Bug 33339 – univention-ad-takeover of windows server 2003 - join of another ucs slave failed after takeover

Bug 33339 - univention-ad-takeover of windows server 2003 - join of another ucs slave failed after takeover


Summary:	univention-ad-takeover of windows server 2003 - join of another ucs slave fai...

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UNSTABLE
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 3.2
Assigned To:	Arvid Requate
QA Contact:	Felix Botner

URL:
Keywords:	interim-4

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-11-12 17:09 CET by Felix Botner
Modified:	2013-11-19 06:43 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
join.log (dc slave) (37.32 KB, text/x-log) 2013-11-12 17:10 CET, Felix Botner	Details
ad-takeover.log (2) (45.60 KB, text/x-log) 2013-11-13 11:44 CET, Felix Botner	Details
join.log (dc slave) (2) (46.69 KB, text/x-log) 2013-11-13 11:44 CET, Felix Botner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2013-11-12 17:09:10 CET

Windows Server 2003
UCS 3.2 Master

-> univention-ad-takeover 

Everything OK, all users and groups were migrated.
Join of another Windows client (win8.1) was also successful.

But now the join of anther UCS slaves fails.

Comment 1 Felix Botner

2013-11-12 17:10:11 CET

Created attachment 5615 [details]
join.log (dc slave)

Comment 2 Felix Botner

2013-11-12 17:10:56 CET

univention-samba4 is installed on the slave

Comment 3 Arvid Requate

2013-11-12 17:54:37 CET

Ok, I guess this issue might be specific to 2003 R1. After the takeover some attributes are not correct in sam.ldb. samba-tool dbfix is able to fix this, so we now run it at the end of the process.

Changelog adjusted.


Another thing to note is that the final domain function level is pretty low in this case:
===============================================================
root@master:~# samba-tool domain level show
Domain and forest function level for domain 'DC=w2k3,DC=test'

ATTENTION: You run SAMBA 4 on a forest function level lower than Windows 2000 (Native). This isn't supported! Please raise!

ATTENTION: You run SAMBA 4 on a domain function level lower than Windows 2000 (Native). This isn't supported! Please raise!

Forest function level: (Windows) 2000
Domain function level: (Windows) 2000 mixed (NT4 DC support)
Lowest function level of a DC: (Windows) 2003
===============================================================
For the time beeing this can be raised manually via samba-tool, in case it causes any issues.

Comment 4 Felix Botner

2013-11-13 11:43:42 CET

nop, still does not work

Failed to apply records: Failed to find GUID for CN=Administrator,cn=users,dc=w2k3,dc=test: No such object
Failed to commit objects: WERR_GENERAL_FAILURE
ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/domain.py", line 560, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.6/dist-packages/samba/join.py", line 1220, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.6/dist-packages/samba/join.py", line 1102, in do_join
    ctx.join_replicate()
  File "/usr/lib/python2.6/dist-packages/samba/join.py", line 836, in join_replicate
    replica_flags=ctx.domain_replica_flags)
  File "/usr/lib/python2.6/dist-packages/samba/drs_utils.py", line 256, in replicate
    schema=schema, req_level=req_level, req=req)

Comment 5 Felix Botner

2013-11-13 11:44:34 CET

Created attachment 5619 [details]
ad-takeover.log (2)

Comment 6 Felix Botner

2013-11-13 11:44:50 CET

Created attachment 5620 [details]
join.log (dc slave) (2)

Comment 7 Arvid Requate

2013-11-13 12:19:56 CET

Without raising the domain function level even the "samba-tool dbcheck --fix" aborted with a panic. The documentation is now adjusted to check this manually:

http://wiki.univention.de/index.php?title=Univention_AD_Takeover#Required_tasks_after_the_takeover

Comment 8 Felix Botner

2013-11-13 15:54:05 CET

OK

Comment 9 Stefan Gohmann

2013-11-19 06:43:56 CET

UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".