Bug 34650

Summary: AD Takeover App: traceback
Product: UCS Reporter: Philipp Hahn <hahn>
Component: UMC - AD ConnectorAssignee: Connector maintainers <connector-maintainers>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: P5 CC: best, gohmann, klaeser, requate
Version: UCS 3.2   
Target Milestone: UCS 3.2-x   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Error handling
Max CVSS v3 score:

Description Philipp Hahn univentionstaff 2014-04-25 15:16:18 CEST 
Stall at 98%, then:

Ein Fehler ist aufgetreten: Die Ausführung des Kommandos copy_domain_data ist fehlgeschlagen: Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/__init__.py", line 60, in _background result = func(self, request) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/__init__.py", line 107, in copy_domain_data takeover.join_to_domain_and_copy_domain_data(ip, username, password, self.progress) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/takeover.py", line 289, in join_to_domain_and_copy_domain_data takeover.start_s4_connector(progress) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/takeover.py", line 1275, in start_s4_connector wait_for_s4_connector_replication(self.ucr, self.lp, progress) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/takeover.py", line 1986, in wait_for_s4_connector_replication msgs = samdb.search(base="", scope=samba.ldb.SCOPE_BASE, attrs=["highestCommittedUSN"]) LdbError: (34, 'NULL Base DN invalid for a base search')
Comment 1 Philipp Hahn univentionstaff 2014-04-25 19:14:32 CEST 
2nd try directly from the command-line:

The S4 connector no longer starts and immediately exists with 0.
The ad-takeover script is stuck waiting for it:
> Starting S4 Connector
> Waiting for S4 Connector sync
> Progress details are logged to /var/log/univention/connector-s4-status.log
..........................................................................

# tail connector-s4-status.log
opening /var/log/univention/connector-s4.log failed
Warning: Can't initialize LDAP-Connections, wait...

# tail connector-s4.log
25.04.2014 19:17:09,672 MAIN        (------ ): DEBUG_INIT
25.04.2014 19:17:09,693 LDAP        (INFO   ): init finished
25.04.2014 19:17:09,693 LDAP        (INFO   ): __init__: The LDAP connection to S4 does not use SSL (switched off by UCR "connector/s4/ldap/ssl").
25.04.2014 19:17:09,702 LDAP        (INFO   ): close debug

# ucr get connector/s4/ldap/ssl
no

The AD-takeover was started after using the UCS DC master for one day already, so the UCS already contains some data.

The takeover script should at least better check for error conditions.
Comment 2 Philipp Hahn univentionstaff 2014-04-25 21:10:25 CEST 
This was probably caused by using a non-standard sequence: The UCS DC Master was setup first and already used for one day.
For demonstration purpose the MS Windows 2008 Server was setup later: the same DNS domain name was used, but Windows detected a conflict in the WINS name and proposed a different name (SCHULUNG6 → SCHULUNG60).
This difference then causes Samba4 to no longer start:
[2014/04/25 14:10:45.383931,  0, pid=1876] ../source4/librpc/rpc/dcerpc_sock.c:425(continue_ip_open_socket)
  Failed to connect host 172.16.1.61 (247fed98-8188-44c7-ae58-ad54ea70a717._msdcs.schulung6.ucs) on port 135 - NT_STATUS_HOST_UNREACHABLE.

Maybe the AD takeover should check for that condition and abort with some useful error message instead of silently getting stuck?
Comment 3 Florian Best univentionstaff 2016-10-10 14:33:32 CEST 

*** This bug has been marked as a duplicate of bug 38983 ***
Comment 4 Arvid Requate univentionstaff 2016-10-10 21:01:09 CEST 

*** This bug has been marked as a duplicate of bug 39070 ***