[SOLVED] No AD TakeOver after upgrade to UCS 4.3.3 errata 381

Knappe · December 17, 2018, 1:45pm

because of problems connecting OSX clients to the UCS AD domain (see thread) I would recreate a new test scenario with a modified/corrected MS Server 2012R2 DC Controller.

After new install of a UCS Master AND update to the newest version, the AD TakeOver failed.

Exactly the same error message as here.

The Log from the AD TakeOver /var/log/univention/ad-takeover.log:

2018-12-17 14:29:55,700 Adding DNS A record UCS-6657.My.Domain.Name for IPv4 IP: 192.168.1.127
2018-12-17 14:29:55,809 Could not find machine account in secrets database: Failed to fetch machine account password for DOMAIN from both secrets.ldb (Could not find entry to match filter: ‘(&(flatname=DOMAIN)(objectclass=primaryDomain))’ base: ‘cn=Primary Domains’: No such object: dsdb_search at …/source4/dsdb/common/util.c:4636) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
2018-12-17 14:29:55,818 ERROR(runtime): uncaught exception - (9003, ‘WERR_DNS_ERROR_RCODE_NAME_ERROR’)

The Log from the updater /var/log/univention/updater.log:

File: /etc/apt/sources.list.d/15_ucs-online-version.list
Cannot find service-record of _pkgdb._tcp.
No DB-Server-Name found.
Current UCS version is 4.3-3 errata381

Because a AD Takeover with a previous UCS version worked perfectly, I have no clue what´s happend.
Any help is appreciated

Knappe · December 18, 2018, 9:35am

problem is in AD TakeOver:

…
2018-12-18 10:31:22,431 Provision OK for domain DN DC=My,DC=Domain,DC=de
2018-12-18 10:31:22,431 Starting replication
2018-12-18 10:31:22,431 Replicating critical objects from the base DN of the domain
2018-12-18 10:31:22,431 Done with always replicated NC (base, config, schema)
2018-12-18 10:31:22,431 Replicating DC=DomainDnsZones,DC=family,DC=e-schuett,DC=de
2018-12-18 10:31:22,431 Replicating DC=ForestDnsZones,DC=family,DC=e-schuett,DC=de
2018-12-18 10:31:22,431 Committing SAM database
2018-12-18 10:31:22,431 Join failed - cleaning up

Because every fresh install (incl. previous version of UCS) load AD TakeOver online from the APP platform.
So it´s not possible for me to get a workaround.

Any suggestions ?

externa1 · December 18, 2018, 10:40am

did youj# remove all entries from the AD Directory which the previous AD Takeover did in DNS ?
e.g. domainmaster UCS

rg
Christian

Knappe · December 18, 2018, 10:42am

completely via snapshot on a ESXi server

Knappe · December 19, 2018, 8:11am

hmmm … I checked the content of the last snapshot and found that a former replication connection to an MS DC slave was faulty and not properly syncronized. That’s why we had old data during the takeover.
After the replication config was completely removed, the AD TakeOver worked as exspected.