samba - Apr 2025 - Member can't join DC2 (The specified network name is no longer available)

Le 23/04/2025 ? 14:07, Luis Peromarta via samba a
?crit?:
> I understand DC2 has been powered off but not demoted from AD ?
Yes, I reinstalled multiple times DC2 without demoting it. At first as a 
member (named DC2), then as a full DC once or twice. THEN before 
installing DC4, I demoted DC2, removed the references, checked the 
GUIDs, etc? And cleaned manually the left overs in the DNS.

Currently, DC2 is a clean install after being demoted. DC4 is an attempt 
to create a new DC without previous reference (I wondered if the errors 
with DC2 could come from the mistakes with it). DC4 is a first install 
and first join with a new hostname.
> Also, have you used RSAT sites and services to create your 2 sites ?
Yes, the sites were already created when I created DC1. 10.190.0.0/16 is 
on site 1, 10.133.0.0/16 on site 2. I don't use the "sites" for
anything
else nor I configured anything related to sites except their network.
> On 23 Apr 2025 at 10:23 +0100, Adnan R. via samba <samba at
lists.samba.org>, wrote:
>> I'm new to AD and Samba but we have been running 1 Samba AD DC on
our
>> network for a year now, without trouble.
>>
>> We have 2 sites, separated by a street and linked together with a site
>> to site L2 VPN (EoIP on MikroTik). DC1 on site 1 (the currently
running)
>> and we are trying to run a 2nd DC (DC2 and DC4) on the 2nd site.
>>
>> idmap.ldb and sysvol are synchronized, `samba-tool drs showrepl` shows
>> no error when the 3 DCs are online simultaneously. When joining AD from
>> Windows 10 (test machines and VMs) from Site 1, DC1 is selected and
>> joined. From Site 2, if DC2 or DC4 are online, they are selected and an
>> error occurs : The specified network name is no longer available. (See
>> NetSetup.log in attachments).
>>
>> - Site 1:
>> -- DC1 is a turnkey linux LXC on Proxmox : 10.190.0.11
>> -- DC1 samba version : 4.17.12 on Debian 11
>>
>> - Site 2:
>> -- DC2 is a manually installed LXC on Proxmox : 10.133.0.11
>> -- DC2 samba version : 4.17.12 on Debian 12
>> -- DC4 is a manually installed LXC on Proxmox : 10.133.0.40
>> -- DC4 samba version : 4.17.12 on Debian 12
>>
>> For some details, at first we created DC2 and joined as member.
Didn't
>> know much, it was used for freeradius. This machine (DC2) was
>> reinstalled (without leaving the forest) from scratch 2 or 3 times and
>> joined back the forest, with same name (DC2) and same IP/MAC, but no
>> member ever joined on 2nd site. After realizing it may have been a big
>> mistake, I shutdown DC2 and installed from scratch DC4 with different
IP
>> and MAC.
>>
>> Windows 10 join tests were made with a VM on 10.133.0.0/16 network,
with
>> DC1 + DC2 online, DC1 + DC4 online, and DC1 + DC2 + DC4 online. When
DC2
>> or DC4 are chosen to join, error. When DC2 and DC4 offline, joining DC1
>> is fine.
>>
>> What did I do wrong please?
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20250423/4f40af0d/OpenPGP_signature.sig>

On Wed, 23 Apr 2025 14:53:37 +0200
"Adnan R. via samba" <samba at lists.samba.org> wrote:
> Le 23/04/2025 ? 14:07, Luis Peromarta via samba a ?crit?:
> > I understand DC2 has been powered off but not demoted from AD ?
> 
> Yes, I reinstalled multiple times DC2 without demoting it. At first
> as a member (named DC2), then as a full DC once or twice. THEN before 
> installing DC4, I demoted DC2, removed the references, checked the 
> GUIDs, etc? And cleaned manually the left overs in the DNS.
> 
> Currently, DC2 is a clean install after being demoted. DC4 is an
> attempt to create a new DC without previous reference (I wondered if
> the errors with DC2 could come from the mistakes with it). DC4 is a
> first install and first join with a new hostname.
> 
> > Also, have you used RSAT sites and services to create your 2 sites ?
> 
> Yes, the sites were already created when I created DC1. 10.190.0.0/16
> is on site 1, 10.133.0.0/16 on site 2. I don't use the
"sites" for
> anything else nor I configured anything related to sites except their
> network.
If all you have done is to setup a subnet at each place, then you are
not using sites, you are just using different ip's at each place.
 
Best practice would be to run two DC's at each place, set up 'sites and
services' at each place, you could call the place where your first DC
is 'siteA' and the other place could be 'siteB'

As you are running your DCs in VM's, you must ensured that they are
privileged VM's, that is 'root' really is 'root', it will
not work
otherwise.

Rowland

Any DNS records leftover for DC2 ?

Unsure about the consequences of rejoining a DC previously un demoted.


On 23 Apr 2025 at 14:13 +0100, Adnan R. via samba <samba at
lists.samba.org>, wrote:
> Le 23/04/2025 ? 14:07, Luis Peromarta via samba a ?crit?:
> > I understand DC2 has been powered off but not demoted from AD ?
>
> Yes, I reinstalled multiple times DC2 without demoting it. At first as a
> member (named DC2), then as a full DC once or twice. THEN before
> installing DC4, I demoted DC2, removed the references, checked the
> GUIDs, etc? And cleaned manually the left overs in the DNS.
>
> Currently, DC2 is a clean install after being demoted. DC4 is an attempt
> to create a new DC without previous reference (I wondered if the errors
> with DC2 could come from the mistakes with it). DC4 is a first install
> and first join with a new hostname.
>
> > Also, have you used RSAT sites and services to create your 2 sites ?
>
> Yes, the sites were already created when I created DC1. 10.190.0.0/16 is
> on site 1, 10.133.0.0/16 on site 2. I don't use the "sites"
for anything
> else nor I configured anything related to sites except their network.
>
> > On 23 Apr 2025 at 10:23 +0100, Adnan R. via samba <samba at
lists.samba.org>, wrote:
> > > > I'm new to AD and Samba but we have been running 1 Samba
AD DC on our
> > > > network for a year now, without trouble.
> > > >
> > > > We have 2 sites, separated by a street and linked together
with a site
> > > > to site L2 VPN (EoIP on MikroTik). DC1 on site 1 (the
currently running)
> > > > and we are trying to run a 2nd DC (DC2 and DC4) on the 2nd
site.
> > > >
> > > > idmap.ldb and sysvol are synchronized, `samba-tool drs
showrepl` shows
> > > > no error when the 3 DCs are online simultaneously. When
joining AD from
> > > > Windows 10 (test machines and VMs) from Site 1, DC1 is
selected and
> > > > joined. From Site 2, if DC2 or DC4 are online, they are
selected and an
> > > > error occurs : The specified network name is no longer
available. (See
> > > > NetSetup.log in attachments).
> > > >
> > > > - Site 1:
> > > > -- DC1 is a turnkey linux LXC on Proxmox : 10.190.0.11
> > > > -- DC1 samba version : 4.17.12 on Debian 11
> > > >
> > > > - Site 2:
> > > > -- DC2 is a manually installed LXC on Proxmox : 10.133.0.11
> > > > -- DC2 samba version : 4.17.12 on Debian 12
> > > > -- DC4 is a manually installed LXC on Proxmox : 10.133.0.40
> > > > -- DC4 samba version : 4.17.12 on Debian 12
> > > >
> > > > For some details, at first we created DC2 and joined as
member. Didn't
> > > > know much, it was used for freeradius. This machine (DC2)
was
> > > > reinstalled (without leaving the forest) from scratch 2 or 3
times and
> > > > joined back the forest, with same name (DC2) and same
IP/MAC, but no
> > > > member ever joined on 2nd site. After realizing it may have
been a big
> > > > mistake, I shutdown DC2 and installed from scratch DC4 with
different IP
> > > > and MAC.
> > > >
> > > > Windows 10 join tests were made with a VM on 10.133.0.0/16
network, with
> > > > DC1 + DC2 online, DC1 + DC4 online, and DC1 + DC2 + DC4
online. When DC2
> > > > or DC4 are chosen to join, error. When DC2 and DC4 offline,
joining DC1
> > > > is fine.
> > > >
> > > > What did I do wrong please?
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and
read the
> > > > instructions: https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba