AD Takeover fails due to GPO problem

UCS - Univention Corporate Server
#1

Hello,

we are currently trying to replace an old Samba 4.1 on Ubuntu with an UCS. (Replacing Samba 4.1 on U16.04 with UCS 4.3 fails).

Following the recommendations we have started the migration with the takeover app, which runs without an error until the sysvol share has to be copied. Since the are using two linux servers we copied sysvol with rsync -avuz .

Now the app tells us:

Interner Modulfehler: Zustand ‘sysvol’ erwartet, aber ‘takeover’ gefunden.

Some postings mentioned, that we should check the ACLs, but rsync seems to have copied them all. Since the customer hasn’t used GPOs so far - can we skip this step and the takeover will be successful nevertheless?

Thanks for any suggestions.

Regards,

Stefan

Replacing Samba 4.1 on U16.04 with UCS 4.3 fails
#2

Hey,

did you close and re-open the AD Takeover app when you ran the sysvol sync?

Unfortunately I don’t know enough about the app’s inner workings to comment on how to get it working again (it sounds stuck with that “internal module error”). Hopefully someone from Univention can provide some insight.

One option might be to start over (make sure to delete the machine account in the old AD domain). You might also have to restart the UCS server in order to start fresh.

Yes. If there are no GPOs at all, that step isn’t relevant.

m.

#3

IIRC the “state” during Takeover is written to /var/lib/samba/private/.adtakeover
The order of the states should be

  1. start
  2. joined
  3. sysvol
  4. takeover
  5. finished
  6. done

So “something” happened that “takeover” (step 4) is in the state file, but the UMC modules expects “sysvol” (step 3). Did you run the Takeover wizard several times?

Regarding the GPOs: It should also be possible to run the robocopy command from a Windows client that is joined to the domain. This way we are sure to copy all ACLs correctly.

Best regards,
Michael Grandjean

#4

The problem was, that we tested it with an fresh installation that did not contain any GPOs. After we copied the GPOs of the server that should be replaced, the takeover finished without any error messages,

1 Like
Mastodon