Bug 11292 - Windows Server 2008 R2 Foundation memberserver reboot / SERVER_SEARCH_FLAG_PHANTOM_ROOT no application NCs
Summary: Windows Server 2008 R2 Foundation memberserver reboot / SERVER_SEARCH_FLAG_PH...
Status: ASSIGNED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.2.0rc2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
: 10175 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-05-27 10:28 UTC by Arvid Requate
Modified: 2018-04-23 20:24 UTC (History)
4 users (show)

See Also:


Attachments
0001-S4-dsdb-GC-LDAP-should-not-return-objects-from-Domai.patch (4.49 KB, patch)
2015-05-27 10:28 UTC, Arvid Requate
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate 2015-05-27 10:28:27 UTC
Created attachment 11090 [details]
0001-S4-dsdb-GC-LDAP-should-not-return-objects-from-Domai.patch

Systems running "Windows Server 2008 R2 Foundation" joined as memberserver into a Samba 4.2 ADDS show this error popup:

    The server did not finish checking the license compliance.
    If the server is joined to a domain, make sure that the server
    can connect to a domain controller. If the license compliant
    check cannot be completed, the server will automatically
    shut down in 9 day(s), 7 hour(s) 30 minute(s).

The attached patch fixed this issue for us. Details about the patch can be found in the commit message. The corresponding client log entries exported from the MS Event Viewer are attached to the original posting https://lists.samba.org/archive/samba-technical/2015-February/105545.html , for the failure as well as for the success case.

Since I didn't find detailed documentation about the behavior expected from a GC LDAP in this case (e.g. in [MS-ADTS]), my patch attempts to be very specific about the scope of the modified response to minimize collateral effects.
Probably more research is required in this area, but the patch fixed the issue in the given case.

This bug has been observed with 4.0.2-rc2 but the patch still applies to 4.2.1.
Comment 1 Andrew Bartlett 2016-07-29 03:29:52 UTC
*** Bug 10175 has been marked as a duplicate of this bug. ***
Comment 2 Stefan Metzmacher 2016-07-29 10:09:27 UTC
As a note I've already started to implement a LDB_CONTROL_SEARCH_ALL_PARTITIONS_OID control.

But I don't have time to finish it. Maybe someone
can make use of some of the work I did in
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-ldap
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=bb898b9f826a65d25531