samba - Aug 2020 - Log spam "Failed to bind to uuid ..."

Hi,
I recently replaced an ageing server running Samba 4.5.10 with one running Samba
4.11.8. They both run FreeBSD / ZFS. The site is setup as an AD (I wrote
https://wiki.freebsd.org/Samba4ZFS while doing it).

My original plan was to join the new server to the domain, shut down the old one
and rename it but renamedc complained the old name was still present so I just
keep the name (gateway2).

The join (samba-tool domain join beger.com.au DC -k yes --dns-backend=BIND9_DLZ)
seemed to run fine. I also copied the sysvol from the old system and fixed up
the ACLs. Note that I had to add "dfs_samba4 zfsacl" to the vfs
objects for sysvol.

I found that when I shutdown the old server there was a lot of traffic trying to
still connect to the old one, I realised that the DNS SRV records were still
pointing to it, so I edited those to point to the new one.

I also ended up running 'samba-tool fsmo seize --role all' as the roles
were all still pointing at the old server.

So far as I can tell everything is working, however I see the following in the
logs very frequently:

[2020/08/29 21:47:38.183133,  0]
../../source4/librpc/rpc/dcerpc_util.c:737(dcerpc_pipe_auth_recv)
  Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.100.1[49153,seal,krb5,target_hostname=37adf10e-347b-4c3e-b98b-3f03da024a3c._msdcs.beger.com.au,target_principal=GC/gateway.beger.com.au/beger.com.au,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.1]
NT_STATUS_UNSUCCESSFUL

Can someone explain what it actually means, and better - how I can fix it? :)

As is probably obvious from my email I'm not very familiar with active
directory stuff.

Thanks.

--
Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
 -- Andrew Tanenbaum

> On 30 Aug 2020, at 13:58, O'Connor, Daniel <darius at
dons.net.au> wrote:
> So far as I can tell everything is working, however I see the following in
the logs very frequently:
> 
> [2020/08/29 21:47:38.183133,  0]
../../source4/librpc/rpc/dcerpc_util.c:737(dcerpc_pipe_auth_recv)
>  Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.100.1[49153,seal,krb5,target_hostname=37adf10e-347b-4c3e-b98b-3f03da024a3c._msdcs.beger.com.au,target_principal=GC/gateway.beger.com.au/beger.com.au,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.1]
NT_STATUS_UNSUCCESSFUL
> 
> Can someone explain what it actually means, and better - how I can fix it?
:)
> 
I had another look at this and found that the old server was still in
"Active Directory Sites and Services" under
"Default-First-Site-Name".

I tried to delete it but it complained:
Windows cannot delete object LDAP://gateway2.beger.com.au/CN=NTDS
Settings,CN=GATEWAY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=beger,DC=com,DC=au
because: The specified module could not be found

I looked around and found the alias for that server (which is the
target_hostname in the log message) and found it was in DNS pointing to the new
server.

I deleted it from DNS and the log spam appears to have stopped.

I also checked the samba-tool drs and that still lists the old server:
[gateway2 12:01] ~ >sudo samba-tool drs showrepl
Default-First-Site-Name\GATEWAY2
DSA Options: 0x00000001
DSA object GUID: f6f94063-2c6b-4214-9bb4-564ed6c02826
DSA invocationId: 4965c028-3a3e-417f-bbb9-85b8236b0837

==== INBOUND NEIGHBORS ===
CN=Schema,CN=Configuration,DC=beger,DC=com,DC=au
	Default-First-Site-Name\GATEWAY via RPC
		DSA object GUID: 37adf10e-347b-4c3e-b98b-3f03da024a3c
		Last attempt @ Sat Sep  5 12:01:08 2020 ACST failed, result 2
(WERR_FILE_NOT_FOUND)
		1960 consecutive failure(s).
		Last success @ Sat Aug 29 15:55:31 2020 ACST
<snip>

==== OUTBOUND NEIGHBORS ===
==== KCC CONNECTION OBJECTS ===
Connection --
	Connection name: 501cc037-ceb4-421f-87f3-c7dc4ebd3e42
	Enabled        : TRUE
	Server DNS name : gateway.beger.com.au
	Server DN name  : CN=NTDS
Settings,CN=GATEWAY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=beger,DC=com,DC=au
		TransportType: RPC
		options: 0x00000001
Warning: No NC replicated for Connection!

I'm not sure if that is a real problem and/or if there is a way to point it
to the new server.

Can anyone give me a clue?

Thanks.

--
Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
 -- Andrew Tanenbaum