Author Topic: Can't add second DC to current one.  (Read 4517 times)

mrpsycho

  • Zen Apprentice
  • *
  • Posts: 47
  • Karma: +4/-1
    • View Profile
Can't add second DC to current one.
« on: May 05, 2017, 03:54:30 pm »
Hello,

i have DC which was upgraded from 4 to 5.
and installed second one - 5.

and i can't add it as secondary DC.

here is the log:
Code: [Select]
2017/05/05 16:39:01 INFO> GlobalImpl.pm:625 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall dns samba logs
2017/05/05 16:39:01 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: firewall
2017/05/05 16:39:01 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2017/05/05 16:39:02 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2017/05/05 16:39:03 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: samba
2017/05/05 16:39:04 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: logs
2017/05/05 16:39:04 INFO> GlobalImpl.pm:723 EBox::GlobalImpl::saveAllModules - Changes saved successfully
2017/05/05 16:39:34 INFO> GlobalImpl.pm:625 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall dns samba logs
2017/05/05 16:39:34 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: firewall
2017/05/05 16:39:35 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2017/05/05 16:39:35 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2017/05/05 16:39:37 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: samba
2017/05/05 16:39:37 INFO> Provision.pm:825 EBox::Samba::Provision::checkAddress - Resolving zentyal.elegion.local to an IP address
2017/05/05 16:39:37 INFO> Provision.pm:845 EBox::Samba::Provision::checkAddress - The DC zentyal.elegion.local has been resolved to 192.168.2.100
2017/05/05 16:39:37 INFO> Provision.pm:848 EBox::Samba::Provision::checkAddress - Checking reverse DNS resolution of '192.168.2.100'...
2017/05/05 16:39:37 INFO> Provision.pm:869 EBox::Samba::Provision::checkAddress - The IP address 192.168.2.100 has been resolved to zentyal.elegion.local
2017/05/05 16:39:37 INFO> Provision.pm:771 EBox::Samba::Provision::checkServerReachable - Checking if AD server '192.168.2.100' is online...
2017/05/05 16:39:37 INFO> Provision.pm:881 EBox::Samba::Provision::checkFunctionalLevels - Checking forest and domain functional levels...
2017/05/05 16:39:37 INFO> Provision.pm:909 EBox::Samba::Provision::checkRfc2307 - Checking RFC2307 compliant schema...
2017/05/05 16:39:37 INFO> Provision.pm:790 EBox::Samba::Provision::checkLocalRealmAndDomain - Checking local domain and realm...
2017/05/05 16:39:37 INFO> Provision.pm:983 EBox::Samba::Provision::checkClockSkew - Checking clock skew with AD server...
2017/05/05 16:39:37 INFO> Provision.pm:1004 EBox::Samba::Provision::checkClockSkew - Clock skew below two minutes, should be enough.
2017/05/05 16:39:37 INFO> Provision.pm:690 EBox::Samba::Provision::checkDnsZonesInMainPartition - Checking for old DNS zones stored in main domain partition...
2017/05/05 16:39:37 INFO> Provision.pm:737 EBox::Samba::Provision::checkForestDomains - Checking number of domains inside forest...
2017/05/05 16:39:37 INFO> Provision.pm:943 EBox::Samba::Provision::checkTrustDomainObjects - Checking for domain trust relationships...
2017/05/05 16:39:37 INFO> Provision.pm:1045 EBox::Samba::Provision::checkADServerSite - Checking the site where the specified server is located
2017/05/05 16:39:37 INFO> Provision.pm:1053 EBox::Samba::Provision::checkADServerSite - The specified server has been located at site named Default-First-Site-Name
2017/05/05 16:39:37 INFO> Provision.pm:1070 EBox::Samba::Provision::checkADNebiosName - Checking domain netbios name...
2017/05/05 16:39:38 INFO> Provision.pm:1293 EBox::Samba::Provision::provisionADC - Joining to domain 'elegion.local' as DC
2017/05/05 16:39:38 INFO> Provision.pm:1306 EBox::Samba::Provision::provisionADC - Trying to get a kerberos ticket for principal 'administrator@ELEGION.LOCAL'
2017/05/05 16:39:38 INFO> Provision.pm:1315 EBox::Samba::Provision::provisionADC - Executing domain join
2017/05/05 16:39:50 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command samba-tool domain join elegion.local DC  --username='administrator'  --workgroup='elegion'  --password=`cat /var/lib/zentyal/tmp/_QQcF0`  --server='192.168.2.100'  --dns-backend=BIND9_DLZ  --realm='ELEGION.LOCAL'  --site='Default-First-Site-Name'  failed.
Error output: GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'naclrpc_as_system' registered
 GENSEC backend 'sasl-EXTERNAL' registered
 GENSEC backend 'ntlmssp' registered
 GENSEC backend 'ntlmssp_resume_ccache' registered
 GENSEC backend 'http_basic' registered
 GENSEC backend 'http_ntlm' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 workgroup is ELEGION
 realm is elegion.local
 Using binding ncacn_ip_tcp:192.168.2.100[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 lpcfg_load: refreshing parameters from /etc/samba/smb.conf
 Looking up IPv4 addresses
 Looking up IPv6 addresses
 No IPv6 address will be assigned
 Setting up share.ldb
 Setting up secrets.ldb
 Setting up the registry
 ldb_wrap open of hklm.ldb
 Key 'key=SOFTWARE,hive=NONE' not found
 key added: key=SOFTWARE,hive=NONE
 Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=SYSTEM,hive=NONE' not found
 key added: key=SYSTEM,hive=NONE
 Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
« Last Edit: November 19, 2018, 01:41:37 pm by mrpsycho »

mrpsycho

  • Zen Apprentice
  • *
  • Posts: 47
  • Karma: +4/-1
    • View Profile
Re: Can't add second DC to current one.
« Reply #1 on: May 05, 2017, 03:55:14 pm »
and second part of log:

Code: [Select]
Setting up the privileges database
 Setting up idmap db
 Setting up SAM db
 Setting up sam.ldb partitions and settings
 Setting up sam.ldb rootDSE
 Pre-loading the Samba 4 and AD schema
 partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null)
 A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
 Using binding ncacn_ip_tcp:192.168.2.100[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[402/1552] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[804/1552] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[1206/1552] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[1552/1552] linked_values[0/0]
 Analyze and apply schema objects
 Replicated 1552 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[402/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[804/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[1206/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[1608/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[1652/1652] linked_values[72/0]
 Replicated 44 objects (72 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[DC=elegion,DC=local] objects[99/99] linked_values[27/0]
 Replicated 99 objects (27 linked attributes) for DC=elegion,DC=local
 ldb_wrap open of secrets.ldb
 Could not find machine account in secrets database: Failed to fetch machine account password for ELEGION from both secrets.ldb (Could not find entry to match filter: '(&(flatname=ELEGION)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4575) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
 ERROR(runtime): uncaught exception - (8409, 'WERR_DS_DATABASE_ERROR')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 652, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1253, in join_DC
     ctx.do_join()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1153, in do_join
     ctx.join_replicate()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 896, in join_replicate
     replica_flags=ctx.domain_replica_flags)
   File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 254, in replicate
     (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)

Command output: Adding CN=ZENTYAL-2,OU=Domain Controllers,DC=elegion,DC=local
 Adding CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
 Adding CN=NTDS Settings,CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
 Adding SPNs to CN=ZENTYAL-2,OU=Domain Controllers,DC=elegion,DC=local
 Setting account password for ZENTYAL-2$
 Enabling account
 Adding DNS account CN=dns-ZENTYAL-2,CN=Users,DC=elegion,DC=local with dns/ SPN
 Setting account password for dns-ZENTYAL-2
 Calling bare provision
 Provision OK for domain DN DC=elegion,DC=local
 Starting replication
 Replicating critical objects from the base DN of the domain
 Join failed - cleaning up
 Deleted CN=ZENTYAL-2,OU=Domain Controllers,DC=elegion,DC=local
 Deleted CN=dns-ZENTYAL-2,CN=Users,DC=elegion,DC=local
 Deleted CN=NTDS Settings,CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
 Deleted CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
.
Exit value: 255 at root command samba-tool domain join elegion.local DC  --username='administrator'  --workgroup='elegion'  --password=`cat /var/lib/zentyal/tmp/_QQcF0`  --server='192.168.2.100'  --dns-backend=BIND9_DLZ  --realm='ELEGION.LOCAL'  --site='Default-First-Site-Name'  failed.
Error output: GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'naclrpc_as_system' registered
 GENSEC backend 'sasl-EXTERNAL' registered
 GENSEC backend 'ntlmssp' registered
 GENSEC backend 'ntlmssp_resume_ccache' registered
 GENSEC backend 'http_basic' registered
 GENSEC backend 'http_ntlm' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 workgroup is ELEGION
 realm is elegion.local
 Using binding ncacn_ip_tcp:192.168.2.100[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 lpcfg_load: refreshing parameters from /etc/samba/smb.conf
 Looking up IPv4 addresses
 Looking up IPv6 addresses
 No IPv6 address will be assigned
 Setting up share.ldb
 Setting up secrets.ldb
 Setting up the registry
 ldb_wrap open of hklm.ldb
 Key 'key=SOFTWARE,hive=NONE' not found
 key added: key=SOFTWARE,hive=NONE
 Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=SYSTEM,hive=NONE' not found
 key added: key=SYSTEM,hive=NONE
 Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Setting up the privileges database
 Setting up idmap db
 Setting up SAM db
 Setting up sam.ldb partitions and settings
 Setting up sam.ldb rootDSE
 Pre-loading the Samba 4 and AD schema
 partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null)
 A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
 Using binding ncacn_ip_tcp:192.168.2.100[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[402/1552] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[804/1552] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[1206/1552] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[1552/1552] linked_values[0/0]
 Analyze and apply schema objects
 Replicated 1552 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[402/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[804/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[1206/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[1608/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[1652/1652] linked_values[72/0]
 Replicated 44 objects (72 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[DC=elegion,DC=local] objects[99/99] linked_values[27/0]
 Replicated 99 objects (27 linked attributes) for DC=elegion,DC=local
 ldb_wrap open of secrets.ldb
 Could not find machine account in secrets database: Failed to fetch machine account password for ELEGION from both secrets.ldb (Could not find entry to match filter: '(&(flatname=ELEGION)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4575) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
 ERROR(runtime): uncaught exception - (8409, 'WERR_DS_DATABASE_ERROR')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 652, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1253, in join_DC
     ctx.do_join()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1153, in do_join
     ctx.join_replicate()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 896, in join_replicate
     replica_flags=ctx.domain_replica_flags)
   File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 254, in replicate
     (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)

Command output: Adding CN=ZENTYAL-2,OU=Domain Controllers,DC=elegion,DC=local
 Adding CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
 Adding CN=NTDS Settings,CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
 Adding SPNs to CN=ZENTYAL-2,OU=Domain Controllers,DC=elegion,DC=local
 Setting account password for ZENTYAL-2$
 Enabling account
 Adding DNS account CN=dns-ZENTYAL-2,CN=Users,DC=elegion,DC=local with dns/ SPN
 Setting account password for dns-ZENTYAL-2
 Calling bare provision
 Provision OK for domain DN DC=elegion,DC=local
 Starting replication
 Replicating critical objects from the base DN of the domain
 Join failed - cleaning up
 Deleted CN=ZENTYAL-2,OU=Domain Controllers,DC=elegion,DC=local
 Deleted CN=dns-ZENTYAL-2,CN=Users,DC=elegion,DC=local
 Deleted CN=NTDS Settings,CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
 Deleted CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
.
Exit value: 255 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/3ZAD5i_rjD.cmd 2> /var/lib/zentyal/tmp/stderr', 'samba-tool domain join elegion.local DC  --username=\'administrator\'  --workgroup=\'elegion\'  --password=`cat /var/lib/zentyal/tmp/_QQcF0`  --server=\'192.168.2.100\'  --dns-backend=BIND9_DLZ  --realm=\'ELEGION.LOCAL\'  --site=\'Default-First-Site-Name\' ', 65280, 'ARRAY(0x8c72788)', 'ARRAY(0x4399bf0)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, 'samba-tool domain join elegion.local DC  --username=\'administrator\'  --workgroup=\'elegion\'  --password=`cat /var/lib/zentyal/tmp/_QQcF0`  --server=\'192.168.2.100\'  --dns-backend=BIND9_DLZ  --realm=\'ELEGION.LOCAL\'  --site=\'Default-First-Site-Name\' ') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('samba-tool domain join elegion.local DC  --username=\'administrator\'  --workgroup=\'elegion\'  --password=`cat /var/lib/zentyal/tmp/_QQcF0`  --server=\'192.168.2.100\'  --dns-backend=BIND9_DLZ  --realm=\'ELEGION.LOCAL\'  --site=\'Default-First-Site-Name\' ') called at /usr/share/perl5/EBox/Samba/Provision.pm line 1326
eval {...} at /usr/share/perl5/EBox/Samba/Provision.pm line 1292
EBox::Samba::Provision::provisionADC('EBox::Samba::Provision=HASH(0x89d3240)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 369
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x89d3240)') called at /usr/share/perl5/EBox/Samba.pm line 673
EBox::Samba::_setConf('EBox::Samba=HASH(0x76257d0)') called at /usr/share/perl5/EBox/Module/Base.pm line 995
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x76257d0)') called at /usr/share/perl5/EBox/Module/Service.pm line 933
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x76257d0)') called at /usr/share/perl5/EBox/Samba.pm line 646
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x76257d0)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x76257d0)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 657
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 656
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x66aefc0)', 'progress', 'EBox::ProgressIndicator=HASH(0x6664608)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x6644bd0)', 'progress', 'EBox::ProgressIndicator=HASH(0x6664608)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2017/05/05 16:39:50 INFO> Provision.pm:299 EBox::Samba::Provision::setupKerberos - Setting up kerberos
2017/05/05 16:39:50 INFO> Provision.pm:276 EBox::Samba::Provision::setupDNS - Setting up DNS
2017/05/05 16:39:50 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2017/05/05 16:39:50 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2017/05/05 16:39:52 ERROR> GlobalImpl.pm:661 EBox::GlobalImpl::saveAllModules - Failed to save changes in module samba: root command samba-tool domain join elegion.local DC  --username='administrator'  --workgroup='elegion'  --password=`cat /var/lib/zentyal/tmp/_QQcF0`  --server='192.168.2.100'  --dns-backend=BIND9_DLZ  --realm='ELEGION.LOCAL'  --site='Default-First-Site-Name'  failed.
Error output: GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'naclrpc_as_system' registered
 GENSEC backend 'sasl-EXTERNAL' registered
 GENSEC backend 'ntlmssp' registered
 GENSEC backend 'ntlmssp_resume_ccache' registered
 GENSEC backend 'http_basic' registered
 GENSEC backend 'http_ntlm' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 workgroup is ELEGION
 realm is elegion.local
 Using binding ncacn_ip_tcp:192.168.2.100[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 lpcfg_load: refreshing parameters from /etc/samba/smb.conf
 Looking up IPv4 addresses
 Looking up IPv6 addresses
 No IPv6 address will be assigned
 Setting up share.ldb
 Setting up secrets.ldb
 Setting up the registry
 ldb_wrap open of hklm.ldb

mrpsycho

  • Zen Apprentice
  • *
  • Posts: 47
  • Karma: +4/-1
    • View Profile
Re: Can't add second DC to current one.
« Reply #2 on: May 05, 2017, 03:55:26 pm »
and third part:

Code: [Select]
Key 'key=SOFTWARE,hive=NONE' not found
 key added: key=SOFTWARE,hive=NONE
 Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=SYSTEM,hive=NONE' not found
 key added: key=SYSTEM,hive=NONE
 Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Setting up the privileges database
 Setting up idmap db
 Setting up SAM db
 Setting up sam.ldb partitions and settings
 Setting up sam.ldb rootDSE
 Pre-loading the Samba 4 and AD schema
 partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null)
 A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
 Using binding ncacn_ip_tcp:192.168.2.100[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[402/1552] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[804/1552] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[1206/1552] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=elegion,DC=local] objects[1552/1552] linked_values[0/0]
 Analyze and apply schema objects
 Replicated 1552 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[402/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[804/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[1206/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[1608/1652] linked_values[0/0]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[CN=Configuration,DC=elegion,DC=local] objects[1652/1652] linked_values[72/0]
 Replicated 44 objects (72 linked attributes) for CN=Configuration,DC=elegion,DC=local
 Partition[DC=elegion,DC=local] objects[99/99] linked_values[27/0]
 Replicated 99 objects (27 linked attributes) for DC=elegion,DC=local
 ldb_wrap open of secrets.ldb
 Could not find machine account in secrets database: Failed to fetch machine account password for ELEGION from both secrets.ldb (Could not find entry to match filter: '(&(flatname=ELEGION)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4575) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
 ERROR(runtime): uncaught exception - (8409, 'WERR_DS_DATABASE_ERROR')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 652, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1253, in join_DC
     ctx.do_join()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1153, in do_join
     ctx.join_replicate()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 896, in join_replicate
     replica_flags=ctx.domain_replica_flags)
   File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 254, in replicate
     (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)

Command output: Adding CN=ZENTYAL-2,OU=Domain Controllers,DC=elegion,DC=local
 Adding CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
 Adding CN=NTDS Settings,CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
 Adding SPNs to CN=ZENTYAL-2,OU=Domain Controllers,DC=elegion,DC=local
 Setting account password for ZENTYAL-2$
 Enabling account
 Adding DNS account CN=dns-ZENTYAL-2,CN=Users,DC=elegion,DC=local with dns/ SPN
 Setting account password for dns-ZENTYAL-2
 Calling bare provision
 Provision OK for domain DN DC=elegion,DC=local
 Starting replication
 Replicating critical objects from the base DN of the domain
 Join failed - cleaning up
 Deleted CN=ZENTYAL-2,OU=Domain Controllers,DC=elegion,DC=local
 Deleted CN=dns-ZENTYAL-2,CN=Users,DC=elegion,DC=local
 Deleted CN=NTDS Settings,CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
 Deleted CN=ZENTYAL-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=elegion,DC=local
.
Exit value: 255
2017/05/05 16:39:52 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: logs
2017/05/05 16:39:52 ERROR> GlobalImpl.pm:736 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: samba  at The following modules failed while saving their changes, their state is unknown: samba  at /usr/share/perl5/EBox/GlobalImpl.pm line 736
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x66aefc0)', 'progress', 'EBox::ProgressIndicator=HASH(0x6664608)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x6644bd0)', 'progress', 'EBox::ProgressIndicator=HASH(0x6664608)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30

mrpsycho

  • Zen Apprentice
  • *
  • Posts: 47
  • Karma: +4/-1
    • View Profile
Re: Can't add second DC to current one.
« Reply #3 on: May 05, 2017, 03:56:09 pm »
what is wrong?

mrpsycho

  • Zen Apprentice
  • *
  • Posts: 47
  • Karma: +4/-1
    • View Profile
Re: Can't add second DC to current one.
« Reply #4 on: September 13, 2017, 11:23:50 pm »
nobody can point me what to check?

mrpsycho

  • Zen Apprentice
  • *
  • Posts: 47
  • Karma: +4/-1
    • View Profile
Re: Can't add second DC to current one.
« Reply #5 on: September 13, 2017, 11:46:09 pm »
seems found workaround:
Hi vchattamoni,

Create a domain user add that user to domain admin and schema admin, try to add a computer by using newly created domain user. Enter username and password of the newly created Domain user. :) :) :) :) :)

mrpsycho

  • Zen Apprentice
  • *
  • Posts: 47
  • Karma: +4/-1
    • View Profile
Re: [SOLVED] Can't add second DC to current one.
« Reply #6 on: April 10, 2018, 11:45:27 am »
after upgrading to 5.1 this came again (

mrpsycho

  • Zen Apprentice
  • *
  • Posts: 47
  • Karma: +4/-1
    • View Profile
Can't add second DC to current one.
« Reply #7 on: November 19, 2018, 01:41:29 pm »
same on 6.0

Neustradamus

  • Zen Monk
  • **
  • Posts: 92
  • Karma: +0/-5
    • View Profile
Re: Can't add second DC to current one.
« Reply #8 on: November 19, 2018, 05:22:06 pm »
Please create an issue here: https://github.com/zentyal/zentyal/issues/