thr3ads.net - samba - [Samba] Can't join new samba dc to existing dc [Aug 2024]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2024-Aug-16 06:02 UTC

[Samba] Can't join new samba dc to existing dc

On Fri, 16 Aug 2024 10:30:29 +0700
fransnicho via samba <samba at lists.samba.org> wrote:
> Pada Kam, 15 Agu 2024 pukul 23.49 Rowland Penny via samba <
> samba at lists.samba.org> menulis:
> 
> > On Thu, 15 Aug 2024 23:19:29 +0700
> > fransnicho via samba <samba at lists.samba.org> wrote:
> >
> > > On Thu, Aug 15, 2024, 10:35 fransnicho <fransnicho at
gmail.com>
> > > wrote:
> > >
> > > > Pada Rab, 14 Agu 2024 pukul 23.21 Rowland Penny via samba
<
> > > > samba at lists.samba.org> menulis:
> > > >
> > > >> On Wed, 14 Aug 2024 16:58:12 +0700
> > > >> fransnicho via samba <samba at lists.samba.org>
wrote:
> > > >>
> > > >> > I can not join an additional new samba dc ver.
4.19.5 to an
> > > >> > existing samba Ad version 4.19.5 functional level
2008 R2.
> > > >> >
> > > >> > Last week I successfully demote an offline dc3 and
move the
> > > >> > fsmo role
> > > >>
> > > >> > /var/log/samba/log.samba
> > > >> >
> > > >> >
> > > >> > 16:34:51.368927,  0]
> > > >> >
> > > >>
> >
../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
> > > >> > ../../source4/dsdb/repl/replicated_objects.c:1244:
Failed
> > > >> > add of CN=NTDS
> > > >> >
> > > >>
> >
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> > > >> > - objectclass_attrs: attribute
'hasMasterNCs' on entry
> > > >> > 'CN=NTDS
> > > >> >
> > > >>
> >
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
> > > >> > does not exist in the specified objectclasses!
> > > >> > [2024/08/14 16:34:51.369239,  0]
> > > >> >
> > > >>
> >
../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
> > > >> >   ../../source4/rpc_server/drsuapi/addentry.c:209:
DsAddEntry
> > > >> > failed - WERR_DS_INTERNAL_FAILURE
> > > >>
> > > >> Have you checked your database with 'samba-tool
dbcheck' ?
> > > >> Does 'DC6' exist ?
> > > >>
> > > >> Rowland
> > > >>
> > > >>
> > > > Hi Rowland,
> > > > Thanks for your response ?
> > > > DC6 exist in many deleted objects, when i run below command
:
> > > >
> > > > it at dc4:~$ sudo samba-tool dbcheck -v
> > > > Checking 973 objects
> > > > Checking object
> > > > CN=DC6\0ADEL:7eec18e3-7f3f-49cc-86bc-8bc08b651bcb,CN=Deleted
> > > > Objects,DC=nicho,DC=com
> > > > Checking object
> > > > CN=DC6\0ADEL:51476d30-2626-4169-97a8-4c240e934c2b,CN=Deleted
> > > > Objects,DC=nicho,DC=com
> > > > Checking object
> > > > CN=DC6\0ADEL:54a0a479-a462-4ed1-b4f0-221c596aa455,CN=Deleted
> > > > Objects,DC=nicho,DC=com
> > > > Checking object
> > > > CN=DC6\0ADEL:26516d46-8b40-4837-a112-e2638268a8b5,CN=Deleted
> > > > Objects,DC=nicho,DC=com
> > > >
> > > > Best Regards,
> > > > Nicho.
> > > >
> > > >
> > > Hi Rowland,
> > > Is there anything wrong with my database ?
> > > I'm really2 stuck with the error. Please help..
> > >
> > > Best Regards,
> > >
> > > >
> >
> > The records that contain '0ADEL' are tombstone records, so you
could
> > use samba-tool to remove them, see:
> > samba-tool domain tombstones expunge --help
> > for more info
> >
> > ONLY ATTEMPT THE FOLLOWING IF YOU HAVE A GOOD BACKUP!
> > However, your join seems to be failing because the attribute
> > 'hasMasterNCs' doesn't have its objectclass in CN=NTDS
> >
> >
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com',
> > but you say that DC6 no longer exists, so to me, it looks like that
> > DN needs removing, followed by any referrences to 'DC6' there
may
> > be in your AD.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> Hi Rowland,
> Thanks for your response ?
> 
> Can I rebuild: CN=NTDS
>
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> ?
> Is it safe to remove: CN=NTDS
>
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> ?
Your problem isn't with:

CN=NTDS
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com

it is with:

CN=NTDS
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com

and you say that 'DC6' no longer exists.

You need to remove:

CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com

and anything it contains, but only attempt this if you have a good
backup.

You also need to find and remove any reference to 'DC6' there may be in
your AD.

Rowland

fransnicho

2024-Aug-16 07:02 UTC

head link

[Samba] Can't join new samba dc to existing dc

On 16/08/2024 13:02, Rowland Penny via samba wrote:> On Fri, 16 Aug 2024 10:30:29 +0700
> fransnicho via samba <samba at lists.samba.org> wrote:
>
>> Pada Kam, 15 Agu 2024 pukul 23.49 Rowland Penny via samba <
>> samba at lists.samba.org> menulis:
>>
>>> On Thu, 15 Aug 2024 23:19:29 +0700
>>> fransnicho via samba <samba at lists.samba.org> wrote:
>>>
>>>> On Thu, Aug 15, 2024, 10:35 fransnicho <fransnicho at
gmail.com>
>>>> wrote:
>>>>
>>>>> Pada Rab, 14 Agu 2024 pukul 23.21 Rowland Penny via samba
<
>>>>> samba at lists.samba.org> menulis:
>>>>>
>>>>>> On Wed, 14 Aug 2024 16:58:12 +0700
>>>>>> fransnicho via samba <samba at lists.samba.org>
wrote:
>>>>>>
>>>>>>> I can not join an additional new samba dc ver.
4.19.5 to an
>>>>>>> existing samba Ad version 4.19.5 functional level
2008 R2.
>>>>>>>
>>>>>>> Last week I successfully demote an offline dc3 and
move the
>>>>>>> fsmo role
>>>>>>> /var/log/samba/log.samba
>>>>>>>
>>>>>>>
>>>>>>> 16:34:51.368927,  0]
>>>>>>>
>>>
../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
>>>>>>> ../../source4/dsdb/repl/replicated_objects.c:1244:
Failed
>>>>>>> add of CN=NTDS
>>>>>>>
>>>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>>>>>>> - objectclass_attrs: attribute
'hasMasterNCs' on entry
>>>>>>> 'CN=NTDS
>>>>>>>
>>>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
>>>>>>> does not exist in the specified objectclasses!
>>>>>>> [2024/08/14 16:34:51.369239,  0]
>>>>>>>
>>>
../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
>>>>>>>    ../../source4/rpc_server/drsuapi/addentry.c:209:
DsAddEntry
>>>>>>> failed - WERR_DS_INTERNAL_FAILURE
>>>>>> Have you checked your database with 'samba-tool
dbcheck' ?
>>>>>> Does 'DC6' exist ?
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>>
>>>>> Hi Rowland,
>>>>> Thanks for your response ?
>>>>> DC6 exist in many deleted objects, when i run below command
:
>>>>>
>>>>> it at dc4:~$ sudo samba-tool dbcheck -v
>>>>> Checking 973 objects
>>>>> Checking object
>>>>>
CN=DC6\0ADEL:7eec18e3-7f3f-49cc-86bc-8bc08b651bcb,CN=Deleted
>>>>> Objects,DC=nicho,DC=com
>>>>> Checking object
>>>>>
CN=DC6\0ADEL:51476d30-2626-4169-97a8-4c240e934c2b,CN=Deleted
>>>>> Objects,DC=nicho,DC=com
>>>>> Checking object
>>>>>
CN=DC6\0ADEL:54a0a479-a462-4ed1-b4f0-221c596aa455,CN=Deleted
>>>>> Objects,DC=nicho,DC=com
>>>>> Checking object
>>>>>
CN=DC6\0ADEL:26516d46-8b40-4837-a112-e2638268a8b5,CN=Deleted
>>>>> Objects,DC=nicho,DC=com
>>>>>
>>>>> Best Regards,
>>>>> Nicho.
>>>>>
>>>>>
>>>> Hi Rowland,
>>>> Is there anything wrong with my database ?
>>>> I'm really2 stuck with the error. Please help..
>>>>
>>>> Best Regards,
>>>>
>>> The records that contain '0ADEL' are tombstone records, so
you could
>>> use samba-tool to remove them, see:
>>> samba-tool domain tombstones expunge --help
>>> for more info
>>>
>>> ONLY ATTEMPT THE FOLLOWING IF YOU HAVE A GOOD BACKUP!
>>> However, your join seems to be failing because the attribute
>>> 'hasMasterNCs' doesn't have its objectclass in CN=NTDS
>>>
>>>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com',
>>> but you say that DC6 no longer exists, so to me, it looks like that
>>> DN needs removing, followed by any referrences to 'DC6'
there may
>>> be in your AD.
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>> Hi Rowland,
>> Thanks for your response ?
>>
>> Can I rebuild: CN=NTDS
>>
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>> ?
>> Is it safe to remove: CN=NTDS
>>
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>> ?
> Your problem isn't with:
>
> CN=NTDS
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>
> it is with:
>
> CN=NTDS
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>
> and you say that 'DC6' no longer exists.
>
> You need to remove:
>
>
CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>
> and anything it contains, but only attempt this if you have a good
> backup.
>
> You also need to find and remove any reference to 'DC6' there may
be in
> your AD.
>
> Rowland
Hi Rowland,
Thanks for your response ?

DC6 is my new samba DC that can't join to exsiting AD DC (DC4).
DC3 is the old DC that no longer exist.
I can't find any reference or anything contains to DC6 in my AD but
I able to find a reference about DC3 (my old AD) that no longer exist in my AD.
Should I remove the old DC3 references ?

/var/log/samba/log.samba
[2024/08/16 09:40:31.399346,  0]
../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
   ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of CN=NTDS
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
- objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
does not exist in the specified objectclasses!
[2024/08/16 09:40:31.399744,  0]
../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
   ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed -
WERR_DS_INTERNAL_FAILURE
[2024/08/16 10:05:14.013306,  0]
../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
   ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of CN=NTDS
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
- objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
does not exist in the specified objectclasses!
[2024/08/16 10:05:14.013861,  0]
../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
   ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed -
WERR_DS_INTERNAL_FAILURE
[2024/08/16 10:23:24.851791,  1]
../../source4/kdc/db-glue.c:3476(samba_kdc_check_s4u2proxy_rbcd)

regarding attribute 'hasMasterNCs', how to add it ?

Best Regards,
Nicho.

samba - Aug 2024 - Can't join new samba dc to existing dc

[Samba] Can't join new samba dc to existing dc

[Samba] Can't join new samba dc to existing dc