Bug 1076 - Exchange 5.5 SP4 installation fails using Samba DC
Summary: Exchange 5.5 SP4 installation fails using Samba DC
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.8
Hardware: All Linux
: P3 major
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-02-13 09:20 UTC by Daniel Werder
Modified: 2005-08-24 10:19 UTC (History)
2 users (show)

See Also:


Attachments
Debug Level 10 during SP4 upgrade (59.59 KB, application/octet-stream)
2004-03-09 13:17 UTC, Daniel Werder
no flags Details
allow lsa_lookup_sids to lookup own domain-sid (1.90 KB, patch)
2004-11-15 15:27 UTC, Guenther Deschner
no flags Details
Allow lookup of domain-sid (1.71 KB, patch)
2004-11-19 06:27 UTC, Guenther Deschner
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Werder 2004-02-13 09:20:13 UTC
During the installation of service pack 4 for exchange,  the installation fails
with a Dr. Watson log entry of "The application, exupdate.exe, generated an
application error".  This has been tested with Exchange 5.5 on both Windows NT 4
Server and Windows 2000 Server with similar results.   Note other individuals
have experienced similar findings:
http://lists.samba.org/archive/samba/2003-November/001828.html

Service paks for Exchange of less than version 4 work fine from 2.2.x to
current.  If the same Windows 2000 server is joined to a Windows-based PDC than
the service pak installs as expected.

How to Reproduce:
On the Exchange side, install Windows 2000 Server, install latest Windows 2000
service pack (currently sp6), install exchange, install exchange sp4.

The PDC is Fedora Core 1 using the samba project binary RPMS for samba 3.0.2.
The smb.conf for the PDC is as follows:
[global]
   workgroup = BLAH
   server string = Samba 3.0.2 Server
   log level = 3
   log file = /var/log/samba/log.%m
   max log size = 50
   security = user
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no 
   os level = 33
   domain logons = Yes
   domain master = Yes
   passdb backend = tdbsam 
 
   logon path =
   logon drive =
   logon home =
 
   wins support = Yes
 
   add user script = /usr/sbin/useradd -m %u
   add group script = /usr/sbin/groupadd %g
   add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s
/bin/false -M %u
   add user to group script = /usr/sbin/usermod -G %g %u
 
   delete user script = /usr/sbin/userdel %u
   delete group script = /usr/sbin/groupdel %g
 
 
[netlogon]
   comment = Network Logon Service
   path = /var/spool/samba/netlogon
   guest ok = Yes
   browseable = No


The user account used was exchange and is part of the local domadm group with
net groupmap list output of:

System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Domain Users (S-1-5-21-1452542699-2860337528-2335184184-513) -> domusr
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Admins (S-1-5-21-1452542699-2860337528-2335184184-512) -> domadm
Domain Guests (S-1-5-21-1452542699-2860337528-2335184184-514) -> nobody

The pdbedit -L -v output 
[root@phaeton root]# pdbedit -L -v exchange
Unix username:        exchange
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-1452542699-2860337528-2335184184-2004
Primary Group SID:    S-1-5-21-1452542699-2860337528-2335184184-512
Full Name:            
Home Directory:       
HomeDir Drive:        
Logon Script:         
Profile Path:         
Domain:               BLAH
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 22:14:07 GMT
Kickoff time:         Mon, 18 Jan 2038 22:14:07 GMT
Password last set:    Wed, 04 Feb 2004 15:16:23 GMT
Password can change:  Wed, 04 Feb 2004 15:16:23 GMT
Password must change: Mon, 18 Jan 2038 22:14:07 GMT
Comment 1 Daniel Werder 2004-03-09 13:17:36 UTC
Created attachment 432 [details]
Debug Level 10 during SP4 upgrade

I have added a debug level 10 trace of the time that the service pack 4 is
being installed.  Hopefully this is sufficient for a developer to understand
what is happening, if I can provide more info let me know.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-09-06 04:36:05 UTC
Also found this on another list:

-----  Begin quote ------------
Hello,
  I've been poking at this problem for a couple of days, and I've narrowed
the focus on what's going wrong to this:

Exchange 5.5 SP4 install gets most of the way through, but generates a Dr.
Watson near the end exactly the same problem as reported here:

http://lists.samba.org/archive/samba/2003-November/001828.html

Running an ethereal trace, I see this conversation at the time of the
crash:


exchange -> pdc:	NT Create AndX Request, Path: samr
pdc -> exchange:	NT Create AndX Response, FID: 0x7499
exchange -> pdc:	Bind: call_id: 143 UUID: SAMR
pdc -> exchange:	Bind_ack: call_id: 143 accept max_xmit: 4280
max_recv: 4280
exchange -> pdc:	SamrEnumerateAliasesInDomain request
pdc -> exchange:	Fault: call_id: 145 ctx_id: 0 status:
nca_s_fault_context_mismatch
exchange -> pdc:	Close Request, FID: 0x7499
pdc -> exchange:	Close Response

------------ End quote ------------
Comment 3 Guenther Deschner 2004-11-15 15:27:34 UTC
Created attachment 774 [details]
allow lsa_lookup_sids to lookup own domain-sid

With this patch applied I could install exchange 5.5 sp4 on nt4 sp6a without
any errors. Could you please try and give us feedback?
Comment 4 Guenther Deschner 2004-11-15 15:29:11 UTC
patch is against most recent samba-version (3.0.8)
Comment 5 Daniel Werder 2004-11-17 13:59:00 UTC
Preliminary testing indicates that this has fixed our problem.  To do our
testing we have used the fedora core 2 samba SRPMS.
Comment 6 Guenther Deschner 2004-11-19 06:27:37 UTC
Created attachment 799 [details]
Allow lookup of domain-sid
Comment 7 Guenther Deschner 2004-11-19 06:28:02 UTC
Fixed in Subversion now.
Comment 8 Daniel Werder 2004-12-17 06:46:54 UTC
Do you know when this will make a standard release of Samba?  I am assuming
based on the release notes that this is not in Samba 3.0.9 or 3.0.10.
Comment 9 Gerald (Jerry) Carter (dead mail address) 2004-12-17 07:16:02 UTC
It will be in 3.0.11.  The first preview release will be 
out the week of December 20.
Comment 10 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:19:44 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.