Re: [Samba] samba 4 join error to MS Server 2003 - WERR_GENERAL_FAILURE

[Andrew Bartlett]

On Wed, 2012-11-28 at 14:52 -0800, todd kman wrote:
 Hi all,
 I am just experimenting with Samba 4.
 I have a Ubuntu server 12.04 with samba 4 compiled successfully.  I have 
 webmin installed as well.
 I am trying to connect the Ubuntu/Samba server on system GIS30 to a web 
 domain called CODOMAIN. 
 CODOMAIN is administered by gis-server-2 a Microsoft Windows Server 2003 R2, 
 Standard x64 - Edition Version 5.2 (Build 3790 : Service Pack 2) (x64).
 Gis-server-2 is an Active Directory server, and Exchange server.  (Exchange 
 Server 2007 Microsoft Corporation Version: 08.01.0436.000)
 If I was to guess it looks like the Exchange server component is causing some 
 problem.
 
 I can see others referencing the error Failed to commit objects: 
 WERR_GENERAL_FAILURE 
 The following thread was from July 2012 and it appears some fix was put into 
 the main but I believe I have downloaded and compiled a more current release 
 of Samba 4 and yet I am still getting this error.
 http://samba.2283325.n4.nabble.com/Can-t-join-as-DC-on-Samba4-Beta4-5-td4634916.html
 
 Is there an update on this?

 Failed to apply
 records: attribute 'msExchOWATranscodingFileTypes': value #1 on
 'CN=owa (Default Web
 Site),CN=HTTP,CN=Protocols,CN=GIS-SERVER-2,CN=Servers,CN=Exchange
 Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
 Groups,CN=First Organization,CN=Microsoft
 Exchange,CN=Services,CN=Configuration,DC=CODomain,DC=local' provided
 more than once: Attribute or value exists
 Failed to commit
 objects: WERR_GENERAL_FAILURE
 Join failed -

As I said on IRC (but following up here so others might understand the
situation better, and so we can loop back to you about fixing this up
properly):

In short, your other DCs have sent you the same value twice in a
multi-valued attribute.  This isn't valid LDAP, and we are being
stricter than Microsoft is, or we consider two values to be equivalent
when Microsoft considers them distinct. The issue is that we haven't
tested much with importing exchange-enabled domains so we just haven't
seen this before, and so we need to work out how to handle this
particular 'violation'. 

Mostly, we have found that AD doesn't re-check schema syntax during
replication, so if somehow a duplicate does get into the system, it will
not cause replication to fail.  We are stricter, mostly due to the
layering of our databases.  We may have to turn that off.

Running this:
ldbsearch -Uadministrator -H ldap://ms-dc -s base -b CN=owa (Default
Web  Site),CN=HTTP,CN=Protocols,CN=GIS-SERVER-2,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=CODomain,DC=local
msExchOWATranscodingFileTypes

should give us more clues here, and help us solve this for the long
term.  Please file a bug with this info in the meantime, so we can track
this.

Thanks,

Andrew Bartlett
-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba 4 join error to MS Server 2003 - WERR_GENERAL_FAILURE

[todd kman]

Hi all,
I am just experimenting with Samba 4.
I have a Ubuntu server 12.04 with samba 4 compiled successfully.  I have webmin 
installed as well.
I am trying to connect the Ubuntu/Samba server on system GIS30 to a web domain 
called CODOMAIN. 
CODOMAIN is administered by gis-server-2 a Microsoft Windows Server 2003 R2, 
Standard x64 - Edition Version 5.2 (Build 3790 : Service Pack 2) (x64).
Gis-server-2 is an Active Directory server, and Exchange server.  (Exchange 
Server 2007 Microsoft Corporation Version: 08.01.0436.000)
If I was to guess it looks like the Exchange server component is causing some 
problem.

I can see others referencing the error Failed to commit objects: 
WERR_GENERAL_FAILURE 
The following thread was from July 2012 and it appears some fix was put into 
the main but I believe I have downloaded and compiled a more current release of 
Samba 4 and yet I am still getting this error.
http://samba.2283325.n4.nabble.com/Can-t-join-as-DC-on-Samba4-Beta4-5-td4634916.html

Is there an update on this?

Thanks for any help.


When I attempt the join it fails.
Below is the command line display. 


root@gis30://root/samba-master#
bin/samba-tool domain join CODOMAIN.LOCAL DC --username=nwadmin
--realm=CODOMAIN.LOCAL
Finding a
writeable DC for domain 'CODOMAIN.LOCAL'
Found DC
gis-server-2.CODomain.local
Password for
[CODOMAIN\nwadmin]:
workgroup is
CODOMAIN
realm is
CODomain.local
checking
sAMAccountName
Adding
CN=GIS30,OU=Domain Controllers,DC=CODomain,DC=local
Adding
CN=GIS30,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CODomain,DC=local
Adding CN=NTDS
Settings,CN=GIS30,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CODomain,DC=local
Adding SPNs to
CN=GIS30,OU=Domain Controllers,DC=CODomain,DC=local
Setting account
password for GIS30$
Enabling account
Calling bare
provision
No IPv6 address
will be assigned
Provision OK for
domain DN DC=CODomain,DC=local
Starting
replication
Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local]
objects[402] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local]
objects[804] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local]
objects[1206] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local]
objects[1608] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local]
objects[2010] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local]
objects[2412] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local]
objects[2814] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local]
objects[3032] linked_values[0]
Analyze and apply
schema objects
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[402] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[804] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[1206] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[1608] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[2010] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[2412] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[2814] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[3216] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[3618] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[4009] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[4238] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[4395] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[4554] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[4737] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[4837] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[4922] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[5010] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[5097] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[5183] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[5272] linked_values[0]
Partition[CN=Configuration,DC=CODomain,DC=local]
objects[5411] linked_values[0]
Failed to apply
records: attribute 'msExchOWATranscodingFileTypes': value #1 on
'CN=owa (Default Web
Site),CN=HTTP,CN=Protocols,CN=GIS-SERVER-2,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=CODomain,DC=local' provided
more than once: Attribute or value exists
Failed to commit
objects: WERR_GENERAL_FAILURE
Join failed -
cleaning up
checking
sAMAccountName
Deleted
CN=GIS30,OU=Domain Controllers,DC=CODomain,DC=local
Deleted CN=NTDS