Problem: Join Fails with NT_STATUS_CONNECTION_REFUSED

Christian_Voelker · October 11, 2018, 9:59am

Problem

Trying to join to an UCS domain fails.

In the /var/log/univention/join.log you will see the following error messages:

Failed to connect host 172.1.42.13 on port 135 - NT_STATUS_CONNECTION_REFUSED
Failed to connect host 172.1.42.13 (172.1.42.13) on port 135 - NT_STATUS_CONNECTION_REFUSED.
ERROR: Connecting to DNS RPC server 172.1.42.13 failed with (-1073741258, 'The transport-connection attempt was refused by the remote system.')

Solution

The Samba service on the master server is not reachable. There might be different reasons for this behaviour.

Option 1

There might be a firewall in between the server-to-be-joined and the master DC.
Check your firewall settings and make sure all ports are open as documented

Option 2

Verify a process on the master is listening on the interface by

root@master:~# netstat -anp| grep 135
tcp        0      0 172.1.42.13:135      0.0.0.0:*               LISTEN      1666/samba          
tcp        0      0 127.0.0.1:135           0.0.0.0:*               LISTEN      1666/samba          
tcp6       0      0 ::1:135                 :::*                    LISTEN      1666/samba

If samba does not listen on the needed interfaces, check variables (through ucr get VARIABLE):

samba/interfaces/bindonly: yes
samba/interfaces: lo ens192
samba/register/exclude/interfaces: docker0

Option 3

Verify if Samba is up and running - please use this way and do NOT use systemctl, service or other commands.

/etc/init.d/samba start
/etc/init.d/samba status

Option 4

Verify Samba is installed on master:

root@master:~# dpkg -l | grep univention-samba4
ii  univention-samba4                                   7.0.2-26A~4.3.0.201810080957                     amd64        UCS - Samba4 integration package

Otherwise install by univention-install univention-samba4