BDC can't join Domain - [E: Object exists:

smguenther · February 7, 2019, 6:18pm

Hello,

we just wanted to setup and join a BDC to our domain. Since joining failed during the installation, we repeated it on the command line. This failed again with the following error:


**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message:  Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- failed to create DC Backup (1) [E: Object exists: (mac)  90:1b:0e:45:ca:0d]

Searching the forum for an error like this, we found the following thread:

The problem now is, that when we enter the suggested ldapsearch on the PDC, we don’t get a result:


univention-ldapsearch 'macAddress=90:1b:0e:45:ca:0d' dn
# extended LDIF
#
# LDAPv3
# base <dc=dom1,dc=local> (default) with scope subtree
# filter: macAddress=90:1b:0e:45:ca:0d
# requesting: dn 
#

# search result
search: 3
result: 0 Success
# numResponses: 1

How does the PDC know, that the BDC already exists? The PDC is a UCS 4.3 that took over the domain from a manually compiled Samba 4.1 on Ubuntu. Therefore somewhere the information about the BDC may be stored, but the question is, where?

EDIT:
We found the following entries in /var/log/univention/listener.log

09.02.19 22:02:48.908  LISTENER    ( PROCESS ) : updating 'cn=2269,cn=uidNumber,cn=temporary,cn=univention,dc=dom1,dc=local' command a
09.02.19 22:02:49.155  LISTENER    ( PROCESS ) : updating 'cn=2269,cn=gidNumber,cn=temporary,cn=univention,dc=dom1,dc=local' command a
09.02.19 22:02:49.264  LISTENER    ( PROCESS ) : updating 'cn=2269,cn=gidNumber,cn=temporary,cn=univention,dc=dom1,dc=local' command d
09.02.19 22:02:49.336  LISTENER    ( PROCESS ) : updating 'cn=90:1b:0e:45:ca:0d,cn=mac,cn=temporary,cn=univention,dc=dom1,dc=local' command a
09.02.19 22:02:49.537  LISTENER    ( PROCESS ) : updating 'cn=2269,cn=uidNumber,cn=temporary,cn=univention,dc=dom1,dc=local' command d
09.02.19 22:02:49.609  LISTENER    ( PROCESS ) : updating 'cn=90:1b:0e:45:ca:0d,cn=mac,cn=temporary,cn=univention,dc=dom1,dc=local' command d

Thanks for any hints & suggestions,

Stefan

Christian_Voelker · February 15, 2019, 8:27am

Hi,

perhaps there are some remainders of previous attempts left? Have you tried this?

/CV

smguenther · April 22, 2019, 8:48am

Hello Christian,

we do not dare to execute that command.

The old system was a Samba 4 on Ubuntu, with the name MAJESTIX. We performed a AD takeover with an UCS called TROUBADIX. The ldap directory now contains entries both for MAJESTIX and TROUBADIX. We are afraid, that if we remove all entries related to MAJESTIX, the clients might not find the PDC anymore. Or will they automatically do a fallback on TROUBADIX?

Thanks for your suggestions and have a nice holiday,

Stefan

smguenther · May 4, 2019, 12:10pm

Mit den Vorschlag für die Änderung des Parameters SKIPIPMAC im Skript /usr/sbin/univention-join aus dem Thread https://help.univention.com/t/dc-slave-mit-kvm-uvmm-kann-nicht-joinen/11346 konnte das Problem gelöst werden.

Stefan