Takeover hangs on S4 Connector

cpzengel · October 5, 2018, 11:30am

hi, i am trying to takeover a 2012 dc (2008r2 ad) and always failing that s4 does not start in the middle

any idea what this means? cant find anything in the logs except that

Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/main.py", line 279, in main
    connect()
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/main.py", line 158, in connect
    mapping.s4_mapping,
AttributeError: 'module' object has no attribute 's4_mapping'

cpzengel · October 5, 2018, 11:37am

we ran ad connector before and i added the takeover modul extra

cpzengel · October 5, 2018, 11:48am

Okt 05 13:47:17 UCS named[31943]: Loading 'samba4.zone' using driver dlopen
Okt 05 13:47:17 UCS named[31943]: samba_dlz: started for DN DC=feuerwehr-goldbach,DC=local
Okt 05 13:47:17 UCS named[31943]: samba_dlz: starting configure
Okt 05 13:47:17 UCS named[31943]: samba_dlz: trying partition 'CN=MicrosoftDNS,DC=DomainDnsZones,DC=feuerwehr
Okt 05 13:47:17 UCS named[31943]: samba_dlz: configured writeable zone 'feuerwehr-goldbach.local'
Okt 05 13:47:17 UCS named[31943]: samba_dlz: trying partition 'CN=MicrosoftDNS,DC=DomainDnsZones,DC=feuerwehr
Okt 05 13:47:17 UCS named[31943]: samba_dlz: configured writeable zone '17.168.192.in-addr.arpa'
Okt 05 13:47:17 UCS named[31943]: samba_dlz: trying partition 'CN=MicrosoftDNS,DC=ForestDnsZones,DC=feuerwehr
Okt 05 13:47:17 UCS named[31943]: samba_dlz b9_format: unhandled record type 65281
Okt 05 13:47:17 UCS named[31943]: zone _msdcs.feuerwehr-goldbach.local/NONE: could not find NS and/or SOA rec
Okt 05 13:47:17 UCS named[31943]: zone _msdcs.feuerwehr-goldbach.local/NONE: has 0 SOA records
Okt 05 13:47:17 UCS named[31943]: zone _msdcs.feuerwehr-goldbach.local/NONE: has no NS records
Okt 05 13:47:17 UCS named[31943]: samba_dlz: Failed to configure zone '_msdcs.feuerwehr-goldbach.local'
Okt 05 13:47:17 UCS named[31943]: loading configuration: bad zone
Okt 05 13:47:17 UCS named[31943]: exiting (due to fatal error)
Okt 05 13:47:17 UCS systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Okt 05 13:47:18 UCS samba4[31946]: rndc: connect failed: 127.0.0.1#953: connection refused

cpzengel · October 5, 2018, 2:15pm

Join Scipts 96 to 98 do not finish after Takeover Module Installation

univention-run-join-scripts started
Fr 5. Okt 16:13:38 CEST 2018

RUNNING 96univention-samba4.inst
2018-10-05 16:13:38.908224180+02:00 (in joinscript_init)
/usr/lib/univention-install/96univention-samba4.inst: Zeile 42: Warnung: command substitution: ignored null byte in input
05.10.18 16:13:39.595  DEBUG_INIT
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=UCS.feuerwehr-goldbach.local port=7389 base=dc=feuerwehr-goldbach,dc=local
UNIVENTION_DEBUG_END    : uldap.__open host=UCS.feuerwehr-goldbach.local port=7389 base=dc=feuerwehr-goldbach,dc=local
ERROR: The domain is in AD Member Mode, cannot join as DC.
EXITCODE=1
RUNNING 97univention-s4-connector.inst
2018-10-05 16:13:39.680939865+02:00 (in joinscript_init)
/usr/lib/univention-install/97univention-s4-connector.inst: Zeile 42: Warnung: command substitution: ignored null byte in input
05.10.18 16:13:40.263  DEBUG_INIT
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=UCS.feuerwehr-goldbach.local port=7389 base=dc=feuerwehr-goldbach,dc=local
UNIVENTION_DEBUG_END    : uldap.__open host=UCS.feuerwehr-goldbach.local port=7389 base=dc=feuerwehr-goldbach,dc=local
ERROR: The domain is in AD Member Mode.
Not updating connector/s4/autostart
Setting connector/s4/listener/disabled
Module: kopano-cfg
Restarting univention-directory-listener (via systemctl): univention-directory-listener.service.
EXITCODE=1
RUNNING 98univention-samba4-dns.inst
2018-10-05 16:13:46.515392096+02:00 (in joinscript_init)
/usr/lib/univention-install/98univention-samba4-dns.inst: Zeile 42: Warnung: command substitution: ignored null byte in input
Samba4 backend database not available yet, exiting joinscript 98univention-samba4-dns.
EXITCODE=1
RUNNING 98univention-samba4-saml-kerberos.inst
2018-10-05 16:13:47.455323674+02:00 (in joinscript_init)
/usr/lib/univention-install/98univention-samba4-saml-kerberos.inst: Zeile 41: Warnung: command substitution: ignored null byte in input
Waiting for user replication...
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
EXITCODE=1

Fr 5. Okt 16:14:00 CEST 2018
univention-run-join-scripts finished

cpzengel · October 6, 2018, 10:05am

i have tried about 20 takeovers
is there another way or any idea?
like making a second dc first and seizing roles manually?

Moritz_Bunkus · October 6, 2018, 10:34am

Hey,

try the following:

Set up a new UCS domain & server with role DC Master (NOT as a Windows member server or something like that). Observe the requirements for the AD Takeover regarding domain/host names as laid out in the documentation, of course.
Do NOT install the AD Connector.
Remove traces from your earlier takeover attempts from your old Windows-based AD DCs.
Install the AD Takeover module.
Try the takeover again.

m.

cpzengel · October 6, 2018, 10:45am

I have already Kopano running

cpzengel · October 6, 2018, 11:13am

but i´ll try now with a second and see if kopano will continue working
perhaps kopano support will help move installation later
but i wonder why that behavior occurs
i did this 10x the same way

Moritz_Bunkus · October 6, 2018, 11:29am

I don’t know why it hangs, but I’ve never had the AD Connection set up first before installing and running AD Takeover.

Of course it might totally be due to the data in the current AD domain. This error hints that this might be the case:

/usr/lib/univention-install/98univention-samba4-dns.inst: Zeile 42: Warnung: command substitution: ignored null byte in input
Samba4 backend database not available yet, exiting joinscript 98univention-samba4-dns.

Line 42 is simply reading UCR variables, and it seems there’s at least once UCR variable that contains a null byte. In order to find out which UCR variable this is, run the following:

grep -Pan '\x00'  /etc/univention/base.conf

Maybe that’ll give us a clue where and why things go wrong.

cpzengel · October 6, 2018, 11:31am

root@UCS:~# grep -Pan ‘\x00’ /etc/univention/base.conf
423:mail/relayhost: firewall.markt-goldbach.de

i can post that, its no secret, the mx:)

but variable seems to be ok

cpzengel · October 6, 2018, 11:50am

removed perhaps null one and retried

s4 connector does not start

Sat Oct 6 13:50:02 2018
— connect failed, failure was: —
Traceback (most recent call last):
File “/usr/lib/pymodules/python2.7/univention/s4connector/s4/main.py”, line 279, in main
connect()
File “/usr/lib/pymodules/python2.7/univention/s4connector/s4/main.py”, line 158, in connect
mapping.s4_mapping,
AttributeError: ‘module’ object has no attribute ‘s4_mapping’

Moritz_Bunkus · October 6, 2018, 11:51am

Re-run the join scripts.

cpzengel · October 6, 2018, 11:52am

i rerun the join scripts before takeover, did not work

currently it hangs repeating the last messages all 30 sec forever

Moritz_Bunkus · October 6, 2018, 11:55am

Earlier you said that the join scripts didn’t run after the installation of AD Takeover. The output showed the error about the null bytes. Having removed the null bytes, did you really execute univention-run-join-scripts afterwards?

cpzengel · October 6, 2018, 11:56am

ill retry, i just tried while s4 tried to restart

now only 98univention-samba4-saml-kerberos is undone and he still complains about ucs-sso user missing

cpzengel · October 6, 2018, 11:57am

and some strange dns messages

Okt 06 13:56:54 UCS samba4[8646]: rndc: connect failed: 127.0.0.1#953: connection refused

Okt 06 13:56:55 UCS samba4[8646]: rndc: connect failed: 127.0.0.1#953: connection refused

Okt 06 13:56:56 UCS samba4[8646]: rndc: connect failed: 127.0.0.1#953: connection refused

Okt 06 13:56:57 UCS samba4[8646]: rndc: connect failed: 127.0.0.1#953: connection refused

Okt 06 13:56:58 UCS samba4[8646]: rndc: connect failed: 127.0.0.1#953: connection refused

Okt 06 13:56:59 UCS samba4[8646]: rndc: connect failed: 127.0.0.1#953: connection refused

Okt 06 13:57:00 UCS samba4[8646]: rndc: connect failed: 127.0.0.1#953: connection refused

Okt 06 13:57:02 UCS samba4[8646]: rndc: connect failed: 127.0.0.1#953: connection refused

Okt 06 13:57:03 UCS samba4[8646]: rndc: connect failed: 127.0.0.1#953: connection refused

Okt 06 13:57:04 UCS samba4[8646]: rndc: connect failed: 127.0.0.1#953: connection refused

Okt 06 13:57:05 UCS samba4[8646]: rndc: connect failed: 127.0.0.1#953: connection refused

cpzengel · October 6, 2018, 11:58am

RUNNING 98univention-samba4-saml-kerberos.inst

2018-10-06 13:58:09.509062716+02:00 (in joinscript_init)

Waiting for user replication…

ERROR: User ucs-sso not found

Moritz_Bunkus · October 6, 2018, 12:01pm

I don’t think I can really help you at this point. Your installation seems to be quite messed up — for whatever reason. Even if we try to continue fixing one issue after the other, I’m reasonably sure that the whole AD Takeover process won’t be completed that way.

If you cannot get it to work, and if there isn’t enough help available here, you can still opt to buy support directly from Univention. They do have the most experience with that topic, after all.

cpzengel · October 6, 2018, 12:06pm

thanks moritz.
i just killed a s4 process and now its continuing syncinc
if it will fail, i´ll rollback

cpzengel · October 6, 2018, 1:25pm

so frustrating

i did like you told me with another installation
after sucessful takeover bind does not start

so i changed to ldap backend