Author Topic: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1  (Read 1663 times)

alxndr

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« on: January 24, 2022, 11:45:22 am »
Hi all,

i am having problems joining a Zentyal 7 (Commercial Trial Edition) to our existing AD Controller Zentyal 5.1.3 (Community edition). The join is unsuccessful. I followed the official tutorial on Youtube.

The goal is to replace the old Zentyal 5 with the Version 7 Commercial. I tried upgrading the V5 to 6 before and it while the upgrade was still successful, our users were not able to log in to their machines any more.

I hope you can guide me to successfully join the domain or give me another advice how to migrate to the new commercial edition.

Here is the zentyal.log (split in three posts) of the unsuccessful join attempt - i masked our true domain values with foo.bar.xyz.

Thanks, Alex

Quote
2022/01/23 14:57:40 INFO> GlobalImpl.pm:617 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall dns samba logs
2022/01/23 14:57:40 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: firewall
2022/01/23 14:57:40 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2022/01/23 14:57:40 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2022/01/23 14:57:43 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: samba
2022/01/23 14:57:45 INFO> Provision.pm:810 EBox::Samba::Provision::checkAddress - Resolving largo.foo.bar.xyz to an IP address
2022/01/23 14:57:45 INFO> Provision.pm:830 EBox::Samba::Provision::checkAddress - The DC largo.foo.bar.xyz has been resolved to 192.168.0.2
2022/01/23 14:57:45 INFO> Provision.pm:833 EBox::Samba::Provision::checkAddress - Checking reverse DNS resolution of '192.168.0.2'...
2022/01/23 14:57:45 INFO> Provision.pm:857 EBox::Samba::Provision::checkAddress - The IP address 192.168.0.2 does not have associated PTR record
2022/01/23 14:57:45 INFO> Provision.pm:756 EBox::Samba::Provision::checkServerReachable - Checking if AD server '192.168.0.2' is online...
2022/01/23 14:57:45 INFO> Provision.pm:866 EBox::Samba::Provision::checkFunctionalLevels - Checking forest and domain functional levels...
2022/01/23 14:57:45 INFO> Provision.pm:898 EBox::Samba::Provision::checkRfc2307 - Checking RFC2307 compliant schema...
2022/01/23 14:57:45 INFO> Provision.pm:775 EBox::Samba::Provision::checkLocalRealmAndDomain - Checking local domain and realm...
2022/01/23 14:57:45 INFO> Provision.pm:972 EBox::Samba::Provision::checkClockSkew - Checking clock skew with AD server...
2022/01/23 14:57:45 INFO> Provision.pm:993 EBox::Samba::Provision::checkClockSkew - Clock skew below two minutes, should be enough.
2022/01/23 14:57:45 INFO> Provision.pm:675 EBox::Samba::Provision::checkDnsZonesInMainPartition - Checking for old DNS zones stored in main domain partition...
2022/01/23 14:57:45 INFO> Provision.pm:722 EBox::Samba::Provision::checkForestDomains - Checking number of domains inside forest...
2022/01/23 14:57:45 INFO> Provision.pm:932 EBox::Samba::Provision::checkTrustDomainObjects - Checking for domain trust relationships...
2022/01/23 14:57:45 INFO> Provision.pm:1034 EBox::Samba::Provision::checkADServerSite - Checking the site where the specified server is located
2022/01/23 14:57:45 INFO> Provision.pm:1042 EBox::Samba::Provision::checkADServerSite - The specified server has been located at site named Default-First-Site-Name
2022/01/23 14:57:45 INFO> Provision.pm:1059 EBox::Samba::Provision::checkADNebiosName - Checking domain xyzbios name...
2022/01/23 14:57:46 INFO> Provision.pm:1286 EBox::Samba::Provision::provisionADC - Joining to domain 'foo.bar.xyz' as DC
2022/01/23 14:57:47 INFO> Provision.pm:1299 EBox::Samba::Provision::provisionADC - Trying to get a kerberos ticket for principal 'domainadmin@foo.bar.xyz'
2022/01/23 14:57:47 INFO> Provision.pm:1308 EBox::Samba::Provision::provisionADC - Executing domain join
2022/01/23 14:57:52 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command samba-tool domain join foo.bar.xyz DC  --username='domainadmin'  --workgroup='ac'  --password=`cat /var/lib/zentyal/tmp/0qjsOw`  --server='192.168.0.2'  --dns-backend=BIND9_DLZ  --realm='foo.bar.xyz'  --site='Default-First-Site-Name'  failed.
Error output: GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'naclrpc_as_system' registered
 GENSEC backend 'sasl-EXTERNAL' registered
 GENSEC backend 'ntlmssp' registered
 GENSEC backend 'ntlmssp_resume_ccache' registered
 GENSEC backend 'http_basic' registered
 GENSEC backend 'http_ntlm' registered
 GENSEC backend 'http_negotiate' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1543: workgroup is FOO
 INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1546: realm is foo.bar.xyz
 Using binding ncacn_ip_tcp:192.168.0.2[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 lpcfg_load: refreshing parameters from /etc/samba/smb.conf
 INFO 2022-01-23 14:57:48,335 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up IPv4 addresses
 INFO 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: Looking up IPv6 addresses
 WARNING 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No IPv6 address will be assigned
 INFO 2022-01-23 14:57:48,514 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2290: Setting up share.ldb
 INFO 2022-01-23 14:57:48,563 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting up secrets.ldb
 INFO 2022-01-23 14:57:48,590 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2299: Setting up the registry
 ldb_wrap open of hklm.ldb
 Key 'key=SOFTWARE,hive=NONE' not found
 key added: key=SOFTWARE,hive=NONE
 Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=SYSTEM,hive=NONE' not found
 key added: key=SYSTEM,hive=NONE
 Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 INFO 2022-01-23 14:57:48,762 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2302: Setting up the privileges database
 INFO 2022-01-23 14:57:48,828 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: Setting up idmap db
 INFO 2022-01-23 14:57:48,873 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2312: Setting up SAM db
 INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
 INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
 INFO 2022-01-23 14:57:48,895 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1322: Pre-loading the Samba 4 and AD schema
 partition_metadata: Migrating partition metadata: open of metadata.tdb gave: No such Base DN: @INDEXLIST
 Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
 
 INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2364: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
 INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2366: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
 Using binding ncacn_ip_tcp:192.168.0.2[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2010/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2412/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2677/2677] linked_values[0/0]
 Analyze and apply schema objects
 Replicated 2677 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 ldb_wrap open of secrets.ldb
 Could not find machine account in secrets database: Failed to fetch machine account password for AC from both secrets.ldb (Could not find entry to match filter: '(&(flatname=foo)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4771) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
 ERROR(runtime): uncaught exception - (8409, 'WERR_DS_DATABASE_ERROR')
   File "/usr/lib/python3/dist-packages/samba/xyzcmd/__init__.py", line 186, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python3/dist-packages/samba/xyzcmd/domain.py", line 661, in run
     join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
   File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
     ctx.do_join()
   File "/usr/lib/python3/dist-packages/samba/join.py", line 1449, in do_join
     ctx.join_replicate()
   File "/usr/lib/python3/dist-packages/samba/join.py", line 983, in join_replicate
     repl.replicate(ctx.config_dn, source_dsa_invocation_id,
   File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 338, in replicate
     (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)

alxndr

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« Reply #1 on: January 24, 2022, 11:46:00 am »
Part 2

Quote
Command output: Adding CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
 Adding CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Adding CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Adding SPNs to CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
 Setting account password for ZENTYALDC$
 Enabling account
 Adding DNS account CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz with dns/ SPN
 Setting account password for dns-ZENTYALDC
 Calling bare provision
 Provision OK for domain DN DC=foo,DC=bar,DC=xyz
 Starting replication
 Join failed - cleaning up
 Deleted CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
 Deleted CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz
 Deleted CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Deleted CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
.
Exit value: 255 at root command samba-tool domain join foo.bar.xyz DC  --username='domainadmin'  --workgroup='ac'  --password=`cat /var/lib/zentyal/tmp/0qjsOw`  --server='192.168.0.2'  --dns-backend=BIND9_DLZ  --realm='foo.bar.xyz'  --site='Default-First-Site-Name'  failed.
Error output: GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'naclrpc_as_system' registered
 GENSEC backend 'sasl-EXTERNAL' registered
 GENSEC backend 'ntlmssp' registered
 GENSEC backend 'ntlmssp_resume_ccache' registered
 GENSEC backend 'http_basic' registered
 GENSEC backend 'http_ntlm' registered
 GENSEC backend 'http_negotiate' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1543: workgroup is FOO
 INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1546: realm is foo.bar.xyz
 Using binding ncacn_ip_tcp:192.168.0.2[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 lpcfg_load: refreshing parameters from /etc/samba/smb.conf
 INFO 2022-01-23 14:57:48,335 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up IPv4 addresses
 INFO 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: Looking up IPv6 addresses
 WARNING 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No IPv6 address will be assigned
 INFO 2022-01-23 14:57:48,514 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2290: Setting up share.ldb
 INFO 2022-01-23 14:57:48,563 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting up secrets.ldb
 INFO 2022-01-23 14:57:48,590 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2299: Setting up the registry
 ldb_wrap open of hklm.ldb
 Key 'key=SOFTWARE,hive=NONE' not found
 key added: key=SOFTWARE,hive=NONE
 Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=SYSTEM,hive=NONE' not found
 key added: key=SYSTEM,hive=NONE
 Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 INFO 2022-01-23 14:57:48,762 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2302: Setting up the privileges database
 INFO 2022-01-23 14:57:48,828 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: Setting up idmap db
 INFO 2022-01-23 14:57:48,873 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2312: Setting up SAM db
 INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
 INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
 INFO 2022-01-23 14:57:48,895 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1322: Pre-loading the Samba 4 and AD schema
 partition_metadata: Migrating partition metadata: open of metadata.tdb gave: No such Base DN: @INDEXLIST
 Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
 
 INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2364: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
 INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2366: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
 Using binding ncacn_ip_tcp:192.168.0.2[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2010/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2412/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2677/2677] linked_values[0/0]
 Analyze and apply schema objects
 Replicated 2677 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 ldb_wrap open of secrets.ldb
 Could not find machine account in secrets database: Failed to fetch machine account password for FOO from both secrets.ldb (Could not find entry to match filter: '(&(flatname=foo)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4771) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
 ERROR(runtime): uncaught exception - (8409, 'WERR_DS_DATABASE_ERROR')
   File "/usr/lib/python3/dist-packages/samba/xyzcmd/__init__.py", line 186, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python3/dist-packages/samba/xyzcmd/domain.py", line 661, in run
     join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
   File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
     ctx.do_join()
   File "/usr/lib/python3/dist-packages/samba/join.py", line 1449, in do_join
     ctx.join_replicate()
   File "/usr/lib/python3/dist-packages/samba/join.py", line 983, in join_replicate
     repl.replicate(ctx.config_dn, source_dsa_invocation_id,
   File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 338, in replicate
     (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)

Command output: Adding CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
 Adding CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Adding CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Adding SPNs to CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
 Setting account password for ZENTYALDC$
 Enabling account
 Adding DNS account CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz with dns/ SPN
 Setting account password for dns-ZENTYALDC
 Calling bare provision
 Provision OK for domain DN DC=foo,DC=bar,DC=xyz
 Starting replication
 Join failed - cleaning up
 Deleted CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
 Deleted CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz
 Deleted CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Deleted CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz

alxndr

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« Reply #2 on: January 24, 2022, 11:46:24 am »
Part 3

Quote
Exit value: 255 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/F3cb8Zxsrj.cmd 2> /var/lib/zentyal/tmp/stderr', 'samba-tool domain join foo.bar.xyz DC  --username=\'domainadmin\'  --workgroup=\'foo\'  --password=`cat /var/lib/zentyal/tmp/0qjsOw`  --server=\'192.168.0.2\'  --dns-backend=BIND9_DLZ  --realm=\'foo.bar.xyz\'  --site=\'Default-First-Site-Name\' ', 65280, 'ARRAY(0x55c578d74ed0)', 'ARRAY(0x55c573fe0d40)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, 'samba-tool domain join foo.bar.xyz DC  --username=\'domainadmin\'  --workgroup=\'foo\'  --password=`cat /var/lib/zentyal/tmp/0qjsOw`  --server=\'192.168.0.2\'  --dns-backend=BIND9_DLZ  --realm=\'foo.bar.xyz\'  --site=\'Default-First-Site-Name\' ') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('samba-tool domain join foo.bar.xyz DC  --username=\'domainadmin\'  --workgroup=\'foo\'  --password=`cat /var/lib/zentyal/tmp/0qjsOw`  --server=\'192.168.0.2\'  --dns-backend=BIND9_DLZ  --realm=\'foo.bar.xyz\'  --site=\'Default-First-Site-Name\' ') called at /usr/share/perl5/EBox/Samba/Provision.pm line 1319
eval {...} at /usr/share/perl5/EBox/Samba/Provision.pm line 1285
EBox::Samba::Provision::provisionADC('EBox::Samba::Provision=HASH(0x55c578a444b8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 369
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x55c578a444b8)') called at /usr/share/perl5/EBox/Samba.pm line 694
EBox::Samba::_setConf('EBox::Samba=HASH(0x55c577705cb8)') called at /usr/share/perl5/EBox/Module/Base.pm line 995
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x55c577705cb8)') called at /usr/share/perl5/EBox/Module/Service.pm line 940
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x55c577705cb8)') called at /usr/share/perl5/EBox/Samba.pm line 667
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x55c577705cb8)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x55c577705cb8)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 649
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 648
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x55c572af4bb0)', 'progress', 'EBox::ProgressIndicator=HASH(0x55c5760cc1f0)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x55c575ff6f80)', 'progress', 'EBox::ProgressIndicator=HASH(0x55c5760cc1f0)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2022/01/23 14:57:52 INFO> Provision.pm:299 EBox::Samba::Provision::setupKerberos - Setting up kerberos
2022/01/23 14:57:52 INFO> Provision.pm:276 EBox::Samba::Provision::setupDNS - Setting up DNS
2022/01/23 14:57:52 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2022/01/23 14:57:53 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2022/01/23 14:57:57 ERROR> GlobalImpl.pm:653 EBox::GlobalImpl::saveAllModules - Failed to save changes in module samba: root command samba-tool domain join foo.bar.xyz DC  --username='domainadmin'  --workgroup='foo'  --password=`cat /var/lib/zentyal/tmp/0qjsOw`  --server='192.168.0.2'  --dns-backend=BIND9_DLZ  --realm='foo.bar.xyz'  --site='Default-First-Site-Name'  failed.
Error output: GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'naclrpc_as_system' registered
 GENSEC backend 'sasl-EXTERNAL' registered
 GENSEC backend 'ntlmssp' registered
 GENSEC backend 'ntlmssp_resume_ccache' registered
 GENSEC backend 'http_basic' registered
 GENSEC backend 'http_ntlm' registered
 GENSEC backend 'http_negotiate' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1543: workgroup is FOO
 INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1546: realm is foo.bar.xyz
 Using binding ncacn_ip_tcp:192.168.0.2[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 lpcfg_load: refreshing parameters from /etc/samba/smb.conf
 INFO 2022-01-23 14:57:48,335 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up IPv4 addresses
 INFO 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: Looking up IPv6 addresses
 WARNING 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No IPv6 address will be assigned
 INFO 2022-01-23 14:57:48,514 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2290: Setting up share.ldb
 INFO 2022-01-23 14:57:48,563 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting up secrets.ldb
 INFO 2022-01-23 14:57:48,590 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2299: Setting up the registry
 ldb_wrap open of hklm.ldb
 Key 'key=SOFTWARE,hive=NONE' not found
 key added: key=SOFTWARE,hive=NONE
 Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
 key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
 Key 'key=SYSTEM,hive=NONE' not found
 key added: key=SYSTEM,hive=NONE
 Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
 key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
 INFO 2022-01-23 14:57:48,762 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2302: Setting up the privileges database
 INFO 2022-01-23 14:57:48,828 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: Setting up idmap db
 INFO 2022-01-23 14:57:48,873 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2312: Setting up SAM db
 INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
 INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
 INFO 2022-01-23 14:57:48,895 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1322: Pre-loading the Samba 4 and AD schema
 partition_metadata: Migrating partition metadata: open of metadata.tdb gave: No such Base DN: @INDEXLIST
 Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
 
 INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2364: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
 INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2366: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
 Using binding ncacn_ip_tcp:192.168.0.2[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x62088235
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2010/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2412/2677] linked_values[0/0]
 Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2677/2677] linked_values[0/0]
 Analyze and apply schema objects
 Replicated 2677 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/1739] linked_values[0/1]
 Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
 ldb_wrap open of secrets.ldb
 Could not find machine account in secrets database: Failed to fetch machine account password for FOO from both secrets.ldb (Could not find entry to match filter: '(&(flatname=foo)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4771) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
 ERROR(runtime): uncaught exception - (8409, 'WERR_DS_DATABASE_ERROR')
   File "/usr/lib/python3/dist-packages/samba/xyzcmd/__init__.py", line 186, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python3/dist-packages/samba/xyzcmd/domain.py", line 661, in run
     join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
   File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
     ctx.do_join()
   File "/usr/lib/python3/dist-packages/samba/join.py", line 1449, in do_join
     ctx.join_replicate()
   File "/usr/lib/python3/dist-packages/samba/join.py", line 983, in join_replicate
     repl.replicate(ctx.config_dn, source_dsa_invocation_id,
   File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 338, in replicate
     (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)

Command output: Adding CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
 Adding CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Adding CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Adding SPNs to CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
 Setting account password for ZENTYALDC$
 Enabling account
 Adding DNS account CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz with dns/ SPN
 Setting account password for dns-ZENTYALDC
 Calling bare provision
 Provision OK for domain DN DC=foo,DC=bar,DC=xyz
 Starting replication
 Join failed - cleaning up
 Deleted CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
 Deleted CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz
 Deleted CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
 Deleted CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
.
Exit value: 255
2022/01/23 14:57:57 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: logs
2022/01/23 14:57:57 ERROR> GlobalImpl.pm:728 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: samba  at The following modules failed while saving their changes, their state is unknown: samba  at /usr/share/perl5/EBox/GlobalImpl.pm line 728
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x55c572af4bb0)', 'progress', 'EBox::ProgressIndicator=HASH(0x55c5760cc1f0)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x55c575ff6f80)', 'progress', 'EBox::ProgressIndicator=HASH(0x55c5760cc1f0)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30

turalyon

  • Zen Warrior
  • ***
  • Posts: 197
  • Karma: +15/-0
    • View Profile
Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« Reply #3 on: January 26, 2022, 04:16:23 pm »
Hi,

I recommend you to do the following in order to try to join the Zentyal 7 as ADC of Zentyal 5.0 DC:

1. Check that there is not any record about Zentyal 7.0 after the try in your domain.

Code: [Select]
## To see if there was created a DNS user for Zentyal 7
ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName='dns-zen7adc'

2. Check the status of your Zentyal 5.0 server, you should use download the following script and run it in your Zentyal. The most important part in your case is the function called 'dc_check'.

   * https://github.com/zentyal/zentyal/blob/master/main/core/src/scripts/smart-admin-report

3. Check that the domain users 'krbtgt' and 'Guest' are located in the original location, which is 'Users' container. Below an example:

Code: [Select]
ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName='krbtgt' dn

  dn: CN=krbtgt,CN=Users,DC=zentyal-domain,DC=lan

ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName='Guest' dn

  dn: CN=Guest,CN=Users,DC=zentyal-domain,DC=lan

NOTE: As you can see, both domain users are located at the container (CN) 'Users'.

I saw a few times errors during the join caused mainly for:

1. Errors in the internal database of SAmba, which you will be able to see them if you run the script from step 2. You can get more information below:

* https://wiki.samba.org/index.php/Dbcheck

2. When the user 'krbtgt' was moved to other location (step 3).

Finally, in case you cannot join the Zentyal 7 as ADC, you could try to do a migration using the feature 'Import and export', in your case, you will need to download the script from the repository.

* https://doc.zentyal.org/en/directory.html#importing-and-exporting-users-and-groups
* (groups-export.pl, groups-import.pl, users-export.pl and users-import.pl) https://github.com/zentyal/zentyal/tree/master/main/samba/src/scripts

Hope it helps you.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

alxndr

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« Reply #4 on: January 26, 2022, 08:02:53 pm »
Hi turalyon and thanks for looking into my post with this endless logfile.

I did this now:
  • The user 'dns-zen7adc' could not be found in the database. Is this user always called the same for Zentyal 7?
  • I downloaded and ran the script. It found quite some errors. How can i fox them?
  • The mentioned users are inside the 'Users' container.
  • I checked on the errors with:
Code: [Select]
samba-tool dbcheck --cross-ncs
    Should i run the command with --fix?
    Code: [Select]
    samba-tool dbcheck --cross-ncs --fix
    Attached is the output of the zentyal check script.

    Thanks for looking into it! Alex

    Quote
    Subject: System report


    ##################
    # GENERAL CHECKS #
    ##################

    ########
    ## Hostname
    ########

    largo.foo.bar.xyz

    ########
    ## Hosts
    ########

    127.0.0.1       localhost.localdomain localhost
    127.0.1.1       largo.foo.bar.xyz largo

    # The following lines are desirable for IPv6 capable hosts
    ::1     localhost ip6-localhost ip6-loopback
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters

    ########
    ## Resolv
    ########

    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    # and managed by Zentyal.
    #
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    #
    nameserver 127.0.0.1
    search foo.bar.xyz

    ########
    ## Version of Zentyal and Ubuntu
    ########

    Zentyal 5.1.3
    Ubuntu 16.04.6 LTS

    ########
    ## Zentyal's modules installed
    ########

    ii zentyal-antivirus 5.1.1
    ii zentyal-ca 5.1
    ii zentyal-common 5.0.12
    ii zentyal-core 5.1.3
    ii zentyal-dhcp 5.1.1
    ii zentyal-dns 5.1
    ii zentyal-firewall 5.1
    ii zentyal-mail 5.1
    ii zentyal-mailfilter 5.1
    ii zentyal-network 5.1
    ii zentyal-ntp 5.1
    ii zentyal-objects 5.0.10
    ii zentyal-openchange 5.0.3
    ii zentyal-samba 5.1.2
    ii zentyal-services 5.0.10
    ii zentyal-software 5.1
    ii zentyal-sogo 5.1

    ########
    ## Modules which are enabled
    ########

    Zentyal module network:                 [ ENABLED ]
    Zentyal module firewall:                [ ENABLED ]
    Zentyal module antivirus:               [ ENABLED ]
    Zentyal module audit:                   [ DISABLED ]
    Zentyal module ca:                      [ ENABLED ]
    Zentyal module dhcp:                    [ ENABLED ]
    Zentyal module dns:                     [ ENABLED ]
    Zentyal module logs:                    [ ENABLED ]
    Zentyal module mail:                    [ ENABLED ]
    Zentyal module mailfilter:              [ ENABLED ]
    Zentyal module ntp:                     [ ENABLED ]
    Zentyal module samba:                   [ ENABLED ]
    Zentyal module sogo:                    [ ENABLED ]
    Zentyal module webadmin:                [ ENABLED ]

    ########
    ## Zentyal Commercial Edition
    ########

    The server doesn't have a license key.

    ########
    ## Uptime
    ########

    Uptime's server: up 13 hours, 6 minutes

    ########
    ## Memory
    ########

    Total memory: 1839 MB
    Memory usage: 50.84%
    SWAP usage: 2035 MB

    ########
    ## CPU
    ########

    Total cores:  2
    CPU load average (1m,5m,15m): 2.08. 1.85. 1.69

    ########
    ## Hard Drives and partitions
    ########

    NAME                 MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
    sr0                   11:0    1 1024M  0 rom 
    vda                  253:0    0   64G  0 disk
    ├─vda1               253:1    0  243M  0 part /boot
    ├─vda2               253:2    0    1K  0 part
    └─vda5               253:5    0 63.8G  0 part
      ├─largo--vg-root   252:0    0 59.8G  0 lvm  /
      └─largo--vg-swap_1 252:1    0    4G  0 lvm  [SWAP]

    ## Disk usage:

    Filesystem                 Type      Size  Used Avail Use% Mounted on
    /dev/mapper/largo--vg-root ext4       59G  6.0G   50G  11% /
    /dev/vda1                  ext2      236M  169M   55M  76% /boot

    ########
    ## Network Interfaces
    ########

    ## Interfaces available:

    eth0

    ## IPs configured:

     eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
        inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0

    ## Network Interfaces where were 'Down': 0

    ########
    ## Server packages
    ########

    Broken packages: 0
    Upgradable packages:

    157 packages can be updated.
    127 updates are security updates.

    Last update by Zentyal:

    ########
    ## Repositories
    ########

    ## Repositorios configured:
    deb http://de.archive.ubuntu.com/ubuntu/ xenial main restricted
    deb http://de.archive.ubuntu.com/ubuntu/ xenial-updates main restricted
    deb http://de.archive.ubuntu.com/ubuntu/ xenial universe
    deb http://de.archive.ubuntu.com/ubuntu/ xenial-updates universe
    deb http://de.archive.ubuntu.com/ubuntu/ xenial multiverse
    deb http://de.archive.ubuntu.com/ubuntu/ xenial-updates multiverse
    deb http://de.archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse
    deb http://security.ubuntu.com/ubuntu xenial-security main restricted
    deb http://security.ubuntu.com/ubuntu xenial-security universe
    deb http://security.ubuntu.com/ubuntu xenial-security multiverse

    ## Custom repositories:

    /etc/apt/sources.list.d/zentyal-archive.list
    deb http://archive.zentyal.org/zentyal 5.1 main


    ########
    ## System emails
    ########

    Number of emails for user 'amavis': 24
    Number of emails for user 'root': 74543

    ########
    ## Mysql daemon
    ########

    active

    ########
    ## Mysql databases
    ########


    ## Databases available:

    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | mysql              |
    | openchange         |
    | performance_schema |
    | sogo               |
    | spamassassin       |
    | sys                |
    | zentyal            |
    +--------------------+

    ## Mysql databases check:

    mysql.columns_priv                                 OK
    mysql.db                                           OK
    mysql.engine_cost                                  OK
    mysql.event                                        OK
    mysql.func                                         OK
    mysql.general_log                                  OK
    mysql.gtid_executed                                OK
    mysql.help_category                                OK
    mysql.help_keyword                                 OK
    mysql.help_relation                                OK
    mysql.help_topic                                   OK
    mysql.host                                         OK
    mysql.innodb_index_stats                           OK
    mysql.innodb_table_stats                           OK
    mysql.ndb_binlog_index                             OK
    mysql.plugin                                       OK
    mysql.proc                                         OK
    mysql.procs_priv                                   OK
    mysql.proxies_priv                                 OK
    mysql.server_cost                                  OK
    mysql.servers                                      OK
    mysql.slave_master_info                            OK
    mysql.slave_relay_log_info                         OK
    mysql.slave_worker_info                            OK
    mysql.slow_log                                     OK
    mysql.tables_priv                                  OK
    mysql.time_zone                                    OK
    mysql.time_zone_leap_second                        OK
    mysql.time_zone_name                               OK
    mysql.time_zone_transition                         OK
    mysql.time_zone_transition_type                    OK
    mysql.user                                         OK
    openchange.folders                                 OK
    openchange.folders_properties                      OK
    openchange.mailboxes                               OK
    openchange.mailboxes_properties                    OK
    openchange.messages                                OK
    openchange.messages_properties                     OK
    openchange.migrations                              OK
    mysql.time_zone_transition                         OK
    mysql.time_zone_transition_type                    OK
    mysql.user                                         OK
    openchange.folders                                 OK
    openchange.folders_properties                      OK
    openchange.mailboxes                               OK
    openchange.mailboxes_properties                    OK
    openchange.messages                                OK
    openchange.messages_properties                     OK
    openchange.migrations                              OK
    openchange.named_properties                        OK
    openchange.organizational_units                    OK
    openchange.provisioning_folders                    OK
    openchange.provisioning_special_folders            OK
    openchange.public_folders                          OK
    openchange.replica_mapping                         OK
    openchange.servers                                 OK
    sogo.sogo_folder_info                              OK
    sogo.sogo_sessions_folder                          OK
    sogo.sogo_user_profile                             OK
    sogo.sogoapfeiffe0010c43d696                       OK
    sogo.sogoapfeiffe0010c43d696_acl                   OK
    sogo.sogoapfeiffe0010c43d696_quick                 OK
    sogo.sogoapfeiffe0012e76f3d9                       OK
    sogo.sogoapfeiffe0012e76f3d9_acl                   OK
    sogo.sogoapfeiffe0012e76f3d9_quick                 OK
    sogo.sogoapfeiffe00140f33cb4                       OK
    sogo.sogoapfeiffe00140f33cb4_acl                   OK
    sogo.sogoapfeiffe00140f33cb4_quick                 OK
    sogo.sogocglauerd001005f4af6                       OK
    sogo.sogocglauerd001005f4af6_acl                   OK
    sogo.sogocglauerd001005f4af6_quick                 OK
    sogo.sogocglauerd0011be37158                       OK
    sogo.sogocglauerd0011be37158_acl                   OK
    sogo.sogocglauerd0011be37158_quick                 OK
    spamassassin.bayes_expire                          OK
    spamassassin.bayes_global_vars                     OK
    spamassassin.bayes_seen                            OK
    spamassassin.bayes_token                           OK
    spamassassin.bayes_vars                            OK
    sys.sys_config                                     OK
    zentyal.audit_actions                              OK
    zentyal.audit_sessions                             OK
    zentyal.av_db_updates                              OK
    zentyal.firewall                                   OK
    zentyal.firewall_report                            OK
    zentyal.leases                                     OK
    zentyal.mail_message                               OK
    zentyal.mailfilter_pop                             OK
    zentyal.mailfilter_smtp                            OK
    zentyal.samba_access                               OK
    zentyal.samba_access_report                        OK
    zentyal.samba_disk_usage                           OK
    zentyal.samba_disk_usage_report                    OK
    zentyal.samba_quarantine                           OK
    zentyal.samba_virus                                OK
    zentyal.samba_virus_report                         OK
    zentyal.samba_virus_share_report                   OK

    ###################
    # Login accesses #
    ###################

    Successful accesses to the Zentyal Admin Interface: 181
    Failed accesses to the Zentyal Admin Interface: 0

    Successful accesses from SSH: 0
    Failed accesses from SSH: 0

    Successful accesses  to Sogo Web Interface: 0
    Failed accesses to Sogo Web Interface: 0

    #####################
    # ZENTYAL LOG FILE  #
    #####################

    ## Errors and Warnings found from '2017/06/28' to '2022/01/26'

    ## Errors found:
    sogo                                0
    ejabber                             0
    ntp                                 1
    dhcp                                0
    openvpn                             0
    logs                                0
    dns                                 21
    mail                                0
    network                             0
    ipsec                               0
    squid                               0
    firewall                            0
    mysql                               1
    samba                               12

    ## Warnings found:
    sogo                                0
    ejabber                             0
    ntp                                 1
    dhcp                                0
    openvpn                             0
    logs                                1
    dns                                 0
    mail                                0
    network                             0
    ipsec                               0
    squid                               0
    firewall                            0
    mysql                               0
    samba                               9941

    ###################
    # Antivirus module #
    ###################

    Last update of the 'main' database file:
    Last update of the 'daily' database file: Wed Jan 26
    Last update of the 'bytecode' database file:

    Number of Virus detected: 0

    ############################
    # DOMAIN CONTROLLER CHECKS #
    ############################

    ########
    ## DNS user
    ########

    dns-largo

    ## DNS users on DnsAdmins:

    dns-largo

    ########
    ## DNS user password flags
    ########

    Usuario: dns-largo -> U

    ########
    ## DNS user ticket
    ########

    Skipping the check for Kerberos ticket for 'dns-largo' because its password isn't set as 'noexpiry'.

    ########
    ## Status of old Samba daemon
    ########

    ## Daemons' information:
    Status of the daemon: 'smbd': active
    State of the daemon: 'smbd': enabled

    Status of the daemon: 'nmbd': active
    State of the daemon: 'nmbd': enabled

    Status of the daemon: 'winbind': active
    State of the daemon: 'winbind': enabled

    Status of the daemon: 'sssd': inactive
    State of the daemon: 'sssd':

    ########
    ## Samba database check
    ########

    Checked 5041 objects (4702 errors)

    ########
    ## FSMO OWNER
    ########

    SchemaMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
    InfrastructureMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
    RidAllocationMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
    PdcEmulationMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
    DomainNamingMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
    DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
    ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz

    ########
    ## Domain Controllers configured
    ########

    dn: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
    objectGUID: ff01cd9f-e4a8-4c70-be96-98a4dce4fbfa

    ########
    ## DNS alias
    ########

    ff01cd9f-e4a8-4c70-be96-98a4dce4fbfa._msdcs.foo.bar.xyz is an alias for largo.foo.bar.xyz.

    ########
    ## DNS Errors on log file
    ########

    --
    2017/07/10 16:48:32 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-largo failed.
    2017/07/10 16:48:32 ERROR> Service.pm:962 EBox::Module::Service::restartService - Error restarting service: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-largo failed.
    Error output: Password has expired
     dns-largo@foo.bar.xyz's Password:
    --
    2017/07/10 16:48:32 ERROR> Service.pm:964 EBox::Module::Service::restartService - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-largo failed.
    2017/07/10 16:48:32 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of DNS from dashboard failed: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-largo failed.
    Error output: Password has expired
     dns-largo@foo.bar.xyz's Password:

    ################
    # Mails status #
    ################

    ## Status of the emails that were sent and received between the dates: 'Jan 23 07:35:03' and 'Jan 26 06:10:43' :
    Mail queue:
    Mail queue is empty
    Mails sent: 14
    Mails rejected: 0
    Mails bounced: 0
    Mails analized by Mailfilter: 7
    Mails with virus: 0
    Mails block by SPAM: 0
    Mails block by File Type: 0

    turalyon

    • Zen Warrior
    • ***
    • Posts: 197
    • Karma: +15/-0
      • View Profile
    Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
    « Reply #5 on: January 28, 2022, 11:46:11 am »
    Hi Alxndr,

    The special DNS user is always called 'dns-hostname_of_the_machine'. In your case, it is 'dns-largo' as you can see.

    You have 4702 errors from 5041 objects, which are a lot of errors. Probably those errors are cause of your issue during the join. Before run the command (samba-tool dbcheck --cross-ncs --fix --yes) to try to fix them, make sure to have a backup of your Zentyal server. And after the fixes, do several tests to confirm that the domain controller is stable.

    --
    “This world is ours, and by the Holy Light we will keep it safe, now and forever".