HI As the reported problem occurred, it follows logs of the join attempt in DC with version 4.8.3. ===== samba-tool domain join INTERNO.XXXXXX.COM.BR DC -UAdministrator at INTERNO.XXXXXX.COM.BR --dns-backend=BIND9_DLZ --option ='idmap_ldb:use rfc2307 = yes' Finding a writeable DC for domain 'INTERNO.XXXXXX.COM.BR' Found DC dc-samba-a2.interno.XXXXXX.com.br Password for [Administrator at INTERNO.XXXXXX.COM.BR]: workgroup is SERVERAD realm is interno.XXXXXX.com.br Adding CN=DC-SAMBA-09,OU=Domain Controllers,DC=interno,DC=XXXXXX,DC=com,DC=br Adding CN=DC-SAMBA-09,CN=Servers,CN=Filial-09,CN=Sites,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br Adding CN=NTDS Settings,CN=DC-SAMBA-09,CN=Servers,CN=Filial-09,CN=Sites,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br Adding SPNs to CN=DC-SAMBA-09,OU=Domain Controllers,DC=interno,DC=XXXXXX,DC=com,DC=br Setting account password for DC-SAMBA-09$ Enabling account Adding DNS account CN=dns-DC-SAMBA-09,CN=Users,DC=interno,DC=XXXXXX,DC=com,DC=br with dns/ SPN Setting account password for dns-DC-SAMBA-09 Calling bare provision Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs A Kerberos configuration suitable for Samba AD has been generated at /opt/samba/private/krb5.conf Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink! Provision OK for domain DN DC=interno,DC=XXXXXX,DC=com,DC=br Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[402/1563] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[804/1563] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[1206/1563] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[1563/1563] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[402/1612] linked_values[0/0] Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[804/1612] linked_values[0/0] Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[1206/1612] linked_values[0/0] Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[1608/1612] linked_values[0/51] Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[1612/1612] linked_values[71/71] Failed to commit objects: DOS code 0x000021bf Missing target object - retrying with DRS_GET_TGT Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[2014/1612] linked_values[0/0] Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[2416/1612] linked_values[0/0] Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[2818/1612] linked_values[0/0] Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[3220/1612] linked_values[51/51] Partition[CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[3224/1612] linked_values[20/71] Replicating critical objects from the base DN of the domain Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[97/97] linked_values[38/38] Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[499/2393] linked_values[0/0] Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[901/2393] linked_values[0/0] Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[1303/2393] linked_values[0/96] ../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in CN=001-CONTABIL-04,CN=Computers,DC=interno,DC=XXXXXX,DC=com,DC=br for index on servicePrincipalName, duplicate of objectGUID a1defff7-33e8-4110-bc08-fd7b1d32dafd in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-CONTABIL-04.INTERNO.XXXXXX.COM.BR Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[1705/2393] linked_values[0/437] Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[2107/2393] linked_values[0/1473] ../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in CN=001-TI-03,OU=Computers_ERECHIM,OU=Erechim,OU=YYYYYY,DC=interno,DC=XXXXXX,DC=com,DC=br for index on servicePrincipalName, duplicate of objectGUID 180bd2b9-93ec-4d98-98cd-36cba686d7a2 in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-TI-03.INTERNO.XXXXXX.COM.BR Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[2490/2393] linked_values[1500/1983] ../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in CN=001-RECEB-08-PC,CN=Computers,DC=interno,DC=XXXXXX,DC=com,DC=br for index on servicePrincipalName, duplicate of objectGUID c7e5504d-a168-471e-90bf-736b942f216d in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-RECEB-08-PC.INTERNO.XXXXXX.COM.BR ../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in CN=001-FISCAL-05,CN=Computers,DC=interno,DC=XXXXXX,DC=com,DC=br for index on servicePrincipalName, duplicate of objectGUID c98215d2-86b3-4b6d-8935-8f34ed59074b in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-FISCAL-05.INTERNO.XXXXXX.COM.BR ../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in CN=001-COMPRAS-09,OU=Computers_Locked,OU=Erechim,OU=YYYYYY,DC=interno,DC=XXXXXX,DC=com,DC=br for index on servicePrincipalName, duplicate of objectGUID cd0e1577-46c5-4db4-9347-66ea41cbf448 in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-COMPRAS-09.INTERNO.XXXXXX.COM.BR ../lib/ldb/ldb_tdb/ldb_index.c:2037: duplicate attribute value in CN=001-FISCAL-02,CN=Computers,DC=interno,DC=XXXXXX,DC=com,DC=br for index on servicePrincipalName, duplicate of objectGUID 02b72eed-9377-48de-8a44-437ea22d618a in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/001-FISCAL-02.INTERNO.XXXXXX.COM.BR Partition[DC=interno,DC=XXXXXX,DC=com,DC=br] objects[2490/2393] linked_values[483/1983] Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br Partition[DC=DomainDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[402/638] linked_values[0/0] Partition[DC=DomainDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[638/638] linked_values[0/0] Replicating DC=ForestDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br Partition[DC=ForestDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br] objects[15/15] linked_values[0/0] WARNING: Unable to replicate own RID Set, as server dc-samba-a2.interno.XXXXXX.com.br (the server we joined) is not the RID Master. NOTE: This is normal and expected, Samba will be able to create users after it contacts the RID Master at first startup. Committing SAM database Adding 1 remote DNS records for DC-SAMBA-09.interno.XXXXXX.com.br Adding DNS A record DC-SAMBA-09.interno.XXXXXX.com.br for IPv4 IP: 192.168.9.240 Adding DNS CNAME record 05d6c868-de73-4899-affa-a934228cc186._msdcs.interno.XXXXXX.com.br for DC-SAMBA-09.interno.XXXXXX.com.br Join failed - cleaning up Deleted CN=DC-SAMBA-09,OU=Domain Controllers,DC=interno,DC=XXXXXX,DC=com,DC=br Deleted CN=dns-DC-SAMBA-09,CN=Users,DC=interno,DC=XXXXXX,DC=com,DC=br Deleted CN=NTDS Settings,CN=DC-SAMBA-09,CN=Servers,CN=Filial-09,CN=Sites,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br Deleted CN=DC-SAMBA-09,CN=Servers,CN=Filial-09,CN=Sites,CN=Configuration,DC=interno,DC=XXXXXX,DC=com,DC=br Deleted DC=DC-SAMBA-09,DC=interno.XXXXXX.com.br,CN=MicrosoftDNS,DC=DomainDnsZones,DC=interno,DC=XXXXXX,DC=com,DC=br ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') ? File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run ??? return self.run(*args, **kwargs) ? File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 706, in run ??? plaintext_secrets=plaintext_secrets) ? File "/opt/samba/lib/python2.7/site-packages/samba/join.py", line 1482, in join_DC ??? ctx.do_join() ? File "/opt/samba/lib/python2.7/site-packages/samba/join.py", line 1390, in do_join ??? ctx.join_add_dns_records() ? File "/opt/samba/lib/python2.7/site-packages/samba/join.py", line 1149, in join_add_dns_records ??? dns_partition=forestdns_zone_dn) ? File "/opt/samba/lib/python2.7/site-packages/samba/samdb.py", line 957, in dns_lookup ??? dns_partition=dns_partition) == Regards On 23/07/2019 18:36, Carlos wrote:> > Hi! > > I upgraded from 4.8.3 to 4.10.6 and the problem occurred again: > > smbclient // localhost / netlogon -UAdministrator -c 'ls' > Enter XXXXXXXX \ Administrator's password: > session setup failed: NT_STATUS_INTERNAL_DB_CORRUPTION > > Any suggestions or perform the process I did before? > > Regards; > > > On 23/07/2019 13:48, Carlos wrote: >> OK, >> >> Thanks for all. >> >> Regards; >> >> On 23/07/2019 12:06, Rowland penny via samba wrote: >>> On 23/07/2019 16:02, Carlos via samba wrote: >>>> I haven't more output log, because i need join in dc in last week, >>>> and i "resolved"(workaround) in used samba 4.6.X -> after -> 4.8.3. >>>> Sorry..... >>> >>> OK, it would have been nice to have the output, this is because >>> there may be a bug. >>> >>> >>>> But, now in all Dcs samba 4.8.3 i can update for 4.10.X or dont >>>> recommend? ? >>> >>> You should be able to upgrade to to 4.10.x from 4.8.3 >>> >>> Rowland >>> >>> >>>
Rowland penny
2019-Jul-24 13:17 UTC
[Samba] Error after upgrade NT_STATUS_INTERNAL_DB_CORRUPTION
On 24/07/2019 12:53, Carlos via samba wrote:> HI > > As the reported problem occurred, it follows logs of the join attempt > in DC with version 4.8.3. > > =====>Your starts here: Committing SAM database Adding 1 remote DNS records for DC-SAMBA-09.interno.XXXXXX.com.br Adding DNS A record DC-SAMBA-09.interno.XXXXXX.com.br for IPv4 IP: 192.168.9.240 Adding DNS CNAME record 05d6c868-de73-4899-affa-a934228cc186._msdcs.interno.XXXXXX.com.br for DC-SAMBA-09.interno.XXXXXX.com.br Join failed - cleaning up Anything after this point can be ignored. It looks like it cannot add a CNAME record, something similar to this has happened recently, but with Windows DCs. Perhaps the fix is the same, stop the join from trying to create the DNS records. You need to comment out three lines in join.py: open 'join.py in your favourite editor (/usr/lib/python2.7/dist-packages/samba/join.py on my DC), find these lines: ???????????? if ctx.dns_backend != "NONE": ???????????????? ctx.join_add_dns_records() ???????????????? ctx.join_replicate_new_dns_records() Line 1405 in my version, under '??? def do_join(ctx):' just comment out those three lines, save & close, then try the join again. Rowland
Hi, ok, now join(with samba 4.10.6) was ok, but same original error :-/ smbclient //localhost/netlogon -UAdministrator -c 'ls' Enter XXXXXXX\Administrator's password: session setup failed: NT_STATUS_INTERNAL_DB_CORRUPTION Regards; On 24/07/2019 10:17, Rowland penny via samba wrote:> On 24/07/2019 12:53, Carlos via samba wrote: >> HI >> >> As the reported problem occurred, it follows logs of the join attempt >> in DC with version 4.8.3. >> >> =====>> > Your starts here: > > Committing SAM database > Adding 1 remote DNS records for DC-SAMBA-09.interno.XXXXXX.com.br > Adding DNS A record DC-SAMBA-09.interno.XXXXXX.com.br for IPv4 IP: > 192.168.9.240 > Adding DNS CNAME record > 05d6c868-de73-4899-affa-a934228cc186._msdcs.interno.XXXXXX.com.br for > DC-SAMBA-09.interno.XXXXXX.com.br > Join failed - cleaning up > > Anything after this point can be ignored. > > It looks like it cannot add a CNAME record, something similar to this > has happened recently, but with Windows DCs. > > Perhaps the fix is the same, stop the join from trying to create the > DNS records. > > You need to comment out three lines in join.py: > > open 'join.py in your favourite editor > (/usr/lib/python2.7/dist-packages/samba/join.py on my DC), > find these lines: > > ???????????? if ctx.dns_backend != "NONE": > ???????????????? ctx.join_add_dns_records() > ???????????????? ctx.join_replicate_new_dns_records() > > Line 1405 in my version, under '??? def do_join(ctx):' > > just comment out those three lines, save & close, then try the join > again. > > Rowland > > >