 for over 2 years without any > errors. We have 4 Domain Controllers in our setup and DNS is BIND_DLZ > (BIND 9.9.4). Off late (since 8th June 2019) we upgraded the Samba-AD > version to 4.10.4 and all of sudden we started receiving the error "RPC > Server not available" when we are trying to join the new PCs to domain. > After multiple attempts the PC gets added to domain. We restart samba > server on the log on server, the error goes off. There is no specific > pattern for this appear to appear.Is there anything in the Samba logs?> We are receiving the same error whenever we are trying to add a new user > or modify a user attribute in RSAT. When this error comes, we have to > restart the RSAT server multiple times to start functioning again.Are you restarting Samba or RSAT on the client?> Is there is any specific reason for this error? How do we fix it.We will need much more detail to determine that. Does the server operate normally when not making modifications? What does samba-tool dbcheck say? If Rowand's suspicions are correct, have you tried a samba-tool dbcheck --reindex? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Hi, We did not upgrade in the real sense of upgrade. We did not directly apply the patch on the servers. Our steps were as follows: 1. Created an additional Domain Controller with Samba-AD 4.10.4. 2. Transferred the FSMO Roles to the new domain controller. 3. Stopped Samba-AD-DC and Bind9 services, demoted the Samba-4.7.6 DCs with samba-tool domain demote command. 4. Cleaned the /usr/local/samba folder, removed the contents. 5. Upgraded the OS - CentOS 7.6, Python and changed the default Python to Python 3.4.x. 6. ./configure, make & make install went on well without any errors. 7. Promoted Samba AS Domain Controllers using samba-tool command with BIND9_DLZ option. 8. Removed the old krb5.conf from /etc/ and copied the krb5.conf from /usr/local/samba/private 9. Started samba-ad-dc service and bind9 service. 10. Transferred the FSMO Rolls back to the primary server which originally held these rolls. 11. Demoted the temporary 5th server and removed it from the network. *Any info in logs :* Really speaking, we did not notice. I will have to store the logs separately when this error occurs again. But we have observed that when this error occurs, we have seen that the replication from the one which holds PDC emulator role to another particular server fails and throws error RPC SERVER IS UNAVAILABLE. *When this error occurs whether we restart samba or client *- For RSAT and WIndows Desktop, sometimes we have to restart the client. More often than not we restart the samba service on logon server and this error disappears. Replication error also disappears. We have to run samba-tool dbcheck and check the output. I will update it back here. Do I have to run this command on all 4 servers? or one server which looks like giving trouble? Thanks & regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 18/06/19 3:25 pm, Andrew Bartlett wrote:> On Mon, 2019-06-17 at 20:14 +0530, Anantha Raghava via samba wrote: >> Hi, >> >> We were running Samba-AD - Version 4.7.6 for over 2 years without any >> errors. We have 4 Domain Controllers in our setup and DNS is BIND_DLZ >> (BIND 9.9.4). Off late (since 8th June 2019) we upgraded the Samba-AD >> version to 4.10.4 and all of sudden we started receiving the error "RPC >> Server not available" when we are trying to join the new PCs to domain. >> After multiple attempts the PC gets added to domain. We restart samba >> server on the log on server, the error goes off. There is no specific >> pattern for this appear to appear. > Is there anything in the Samba logs? > >> We are receiving the same error whenever we are trying to add a new user >> or modify a user attribute in RSAT. When this error comes, we have to >> restart the RSAT server multiple times to start functioning again. > Are you restarting Samba or RSAT on the client? > >> Is there is any specific reason for this error? How do we fix it. > We will need much more detail to determine that. Does the server > operate normally when not making modifications? What does samba-tool > dbcheck say? > > If Rowand's suspicions are correct, have you tried a samba-tool dbcheck > --reindex? > > Andrew Bartlett >