Univention Bugzilla – Bug 42124
failed to create DC Backup: Object exists: (mac)
Last modified: 2019-01-15 17:08:25 CET
In a technical UCS trainig the following error happend during the initial system setup: Domäneneinrichtung (Dies kann einige Zeit dauern): failed to create DC Backup (1) [E: Object exists: (mac) 52:54:00:61:0c:ea] Version: 4.1-3 errata239 (Vahr) We should check prior to joining that the object doesn't exists yet or be able to join nevertheless.
(In reply to Florian Best from comment #0) > Domäneneinrichtung (Dies kann einige Zeit dauern): failed to create DC > Backup (1) [E: Object exists: (mac) 52:54:00:61:0c:ea] Root-cause was a mismatch between the hostname in the pre-created LDAP-entry "backup" (for DHCP) and the installed system "DC0": The ldapseach for "dc0" didn't return an already existing entry and as such "univention-join" decided two create a new entry for "dc0". But during creation UDM detected the other entry "backup" already using the same "mac" address and refused to create the entry. In such cases UDM should ask the user, if either the name in UDM should be used or the name given in "univention-system-ssetup".
Again: Task #4777 2016-11-24/25 - UCS-Technikschulung - Bremen Trainee entered a different name by accident - join failed afterwards and lead to additional problems. Also: If a DHCP entry is configured before the host is joined, the client already receives its hostname, but USS still generates a random one. This this error is very likely to happen. USS should use the provided hostname instead.
Created attachment 8286 [details] Bug #42124 join: Search for IP and MAC too Might be to aggressive, as a new VM A reusing the IP of another VM B would re-use the LDAP machine entries of B. Perhaps just the MAC test (and not the IP)? There also is the case where the server/role differs between LDAP and the host, e.g. where a Member-Server is re-installed as a Slave but its old entry was not purged. In that case "udm computers/coumputer list" would find the old entry, but "udm computers/$new_role modify" would fail.
Reported again, 4.1-4 errata324 (Vahr)
Again with 4.2-0
Reported again: 4.2-2 errata219 (Lesum)
Remark: Reinstalled the same server with a different name. When I tried to install with the same name, there was a problem with the secrets.tbd/ldb. I did not want to delete the server yet, if needed I wanted to be able to restore a backup. I will change the MAC, but a question if it is ok to use the same mac would have been nice.
Reported again: Version: 4.2-3 errata254 (Lesum)
Version: 4.2-3 errata265 (Lesum) Remark: der server war schon mal in der domain - offenbar schlägt das einrichten des bdc fehl, weil die mac addresse schon vorhanden ist Domain setup (this might take a while): failed to create DC Slave (1) [E: Object exists: (mac) 08:00:27:9b:48:69]
Version: 4.2-3 errata310 (Lesum) Remark: Hallo, es gelingt nicht, einen zweiten UCS-Server in einer reinen UCS-Domäne als Backup-DC anzumelden, nur weil der Computer, auf dem jetzt der Backup-DC installiert werden soll, früher einmal als Client beim PDC angemeldet war und auch schon im DNS des PDC gelöscht wurde (auch im Reverse).
Reported again: Version: 4.3-0 errata12 (Neustadt) Remark: The hostname and mac address already existed in the domain from the server running another OS. Should I have deleted the object first?
I've adjusted univention-server-join to check and report conflicts in * name / server role * MAC * IP Manually testable like this: /usr/share/univention-join/univention-server-join \ -role domaincontroller_backup \ -hostname slave15 \ -domainname ar41i1.qa \ -ip 10.200.8.15 \ -netmask 255.255.255.0 \ -mac 52:54:00:13:b8:a2 808fcd3277 | univention-join (10.0.0-14) 58dbcab44f | Advisory The error feedback is a bit ugly, because univention-system-setup currently limits this to exactly one long line. The line is too long anyway, so I include as much error information as possible (name + IP + MAC conflicts) but try to keep it short by converting conflicting DNs to host names. Comment 1 additionally suggests: > In such cases UDM should ask the user, if either the name in UDM should be used or the name given in "univention-system-ssetup". I've split that off as Bug 47229.
OK - same name, different role -> error OK - same name, same role -> join OK - ip exists on other object -> error OK - mac exists on other object -> error OK - Warning message during installation/join OK - yaml
<http://errata.software-univention.de/ucs/4.3/123.html>
We had another report about this at Bug 46045 Comment 3 (Ticket #2018053021000497). I was able to ask the reporter for more details and it turned out that in that case a machine account of type IP managed client had been created to make the DHCP server issue an IP address for the new system but then during installation the customer chose the role memberserver. This is something we should improve in the system setup, probably also via Bug #47229.