thr3ads.net - samba - [Samba] Error when joining new DC [Dec 2024]

If this information is useful, please help other people find it:
Share via:

Peter Mittermayer

2024-Dec-07 12:56 UTC

[Samba] Error when joining new DC

Hi,

I'm trying to upgrade my very old samba domain controllers (4.11) to latest
samba. (4.21). The process I'm following is to demote on of the existing DCs
and repalce it with a news system (up-to-date OS & samba version).
Unfortunately when trying to join as DC I get below error:

INFO 2024-12-05 19:29:42,222 pid:126140
/usr/local/samba/lib64/python3.9/site-packages/samba/join.py #1084: Committing
SAM database - this may take some time
descriptor_prepare_commit: changes: num_registrations=9259
descriptor_prepare_commit: changes: num_registered=7537
descriptor_prepare_commit: changes: num_toplevel=5
descriptor_prepare_commit: changes: num_processed=3471
descriptor_prepare_commit: objects: num_processed=7537
descriptor_prepare_commit: objects: num_skipped=5182
replmd_prepare_commit: Processing linked attributes
Discarding older DRS linked attribute update to msDS-NC-Replica-Locations on
CN=c91724e5-3fb9-4271-bffb-fe7e6f2ce1d1,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
from 881faa18-9c28-4104-98db-608783574de4
Discarding older DRS linked attribute update to msDS-NC-Replica-Locations on
CN=c91724e5-3fb9-4271-bffb-fe7e6f2ce1d1,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
from 9ef0b613-3006-443e-9f94-85332d9c8b3f
replmd_allow_missing_target: CN=NTDS
Settings\0ADEL:69281dbf-6928-42b6-937a-1db7b3d2ff5f,CN=MDC02\0ADEL:fd4a1bfb-6d65-440d-b402-cf887284b6a8,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
is Deleted but up to date. Ignoring link from
CN=c91724e5-3fb9-4271-bffb-fe7e6f2ce1d1,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
replmd_allow_missing_target: CN=NTDS
Settings\0ADEL:7ac144e3-f403-4a90-b3b7-263cb63b4e87,CN=MDC02\0ADEL:eb1cd9c1-3a2e-42c2-ae00-5f9a5446943b,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
is Deleted but up to date. Ignoring link from
CN=c91724e5-3fb9-4271-bffb-fe7e6f2ce1d1,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
replmd_allow_missing_target: CN=NTDS
Settings\0ADEL:69281dbf-6928-42b6-937a-1db7b3d2ff5f,CN=MDC02\0ADEL:fd4a1bfb-6d65-440d-b402-cf887284b6a8,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
is Deleted but up to date. Ignoring link from
CN=c5a07c82-4af5-4e68-ac4c-242b0dc77b91,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
replmd_allow_missing_target: CN=NTDS
Settings\0ADEL:7ac144e3-f403-4a90-b3b7-263cb63b4e87,CN=MDC02\0ADEL:eb1cd9c1-3a2e-42c2-ae00-5f9a5446943b,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
is Deleted but up to date. Ignoring link from
CN=c5a07c82-4af5-4e68-ac4c-242b0dc77b91,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on
CN=Guests,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on
CN=Guests,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on
CN=IIS_IUSRS,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,DC=SUB,DC=DOM,DC=TLD from 881faa18-9c28-4104-98db-608783574de4
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,DC=SUB,DC=DOM,DC=TLD from 9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,DC=SUB,DC=DOM,DC=TLD from 81741076-5ded-4f25-947f-edddf7ae86d5
Discarding older DRS linked attribute update to member on CN=Account
Operators,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
881faa18-9c28-4104-98db-608783574de4
Discarding older DRS linked attribute update to member on CN=Pre-Windows 2000
Compatible Access,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Windows
Authorization Access Group,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Group Policy
Creator Owners,CN=Users,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Enterprise
Admins,CN=Users,DC=SUB,DC=DOM,DC=TLD from 9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on CN=Schema
Admins,CN=Users,DC=SUB,DC=DOM,DC=TLD from 9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
9ef0b613-3006-443e-9f94-85332d9c8b3f
Repacking database from v1 to v2 format (first record
CN=ms-DS-Local-Effective-Deletion-Time,CN=Schema,CN=Configuration,DC=SUB,DC=DOM,DC=TLD)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,CN=Configuration,DC=SUB,DC=DOM,DC=TLD)
Repacking database from v1 to v2 format (first record
DC=mecapp01,DC=SUB.DOM.TLD,CN=MicrosoftDNS,DC=DomainDnsZones,DC=SUB,DC=DOM,DC=TLD)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=NTDS
Quotas,DC=ForestDnsZones,DC=SUB,DC=DOM,DC=TLD)
Repacking database from v1 to v2 format (first record CN=FirstName
LastName,CN=Users,DC=SUB,DC=DOM,DC=TLD)
An operation failed during a batch mode transaction, the transaction was rolled
back
DSDB Transaction [commit] at [Thu, 05 Dec 2024 19:29:47.054187 EET] duration
[24679161] status [1] reason [end_trans error on DC=SUB,DC=DOM,DC=TLD: An
operation failed during a batch mode transaction, the transaction was rolled
back]
{"timestamp": "2024-12-05T19:29:47.054240+0200",
"type": "dsdbTransaction", "dsdbTransaction":
{"version": {"major": 1, "minor": 0},
"action": "commit", "transactionId":
"6c245342-5ecc-4c4e-8e13-1196825d7116", "duration":
24679161, "statusCode": 1, "status": "Operations
error", "reason": "end_trans error on DC=SUB,DC=DOM,DC=TLD:
An operation failed during a batch mode transaction, the transaction was rolled
back"}}
Join failed - cleaning up
ldb_wrap open of secrets.ldb
dsdb_search: SUB SEARCH_ONE_ONLY flags=0x00000200 cn=Primary Domains
(&(flatname=SUB)(objectclass=primaryDomain)) -> 0 results
Could not find machine account in secrets database: Failed to fetch machine
account password for SUB from both secrets.ldb (Could not find entry to match
filter: '(&(flatname=SUB)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No such object: dsdb_search at
../../source4/dsdb/common/util.c:5731) and from
/usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=RID Set,CN=MDC02,OU=Domain Controllers,DC=SUB,DC=DOM,DC=TLD
Deleted CN=MDC02,OU=Domain Controllers,DC=SUB,DC=DOM,DC=TLD
Deleted CN=dns-MDC02,CN=Users,DC=SUB,DC=DOM,DC=TLD
Deleted CN=NTDS
Settings,CN=MDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
Deleted
CN=MDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
ERROR(ldb): uncaught exception - end_trans error on DC=SUB,DC=DOM,DC=TLD: An
operation failed during a batch mode transaction, the transaction was rolled
back
  File
"/usr/local/samba/lib64/python3.9/site-packages/samba/netcmd/__init__.py",
line 353, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python3.9/site-packages/samba/netcmd/domain/join.py",
line 128, in run
    join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
  File "/usr/local/samba/lib64/python3.9/site-packages/samba/join.py",
line 1621, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib64/python3.9/site-packages/samba/join.py",
line 1511, in do_join
    ctx.join_replicate()
  File "/usr/local/samba/lib64/python3.9/site-packages/samba/join.py",
line 1101, in join_replicate
    ctx.local_samdb.transaction_commit()

When using same procedure to join a Sambe 4.12 DC - no issue,. But when using
4.14 same error as above. Currently testing with 4.13 to isolate where it
starts.
I also found this wiki page
https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting<https://deref-gmx.net/mail/client/VUfL1TaQmnc/dereferrer/?redirectUrl=https%3A%2F%2Fwiki.samba.org%2Findex.php%2FSamba_AD_DC_Troubleshooting>
which mentions same error but in different context. I'm not coming from
Windows domain. The domain was originally created on 4.11 and is running
functional level 2008_R2. I already have ForestDnsZones, DomainDnsZones.

Not sure how to proceed. Any ideas anyone?

Thanks
Peter

Rowland Penny

2024-Dec-07 13:23 UTC

head link

[Samba] Error when joining new DC

On Sat, 7 Dec 2024 12:56:08 +0000
Peter Mittermayer via samba <samba at lists.samba.org> wrote:
> 
> Hi,
> 
> I'm trying to upgrade my very old samba domain controllers (4.11) to
> latest samba. (4.21). The process I'm following is to demote on of
> the existing DCs and repalce it with a news system (up-to-date OS &
> samba version). Unfortunately when trying to join as DC I get below
> error:
> 
> INFO 2024-12-05 19:29:42,222 pid:126140
> /usr/local/samba/lib64/python3.9/site-packages/samba/join.py #1084:
> Committing SAM database - this may take some time
> descriptor_prepare_commit: changes: num_registrations=9259
> descriptor_prepare_commit: changes: num_registered=7537
> descriptor_prepare_commit: changes: num_toplevel=5
> descriptor_prepare_commit: changes: num_processed=3471
> descriptor_prepare_commit: objects: num_processed=7537
> descriptor_prepare_commit: objects: num_skipped=5182
> replmd_prepare_commit: Processing linked attributes Discarding older
> DRS linked attribute update to msDS-NC-Replica-Locations on
>
CN=c91724e5-3fb9-4271-bffb-fe7e6f2ce1d1,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> from 881faa18-9c28-4104-98db-608783574de4 Discarding older DRS linked
> attribute update to msDS-NC-Replica-Locations on
>
CN=c91724e5-3fb9-4271-bffb-fe7e6f2ce1d1,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> from 9ef0b613-3006-443e-9f94-85332d9c8b3f
> replmd_allow_missing_target: CN=NTDS
>
Settings\0ADEL:69281dbf-6928-42b6-937a-1db7b3d2ff5f,CN=MDC02\0ADEL:fd4a1bfb-6d65-440d-b402-cf887284b6a8,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> is Deleted but up to date. Ignoring link from
>
CN=c91724e5-3fb9-4271-bffb-fe7e6f2ce1d1,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> replmd_allow_missing_target: CN=NTDS
>
Settings\0ADEL:7ac144e3-f403-4a90-b3b7-263cb63b4e87,CN=MDC02\0ADEL:eb1cd9c1-3a2e-42c2-ae00-5f9a5446943b,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> is Deleted but up to date. Ignoring link from
>
CN=c91724e5-3fb9-4271-bffb-fe7e6f2ce1d1,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> replmd_allow_missing_target: CN=NTDS
>
Settings\0ADEL:69281dbf-6928-42b6-937a-1db7b3d2ff5f,CN=MDC02\0ADEL:fd4a1bfb-6d65-440d-b402-cf887284b6a8,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> is Deleted but up to date. Ignoring link from
>
CN=c5a07c82-4af5-4e68-ac4c-242b0dc77b91,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> replmd_allow_missing_target: CN=NTDS
>
Settings\0ADEL:7ac144e3-f403-4a90-b3b7-263cb63b4e87,CN=MDC02\0ADEL:eb1cd9c1-3a2e-42c2-ae00-5f9a5446943b,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> is Deleted but up to date. Ignoring link from
>
CN=c5a07c82-4af5-4e68-ac4c-242b0dc77b91,CN=Partitions,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> Discarding older DRS linked attribute update to member on CN=Denied
> RODC Password Replication Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Denied RODC Password Replication
> Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Denied RODC Password Replication
> Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Denied RODC Password Replication
> Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Denied RODC Password Replication
> Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Denied RODC Password Replication
> Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Denied RODC Password Replication
> Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Denied RODC Password Replication
> Group,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on
> CN=Guests,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on
> CN=Guests,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on
> CN=IIS_IUSRS,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Domain
> Admins,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 881faa18-9c28-4104-98db-608783574de4 Discarding older DRS linked
> attribute update to member on CN=Domain
> Admins,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Domain
> Admins,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 81741076-5ded-4f25-947f-edddf7ae86d5 Discarding older DRS linked
> attribute update to member on CN=Account
> Operators,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 881faa18-9c28-4104-98db-608783574de4 Discarding older DRS linked
> attribute update to member on CN=Pre-Windows 2000 Compatible
> Access,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Windows Authorization Access
> Group,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on
> CN=Users,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on
> CN=Users,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on
> CN=Users,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Group Policy Creator
> Owners,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Enterprise
> Admins,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on CN=Schema
> Admins,CN=Users,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on
> CN=Administrators,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on
> CN=Administrators,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Discarding older DRS linked
> attribute update to member on
> CN=Administrators,CN=Builtin,DC=SUB,DC=DOM,DC=TLD from
> 9ef0b613-3006-443e-9f94-85332d9c8b3f Repacking database from v1 to v2
> format (first record
>
CN=ms-DS-Local-Effective-Deletion-Time,CN=Schema,CN=Configuration,DC=SUB,DC=DOM,DC=TLD)
> Repack: re-packed 10000 records so far Repacking database from v1 to
> v2 format (first record
>
CN=serviceAdministrationPoint-Display,CN=40B,CN=DisplaySpecifiers,CN=Configuration,DC=SUB,DC=DOM,DC=TLD)
> Repacking database from v1 to v2 format (first record
>
DC=mecapp01,DC=SUB.DOM.TLD,CN=MicrosoftDNS,DC=DomainDnsZones,DC=SUB,DC=DOM,DC=TLD)
> Repack: re-packed 10000 records so far Repacking database from v1 to
> v2 format (first record CN=NTDS
> Quotas,DC=ForestDnsZones,DC=SUB,DC=DOM,DC=TLD) Repacking database
> from v1 to v2 format (first record CN=FirstName
> LastName,CN=Users,DC=SUB,DC=DOM,DC=TLD) An operation failed during a
> batch mode transaction, the transaction was rolled back DSDB
> Transaction [commit] at [Thu, 05 Dec 2024 19:29:47.054187 EET]
> duration [24679161] status [1] reason [end_trans error on
> DC=SUB,DC=DOM,DC=TLD: An operation failed during a batch mode
> transaction, the transaction was rolled back] {"timestamp":
> "2024-12-05T19:29:47.054240+0200", "type":
"dsdbTransaction",
> "dsdbTransaction": {"version": {"major": 1,
"minor": 0}, "action":
> "commit", "transactionId":
"6c245342-5ecc-4c4e-8e13-1196825d7116",
> "duration": 24679161, "statusCode": 1,
"status": "Operations error",
> "reason": "end_trans error on DC=SUB,DC=DOM,DC=TLD: An
operation
> failed during a batch mode transaction, the transaction was rolled
> back"}} Join failed - cleaning up ldb_wrap open of secrets.ldb
> dsdb_search: SUB SEARCH_ONE_ONLY flags=0x00000200 cn=Primary Domains
> (&(flatname=SUB)(objectclass=primaryDomain)) -> 0 results Could not
> find machine account in secrets database: Failed to fetch machine
> account password for SUB from both secrets.ldb (Could not find entry
> to match filter: '(&(flatname=SUB)(objectclass=primaryDomain))'
base:
> 'cn=Primary Domains': No such object: dsdb_search at
> ../../source4/dsdb/common/util.c:5731) and from
> /usr/local/samba/private/secrets.tdb:
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO Deleted CN=RID
> Set,CN=MDC02,OU=Domain Controllers,DC=SUB,DC=DOM,DC=TLD Deleted
> CN=MDC02,OU=Domain Controllers,DC=SUB,DC=DOM,DC=TLD Deleted
> CN=dns-MDC02,CN=Users,DC=SUB,DC=DOM,DC=TLD Deleted CN=NTDS
>
Settings,CN=MDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> Deleted
>
CN=MDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SUB,DC=DOM,DC=TLD
> ERROR(ldb): uncaught exception - end_trans error on
> DC=SUB,DC=DOM,DC=TLD: An operation failed during a batch mode
> transaction, the transaction was rolled back File
>
"/usr/local/samba/lib64/python3.9/site-packages/samba/netcmd/__init__.py",
> line 353, in _run return self.run(*args, **kwargs) File
>
"/usr/local/samba/lib64/python3.9/site-packages/samba/netcmd/domain/join.py",
> line 128, in run join_DC(logger=logger, server=server, creds=creds,
> lp=lp, domain=domain, File
> "/usr/local/samba/lib64/python3.9/site-packages/samba/join.py",
line
> 1621, in join_DC ctx.do_join() File
> "/usr/local/samba/lib64/python3.9/site-packages/samba/join.py",
line
> 1511, in do_join ctx.join_replicate() File
> "/usr/local/samba/lib64/python3.9/site-packages/samba/join.py",
line
> 1101, in join_replicate ctx.local_samdb.transaction_commit()
> 
> When using same procedure to join a Sambe 4.12 DC - no issue,. But
> when using 4.14 same error as above. Currently testing with 4.13 to
> isolate where it starts. I also found this wiki page
>
https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting<https://deref-gmx.net/mail/client/VUfL1TaQmnc/dereferrer/?redirectUrl=https%3A%2F%2Fwiki.samba.org%2Findex.php%2FSamba_AD_DC_Troubleshooting>
> which mentions same error but in different context. I'm not coming
> from Windows domain. The domain was originally created on 4.11 and is
> running functional level 2008_R2. I already have ForestDnsZones,
> DomainDnsZones.
> 
> Not sure how to proceed. Any ideas anyone?
> 
> Thanks
> Peter
> 
From '/usr/local/samba/lib64' it looks like you are running a
self-compiled version of Samba on some version of a redhat based
distro, so lets go for the easiest first, have you turned the fips mode
off ?

Rowland

Apparently Analagous Threads

Search for more possibly parallel threads

samba - Dec 2024 - Error when joining new DC

[Samba] Error when joining new DC

[Samba] Error when joining new DC

Apparently Analagous Threads