Hello,
I’m trying to take over a Windows 2008 R2 Domain to a current release of the UCS. If have done this now twice and during both tests the connector-s4 stops at 98%. At this time the file /var/log/univention/ad-takeover.log contains the following information:
04.11.2019 18:08:57.606 MAIN (------ ): DEBUG_INIT
04.11.2019 18:08:57.972 LDAP (PROCESS): Building internal group membership cache
04.11.2019 18:08:57.989 LDAP (PROCESS): Internal group membership cache was created
04.11.2019 18:08:58.127 LDAP (PROCESS): initialize S4: last USN is 0, sync all
04.11.2019 18:08:58.249 LDAP (WARNING): encode_s4_object: encode attrib msDFSR-ContentSetGuid failed, ignored!
04.11.2019 18:08:58.249 LDAP (WARNING): encode_s4_object: encode attrib msDFSR-ReplicationGroupGuid failed, ignored!
04.11.2019 18:08:58.251 LDAP (WARNING): encode_s4_object: encode attrib msDFSR-ReplicationGroupGuid failed, ignored!
04.11.2019 18:08:58.251 LDAP (WARNING): encode_s4_object: encode attrib samDomainUpdates failed, ignored!
04.11.2019 18:08:58.289 LDAP (PROCESS): sync to ucs: [ container_dc] [ modify] u’dc=firma,dc=net’
04.11.2019 18:08:58.305 LDAP (PROCESS): sync to ucs: [ container] [ modify] u’CN=Users,dc=firma,dc=net’
04.11.2019 18:08:58.358 LDAP (PROCESS): sync to ucs: [ container] [ modify] u’CN=Computers,dc=firma,dc=net’
04.11.2019 18:08:58.418 LDAP (PROCESS): sync to ucs: [ container] [ modify] u’CN=System,dc=firma,dc=net’
04.11.2019 18:08:58.482 LDAP (PROCESS): sync to ucs: [ container] [ modify] u’CN=Policies,CN=System,dc=firma,dc=net’
04.11.2019 18:08:58.644 LDAP (PROCESS): sync to ucs: [ msGPO] [ add] u’CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,dc=firma,dc=net’
04.11.2019 18:08:59.463 MAIN (------ ): DEBUG_INIT
04.11.2019 18:09:00.115 MAIN (------ ): DEBUG_INIT
04.11.2019 18:09:00.761 MAIN (------ ): DEBUG_INIT
04.11.2019 18:09:01.398 MAIN (------ ): DEBUG_INIT
After about 15min I restarted /etc/init.d/univention-s4-connector and the migration continues.
At the end, the web interface reports no errors, but none of the user accounts has been migrated.
In /var/log/univention/ad-takeover.log I do not find any errors about the migration of the user accounts. The only error appears at the beginning of the migration:
2019-11-05 10:02:10,870 Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: Could not find entry to match filter: ‘(&(flatname=FIRMA)(objectclass=primaryDomain))’ base: ‘cn=Primary Domains’: No such object: dsdb_search at …/…/source4/dsdb/common/util.c:4733 and failed to open /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
This is just a test installation, so I can repeat it as often as necessary.
Thanks for any suggestions/hints,
Stefan