Backup Domain Join Failed

UCS - Univention Corporate Server
#1

When I join a backup to the Domain use univention join,the error i found in the join.log。How to fix it

Configure 96univention-samba4.inst Wed Dec  2 17:10:31 HKT 2020
2020-12-02 17:10:31.625854080+08:00 (in joinscript_init)
02.12.20 17:10:32.653  DEBUG_INIT
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=sh5678.cnd.intranet port=7389 base=dc=cnd,dc=intranet
UNIVENTION_DEBUG_END    : uldap.__open host=sh5678.cnd.intranet port=7389 base=dc=cnd,dc=intranet
Create samba4/role
File: /etc/samba/base.conf
Multifile: /etc/samba/smb.conf
sv status returns no running listener, don't need to restart. ... (warning).
Multifile: /etc/samba/smb.conf
Setting samba/quota/command
Multifile: /etc/samba/smb.conf
Stopping winbind (via systemctl): winbind.service.
Stopping heimdal-kdc (via systemctl): heimdal-kdc.service.
heimdal-kdc.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable heimdal-kdc
Created symlink /etc/systemd/system/heimdal-kdc.service → /dev/null.
Create samba/autostart
Create winbind/autostart
Setting kerberos/autostart
Module: autostart
Multifile: /etc/samba/smb.conf
Setting samba4/autostart
Module: autostart
Multifile: /etc/samba/smb.conf
Create samba4/ldap/base
Multifile: /etc/samba/smb.conf
Object exists: cn=Builtin,dc=cnd,dc=intranet
WARNING: cannot append cn=DC Backup Hosts,cn=groups,dc=cnd,dc=intranet to nestedGroup, value exists
No modification: cn=Enterprise Domain Controllers,cn=groups,dc=cnd,dc=intranet
Object modified: cn=Enterprise Domain Controllers,cn=groups,dc=cnd,dc=intranet
Create samba/share/netlogon
File: /etc/samba/base.conf
Multifile: /etc/samba/smb.conf
Stopping samba-ad-dc (via systemctl): samba-ad-dc.service.
Stopping smbd (via systemctl): smbd.service.
Stopping nmbd (via systemctl): nmbd.service.
Create kerberos/kdc
Setting kerberos/kpasswdserver
File: /etc/krb5.conf
Setting slapd/port
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Setting slapd/port/ldaps
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Restarting slapd (via systemctl): slapd.serviceWarning: slapd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Job for slapd.service failed because a timeout was exceeded.
See "systemctl status slapd.service" and "journalctl -xe" for details.
 failed!
Create windows/wins-support
Multifile: /etc/samba/smb.conf
Join against S4 Connector server: sh5678
Forest           : cnd.intranet
Domain           : cnd.intranet
Netbios domain   : cnd
DC name          : sh5678.cnd.intranet
DC netbios name  : sh5678
Server site      : Default-First-Site-Name
Client site      : Default-First-Site-Name
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 532, v1db1> <>
Failed to connect to 'ldap://sh5678' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 532, v1db1> <>
ERROR(ldb): uncaught exception - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 532, v1db1> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 185, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 699, in run
    backend_store=backend_store)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1516, in join_DC
    backend_store=backend_store)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 108, in __init__
    credentials=ctx.creds, lp=ctx.lp)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 67, in __init__
    options=options)
  File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115, in __init__
    self.connect(url, flags, options)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 82, in connect
    options=options)
Failed to join against the S4 Connector server sh5678.
Make sure the server is online or if this server is no longer in use,
please completely remove the server object from the domain.
Forest           : cnd.intranet
Domain           : cnd.intranet
Netbios domain   : cnd
DC name          : sh6789.cnd.intranet
DC netbios name  : sh6789
Server site      : Default-First-Site-Name
Client site      : Default-First-Site-Name
INFO 2020-12-02 17:16:43,155 pid:18700 /usr/lib/python2.7/dist-packages/samba/join.py #103: Finding a writeable DC for domain 'cnd.intranet'
ERROR: Failed to find a writeable DC for domain 'cnd.intranet': The object name is not found.
Failed to join the domain cnd.intranet.
Make sure the server is online or if this server is no longer in use,
please completely remove the server object from the domain.


**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message:  Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- FAILED: 96univention-samba4.inst
**************************************************************************
Wed Dec  2 17:16:43 HKT 2020: finish /usr/sbin/univention-join
Mastodon