Hi, when i install a new 4.5 Sernet DC all things work fine. After "join" from a Second DC replication will fail from the first start. Its a join and fail. - I tried it on 2 different distributions. SLES 12 (SP1) and CentOS 7.2 with the same result. - i tried the internal DNS and bind with the same result. ---Error--- the replication gets an error with CN=Configuration,DC=my-domain,DC=de Default-First-Site-Name\AD2 via RPC DSA object GUID: b2067016-8af0-47eb-ab1f-552adb9ea9be Last attempt @ Sun Oct 9 17:24:04 2016 CEST failed, result 2 (WERR_BADFILE) 36 consecutive failure(s). Last success @ NTTIME(0) ---Error--- On CentOS i use Version 4.5.0-SerNet-RedHat-4.el7 / BIND 9.10.3-P4-RedHat-9.10.3-4.el7.centos I checked after join the msDS-KeyVersionNumber. ad1 -> msDS-KeyVersionNumber: 1 ad2 -> msDS-KeyVersionNumber: 2 [root@ad1 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=AD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my-domain,DC=de objectGUID: b2067016-8af0-47eb-ab1f-552adb9ea9be # record 2 dn: CN=NTDS Settings,CN=AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my-domain,DC=de objectGUID: 22e19a5d-088f-4413-9009-96ce367ec6b9 -------------------------------------------------------- # Global parameters [global] netbios name = AD1 realm = MY-DOMAIN.DE server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = MY-DOMAIN server role = active directory domain controller idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/my-domain.de/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No -------------------------------------------------------- i think its a reproducible error. if you need more information please write i will upload it. thanks Sven
I don't see an issue like this in recent versions, the join process was also improved slightly in the meantine.