Bug 7544 - group policy objects not found, no new, but can edit old policies
group policy objects not found, no new, but can edit old policies
Status: NEEDINFO
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
unspecified
x86 Linux
: P3 major
: ---
Assigned To: Matthieu Patou
samba4-qa@samba.org
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-02 17:07 UTC by Robert Clauff
Modified: 2013-03-14 18:25 UTC (History)
1 user (show)

See Also:


Attachments
screen shots of the group policy management screen (256.18 KB, image/png)
2010-07-02 17:10 UTC, Robert Clauff
no flags Details
screen shot 2 (222.12 KB, image/png)
2010-07-02 17:10 UTC, Robert Clauff
no flags Details
screen shot 3 (202.08 KB, image/png)
2010-07-02 17:11 UTC, Robert Clauff
no flags Details
screen shot 4 (586.28 KB, image/png)
2010-07-02 17:11 UTC, Robert Clauff
no flags Details
ldbsearch results (37.89 KB, text/plain)
2010-07-29 16:02 UTC, Robert Clauff
no flags Details
gplink search results (3.83 KB, text/plain)
2010-08-02 09:32 UTC, Robert Clauff
no flags Details
gp object trace dump (156.78 KB, application/zip)
2010-09-23 09:02 UTC, Robert Clauff
no flags Details
gdb debug output (3.86 KB, text/plain)
2010-12-16 09:42 UTC, Robert Clauff
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Clauff 2010-07-02 17:07:20 UTC
Everything so far has been working pretty good on the samba 4 installation.  There is still the DNS issue I need to fix but other than that everything has been running fine.  About a month ago now I was going to implement a policy to restrict some options for IE (like it running!).  When I went in to add a policy it told me "The system cannot open the device or file specified" and wouldn't allow me to create a new one.  I messed around with it a little and noticed that the default policy had a red icon on it if im not mistaken so I thought I would remove it because I read on a post it may be a corrupted policy.  I just removed it and didn't delete it. 
     Unfortunately, to my suprise this didn't work and I couldn't add any new policies or even re-link any policies.  The only thing that I can still do to my group policies is edit the policies I already have.  You can also see all the policies that are linked.  This can hold up for a little while but eventually I am going to need to have this ability back to push out new policies. 
     I can include some screen shots to help with the evaluation, if you want them just ask.  There is nothing in the syslogs on anything.  I am really hoping that you have seen this before and its a quick fix.  I appreciate your help and if you need anything please let me know.
Comment 1 Robert Clauff 2010-07-02 17:10:33 UTC
Created attachment 5820 [details]
screen shots of the group policy management screen

screen shot
Comment 2 Robert Clauff 2010-07-02 17:10:55 UTC
Created attachment 5821 [details]
screen shot 2

screen shot 2
Comment 3 Robert Clauff 2010-07-02 17:11:14 UTC
Created attachment 5822 [details]
screen shot 3

screen shot 3
Comment 4 Robert Clauff 2010-07-02 17:11:35 UTC
Created attachment 5823 [details]
screen shot 4

screen shot 4
Comment 5 Robert Clauff 2010-07-28 09:41:18 UTC
Is no one going to take a look at this bug.  I desperately need help resolving this and no one has even taken a glance at it yet after almost a month.  Am I doing something wrong?
Comment 6 Andrew Bartlett 2010-07-28 16:58:55 UTC
I suggest you mention it on the mailing list, so this finds a wider audience. 
Comment 7 Matthieu Patou 2010-07-29 07:07:48 UTC
Robert,

Sorry for not jumping on this bug earlier, even if my life is driven by bugzilla I don't check it as I should.

Well in your situation, it seems that the removal of default gpo (and not in your situation btw) was the best solution.

My understanding of your current situation is that in gpmc, when you click on 
group policy object you receive the message "the system cannot open the device or file specified" ?

Can you do an extraction of policies stored in your ad: 
"ldbsearch -H ldap://localhost -b CN=Policies,CN=System,DC=yourdomain,DC=tld displayname"

And attach it to this bug.

Also I would like to see ls -1 /usr/local/samba/var/locks/sysvol/yourdomain.tld/Policies/
Comment 8 Robert Clauff 2010-07-29 09:55:10 UTC
(In reply to comment #7)
> Robert,
> 
> Sorry for not jumping on this bug earlier, even if my life is driven by
> bugzilla I don't check it as I should.
> 
> Well in your situation, it seems that the removal of default gpo (and not in
> your situation btw) was the best solution.
> 
> My understanding of your current situation is that in gpmc, when you click on 
> group policy object you receive the message "the system cannot open the device
> or file specified" ?
> 
> Can you do an extraction of policies stored in your ad: 
> "ldbsearch -H ldap://localhost -b CN=Policies,CN=System,DC=yourdomain,DC=tld
> displayname"
> 
> And attach it to this bug.
> 
> Also I would like to see ls -1
> /usr/local/samba/var/locks/sysvol/yourdomain.tld/Policies/
> 

[/usr/local/samba/private]# ldbsearch -H ldap://localhost -b CN=Policies,CN=System,DC=CASINC,DC=com
unable to load ldap from /usr/lib/ldb/ldap.so: /usr/lib/ldb/ldap.so: cannot open shared object file: No such file or directory
Unable to find backend for 'ldap://localhost'
Failed to connect to ldap://localhost - (null)

[/usr/local/samba/private]# ls -l /usr/local/samba/var/locks/sysvol/cas-online.com/Policies/
total 120
drwxr-xr-x 5 3000008 users 4096 2010-04-01 12:36 {0AC2BEF7-FB8A-40B3-ADD0-AC3AE84B5ACD}
drwxr-xr-x 5 3000008 users 4096 2010-04-01 16:43 {3AEC54C6-873D-4AC0-B744-D6FEF7D2F0F6}
drwxr-xr-x 5 root    adm   4096 2010-05-17 16:55 {3BB4EEF5-AD61-4C51-B739-8F599C272558}
drwxr-xr-x 5 3000008 users 4096 2010-04-01 16:42 {427DCE66-57A7-446E-A1A9-94984C43FEC0}
drwxr-xr-x 5 3000008 users 4096 2010-04-01 16:51 {621F5A49-AC83-477F-B439-8883991F9C3B}
drwxr-xr-x 5 3000008 users 4096 2010-03-26 17:10 {6C004C01-6893-4FD8-992E-B0A70B19143D}
drwxr-xr-x 5 3000008 users 4096 2010-04-01 16:49 {6D75CCEE-9B61-4881-BC5A-DAFC4E82B6DD}
drwxr-xr-x 5 3000008 users 4096 2010-05-13 12:58 {8B94B0F9-6017-47AE-9DF1-4B956275B7DE}
drwxr-xr-x 4 3000008 users 4096 2010-04-15 17:14 {9BC26236-BF77-4866-975B-D406ADDA9036}
drwxr-xr-x 5 3000008 users 4096 2010-04-01 16:35 {BDEED978-2CEE-48BB-A7DA-B49AFAAA87FE}
drwxr-xr-x 5 3000008 users 4096 2010-04-21 08:30 {C2AE88BD-2BF0-4E30-B90A-5D6EF1FB95AC}
drwxr-xr-x 4 3000008 users 4096 2010-04-15 12:01 {EBA2F6FA-3E57-4151-AA00-C8391C6F5E38}
drwxr-xr-x 4 3000008 users 4096 2010-04-15 11:52 {EF36DC7B-A28F-41F9-A99F-AB0DFA2CB8B4}
drwxr-xr-x 5 3000008 users 4096 2010-04-01 16:46 {F45AC139-AF50-4195-BCCF-818EAED764A6}
drwxr-xr-x 5 3000008 users 4096 2010-04-01 16:53 {FEFB3F64-71CA-4881-97DC-83516CBED5BD}
Comment 9 Matthieu Patou 2010-07-29 15:28:36 UTC
> [/usr/local/samba/private]# ldbsearch -H ldap://localhost -b
> CN=Policies,CN=System,DC=CASINC,DC=com
> unable to load ldap from /usr/lib/ldb/ldap.so: /usr/lib/ldb/ldap.so: cannot
> open shared object file: No such file or directory
> Unable to find backend for 'ldap://localhost'
> Failed to connect to ldap://localhost - (null)
Ok this is not good are you sure you typed ldbsearch and not ldapsearch ?

Can you try /usr/local/samba/bin/ldbsearch -H ... ? 

Comment 10 Robert Clauff 2010-07-29 15:46:21 UTC
(In reply to comment #9)
> > [/usr/local/samba/private]# ldbsearch -H ldap://localhost -b
> > CN=Policies,CN=System,DC=CASINC,DC=com
> > unable to load ldap from /usr/lib/ldb/ldap.so: /usr/lib/ldb/ldap.so: cannot
> > open shared object file: No such file or directory
> > Unable to find backend for 'ldap://localhost'
> > Failed to connect to ldap://localhost - (null)
> Ok this is not good are you sure you typed ldbsearch and not ldapsearch ?
> 
> Can you try /usr/local/samba/bin/ldbsearch -H ... ? 
> 

Yes, that is the command I ran.  The post above is directly from my terminal screen.  What does this mean?
Comment 11 Robert Clauff 2010-07-29 15:58:16 UTC
Correction!  I got this to run correctly, the full path fixed it.  I will attach the log file.
Comment 12 Robert Clauff 2010-07-29 16:02:05 UTC
Created attachment 5878 [details]
ldbsearch results

Very relieved that this ran after your initial reaction.
Comment 13 Matthieu Patou 2010-07-30 16:57:57 UTC
Ok you 18 gpos in the AD and 16 in the file system ... 
The two missing are:

EA952CA0-CF3C-4655-BCCF-61177EA892E8 -> Default Domain Policy

567BD29F-A593-48A2-9FDD-D08A9D4F8C50 -> ftp_login

I propose to try to recreate manualy the struct to see if it helps 

so in sysvol share through windows as an administrator you create:
in \\server\sysvol\domain\Policies\
a folder called {ea952ca0-cf3c-4655-bccf-61177eA892e8} and another called {567bd29f-a593-48a2-9fdd-d08a9d4f8C50}

In each folder create create two subfolders called MACHINE and USER (case matter).

Then in {ea952ca0-cf3c-4655-bccf-61177eA892e8} create a file GPT.INI
with this two lines:
[General]
Version=196629

Then in {ea952ca0-cf3c-4655-bccf-61177eA892e8} create a file GPT.INI
with this two lines:
[General]
Version=131072

also can you do this
/usr/local/samba/bin/ldbsearch -H ldap://localhost '(gPLink=*)' gPLink
Comment 14 Robert Clauff 2010-08-02 09:32:20 UTC
I ran the other lbsearch and am going to post the results.  I created the file structure that you asked as well, should I restart samba now and try the GPOs?  I am also figuring that in your previous statement the second GPT should be the second one I created, let me know if thats not correct.
Comment 15 Robert Clauff 2010-08-02 09:32:59 UTC
Created attachment 5879 [details]
gplink search results
Comment 16 Robert Clauff 2010-08-12 09:13:40 UTC
I have reacreated those GPOs and have restarted samba since then and it has not fixed the problem.  I actually am running into some errors on the domain PCs about the policies I created.  Did you end up finding anything worth mentioning on that last list of ldbsearch?  The time gap is shrinking and I need to try and get a resolution for this issue as soon as possible.  Let me know anything you want me to try and I will do everything I can to get this resolved.
Comment 17 Matthieu Patou 2010-08-14 04:40:22 UTC
(In reply to comment #16)
> I have reacreated those GPOs and have restarted samba since then and it has not
> fixed the problem.  I actually am running into some errors on the domain PCs
> about the policies I created.  Did you end up finding anything worth mentioning
> on that last list of ldbsearch?  The time gap is shrinking and I need to try
> and get a resolution for this issue as soon as possible.  Let me know anything
> you want me to try and I will do everything I can to get this resolved.
> 

Ok robert, 
I was in vacation, so I had a few problem to follow it.

Can you make a wireshark/tcpdump trace on the samba4 server like this:

tcpdump -i <interface> host <ip_windows_workstation> -s 16000 -w /tmp/trace_gpo -v 

And attach it zipped.

Use the information from -v to see the packet number when you are really starting the gpmc.

Please do not hesitate to give a full capture but with the detailed information of what happened to which packet!
Comment 18 Robert Clauff 2010-09-23 09:02:00 UTC
Sorry I have been getting slammed with other stuff recently.  I took the tcpdump and then opened up the administrative tools on the xp machine during the capture, I assume thats what you wanted me to do.  Please tell me whatever else you need from me. I have attached the dump.
Comment 19 Robert Clauff 2010-09-23 09:02:34 UTC
Created attachment 5981 [details]
gp object trace dump
Comment 20 Robert Clauff 2010-09-23 15:55:37 UTC
In looking at the packet captues it only appears that it fails or cannot load an object twice.  Both times it fails on an ldap search of 'CN=builtinDomain-Display,CN=409,CN=displaySpecifiers,CN=Configuration,DC=cas-online,DC=com'  Now if I filter the capture by just 'builtinDomain-Display'  these are the only ones that pop up in the results.  Is it possible this got corrupted or removed, if so how can I get it back or replace it so we can get this up and running again.
Comment 21 Matthias Dieter Wallnöfer 2010-10-05 15:56:44 UTC
Hi Robert,

(In reply to comment #20)
> In looking at the packet captues it only appears that it fails or cannot load
> an object twice.  Both times it fails on an ldap search of
> 'CN=builtinDomain-Display,CN=409,CN=displaySpecifiers,CN=Configuration,DC=cas-online,DC=com'
We should provide this object.

>  Now if I filter the capture by just 'builtinDomain-Display'  these are the
> only ones that pop up in the results.  Is it possible this got corrupted or
> removed, if so how can I get it back or replace it so we can get this up and
> running again.
Probably you could use "upgradeprovision" - but it's better to ask Matthieu.

Comment 22 Matthieu Patou 2010-10-27 13:53:06 UTC
Robert,
any news on this ? 

Have you tried upgradeprovision lately ?
Comment 23 Robert Clauff 2010-11-09 17:02:26 UTC
(In reply to comment #22)
> Robert,
> any news on this ? 
> 
> Have you tried upgradeprovision lately ?
> 

I have not tried this as I am too quick to jump on something it is in production and I have been swamped with other crap, but now I am focusing on trying to resolve outstanding issues, and this is numero uno.  I am running alpha 12. Has there been a newer version that has come out?  If so what are some precautions that I should take so that things do not blow up in my face as to I can resort back if something shall go wrong?  Looking forward to resolving this issue soon.
Comment 24 Robert Clauff 2010-11-09 17:06:37 UTC
(In reply to comment #22)
> Robert,
> any news on this ? 
> 
> Have you tried upgradeprovision lately ?
> 
I am also assuming that you are wanting me to do a "--full" on the upgradeprovision.
Comment 25 Matthias Dieter Wallnöfer 2010-11-18 10:02:51 UTC
Hi Robert,

you should know that we still do not provide production releases.
Generally we suggest our users to try GIT checkouts since they are quite always a big step ahead to our alpha releases, which aren't prepared so often.
Since we are now using "autobuild", a development tool which checks all branch merges against our unit tests, the quality of the "master" releases improved a lot.
Therefore please make use of this possibility and report if the problem still exists.

(In reply to comment #23)
> (In reply to comment #22)
> > Robert,
> > any news on this ? 
> > 
> > Have you tried upgradeprovision lately ?
> > 
> 
> I have not tried this as I am too quick to jump on something it is in
> production and I have been swamped with other crap, but now I am focusing on
> trying to resolve outstanding issues, and this is numero uno.  I am running
> alpha 12. Has there been a newer version that has come out?  If so what are
> some precautions that I should take so that things do not blow up in my face as
> to I can resort back if something shall go wrong?  Looking forward to resolving
> this issue soon.
> 

Comment 26 Matthias Dieter Wallnöfer 2010-12-03 07:44:05 UTC
Robert, does the problem persist?
Comment 27 Robert Clauff 2010-12-03 13:11:03 UTC
I am going to update provision probably wednesday of next week and I will let you know the results.


> Robert, does the problem persist?
> 

Comment 28 Robert Clauff 2010-12-15 18:07:31 UTC
Tried to do upgrade provision tonight and kept getting errors when running the script.  I am running alpha 12 and did a git pull earlier today to update everything for tonight.  After I stopped samba and backed up everything I ran [/samba-master/source4/scripting/upgradeprovision --full -s /usr/local/samba/etc/smb.conf]
and I get this in return.

Traceback (most recent call last):
  File "./scripting/bin/upgradeprovision", line 46, in <module>
    from samba import param, dsdb, Ldb
ImportError: cannot import name dsdb

Any suggestions?  I couldn't get a hold of anyone on samba-technical and nothing on here.  If I don't have an answer in 10-15 minutes I am going to stop and regress to old installation and wait for a reply.
Comment 29 Robert Clauff 2010-12-16 09:41:40 UTC
Well, as you know from the process last night I was not able to get to upgrade provision as it failed out.  Not before resolving our pesky BDC problem. We finally update and ran the provision --full and we ended up getting a double free error.

talloc: double free error - first free may be at ../dsdb/samdb/ldb_modules/descriptor.c:548
Bad talloc magic value - double free
Aborted

I ran that through the gdb and got some output which is on pastebin at http://samba.pastebin.com/BeCxg4G0  and I have attached here.  I think we almost got it we just need to get through this provision.
Comment 30 Robert Clauff 2010-12-16 09:42:21 UTC
Created attachment 6138 [details]
gdb debug output
Comment 31 Matthias Dieter Wallnöfer 2010-12-16 09:44:51 UTC
This could have been fixed, try another checkout: http://gitweb.samba.org/samba.git/?p=samba.git;a=commitdiff;h=25163380239abbad28f1656c42e6fab1b92473d9

If it's still there then please inform us!

(In reply to comment #29)
> Well, as you know from the process last night I was not able to get to upgrade
> provision as it failed out.  Not before resolving our pesky BDC problem. We
> finally update and ran the provision --full and we ended up getting a double
> free error.
> 
> talloc: double free error - first free may be at
> ../dsdb/samdb/ldb_modules/descriptor.c:548
> Bad talloc magic value - double free
> Aborted
> 
> I ran that through the gdb and got some output which is on pastebin at
> http://samba.pastebin.com/BeCxg4G0  and I have attached here.  I think we
> almost got it we just need to get through this provision.
> 

Comment 32 Robert Clauff 2010-12-16 11:35:50 UTC
So I just have to replace that one file with this one and try and run it again?

(In reply to comment #31)
> This could have been fixed, try another checkout:
> http://gitweb.samba.org/samba.git/?p=samba.git;a=commitdiff;h=25163380239abbad28f1656c42e6fab1b92473d9
> 


Comment 33 Matthias Dieter Wallnöfer 2010-12-16 11:46:01 UTC
I would simply perform a "git pull" if you are using GIT - otherwise, as you've said replace it manually.

(In reply to comment #32)
> So I just have to replace that one file with this one and try and run it again?
> 
> (In reply to comment #31)
> > This could have been fixed, try another checkout:
> > http://gitweb.samba.org/samba.git/?p=samba.git;a=commitdiff;h=25163380239abbad28f1656c42e6fab1b92473d9
> > 
> 

Comment 34 Robert Clauff 2010-12-16 13:07:50 UTC
Well I did all of that last night. Git-pull, reinstall, then upgradeprovision.

So the Git-pull makes no difference.
Comment 35 Matthias Dieter Wallnöfer 2010-12-18 04:34:17 UTC
Now we've fixed another bug. Please try another "git pull"!
Comment 36 Robert Clauff 2011-01-06 17:10:35 UTC
(In reply to comment #35)
> Now we've fixed another bug. Please try another "git pull"!
> 

doing another attempt at upgrade in the next 10 minutes and see how it goes.
Comment 37 Robert Clauff 2011-01-06 19:19:12 UTC
This is the latest bundle of fun I got as a return when running the upgrade provision --full

Creating a reference provision
Copy privilege
Update base samdb by searching difference with reference one
Starting update of samdb
There are 96 missing objects
Reloading a merged schema, it might trigger reindexing so please be patient
Schema reloaded !
Traceback (most recent call last):
  File "./scripting/bin/upgradeprovision", line 1708, in <module>
    schema, schemareloadclosure):
  File "./scripting/bin/upgradeprovision", line 1324, in update_samdb
    schema, highestUSN, prereloadfunc)
  File "./scripting/bin/upgradeprovision", line 1100, in update_partition
    provisionUSNs, names.invocation)
  File "./scripting/bin/upgradeprovision", line 812, in update_present
    scope=SCOPE_SUBTREE, controls=controls)
_ldb.LdbError: (1, None)
A transaction is still active in ldb context [0x8546f38] on /usr/local/samba/private/sam.ldb
A transaction is still active in ldb context [0x932f480] on /usr/local/samba/private/idmap.ldb
A transaction is still active in ldb context [0x9285478] on /usr/local/samba/private/secrets.ldb
A transaction is still active in ldb context [0x946d660] on /usr/local/samba/private/privilege.ldb
A transaction is still active in ldb context [0xa261ad0] on /usr/local/samba/private/referenceprovisionfyE0t9/private/sam.ldb
A transaction is still active in ldb context [0xa13e4c8] on /usr/local/samba/private/referenceprovisionfyE0t9/private/idmap.ldb
A transaction is still active in ldb context [0x99c8390] on /usr/local/samba/private/referenceprovisionfyE0t9/private/secrets.ldb
A transaction is still active in ldb context [0x9064318] on /usr/local/samba/private/referenceprovisionfyE0t9/private/privilege.ldb

what the hell does that mean??
Comment 38 Matthieu Patou 2011-01-07 02:31:20 UTC
Hard to say, there is a problem, but without a more detailed output (--debugall) it will be hard to understand
Comment 39 Robert Clauff 2011-01-07 08:24:19 UTC
I have the debug from the error, but its like 325MB and even compressed I cant post it here.  I will scan over it today and then I will post the relevant data in the log.
Comment 40 Robert Clauff 2011-01-20 15:24:14 UTC
Well unfortunately I am busy as hell as I imagine everyone is, but I did get a chance to look at some of the full log of the failure and it looks like its failing when looking for an object of some kind.  Now with these objects should I recreate them or what is the next move?
Comment 41 Matthias Dieter Wallnöfer 2011-02-18 07:18:38 UTC
And of which kind are these objects? How are there DNs called?

So we could make us an idea in which component it is failing.

(In reply to comment #40)
> Well unfortunately I am busy as hell as I imagine everyone is, but I did get a
> chance to look at some of the full log of the failure and it looks like its
> failing when looking for an object of some kind.  Now with these objects should
> I recreate them or what is the next move?
> 

Comment 42 Robert Clauff 2011-08-29 20:22:36 UTC
(In reply to comment #41)
> And of which kind are these objects? How are there DNs called?
> 
> So we could make us an idea in which component it is failing.
> 
> (In reply to comment #40)
> > Well unfortunately I am busy as hell as I imagine everyone is, but I did get a
> > chance to look at some of the full log of the failure and it looks like its
> > failing when looking for an object of some kind.  Now with these objects should
> > I recreate them or what is the next move?
> > 

Sorry I have been slammed at work and building new servers and I finally have a chance to get back to this. As I am looking at the end of the fail log it looks like it runs EOF on a certain CN. Upon looking up the CN is appears it IS there and its the group policy container. Default domain controllers policy. Now I am not sure about if this is what it errored out on, but from the first look of this log from what I CAN make out this is the only thing resembling an error right now.
Comment 43 Robert Clauff 2012-04-02 19:10:05 UTC
I am going to go back to this now because we desperately need to get this upgraded, resolved, and up to the most current running version. I still have the faillog from the last upgrade attempt. I will look through this and post the things that stick out to me that look like they're not working correctly. Is there anything else that I need to look for specifically?
Comment 44 Robert Clauff 2012-04-02 20:39:31 UTC
{lpcfg_servicenumber: couldn't find ldb


Sorting rpmd with attid exception 3 rDN=CN DN=CN={3BB4EEF5-AD61-4C51-B739-8F599C272558},CN=Policies,CN=System,DC=cas-online,DC=com
ndr_pull_error(13): value out of range

Sorting rpmd with attid exception 3 rDN=CN DN=CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=cas-online,DC=com
lpcfg_servicenumber: couldn't find ldb
Reloading a merged schema, it might trigger reindexing so please be patient
Schema reloaded !
}
After skimming over the faillog of the upgrade of samba I found these 3 things that jumped out at me that looked like errors or doing something they shouldn't be doing. Does any of this look like it would be the issue I am having with the upgrade?
Comment 45 Matthieu Patou 2012-04-09 03:19:11 UTC
Robert,
I need the output of the upgradeprovision in order to be able to help you.

If you are concerned for your privacy you can try to send me the log directly

From your error there is really 1 that is important, you can ignore: lpcfg_servicenumber: couldn't find ldb
, it just mean that you don't have a [ldb] section in your smb.conf 

The real problem is ndr_pull_error(13): value out of range, but we have to understand from where the problem came
Comment 46 Robert Clauff 2013-02-05 18:17:43 UTC
(In reply to comment #45)
> Robert,
> I need the output of the upgradeprovision in order to be able to help you.
> 
> If you are concerned for your privacy you can try to send me the log directly
> 
> From your error there is really 1 that is important, you can ignore:
> lpcfg_servicenumber: couldn't find ldb
> , it just mean that you don't have a [ldb] section in your smb.conf 
> 
> The real problem is ndr_pull_error(13): value out of range, but we have to
> understand from where the problem came


Ok, after being pulled off of fixing this several times I am tasked to finally get this fixed and finalized. My question is this however. I need to upgrade OS and hardware on this box right now. Would it be possible to rebuild a new box to say 12.04 server on Ubuntu on new hardware and then import all my information from the current server without fixing the current issue and not breaking the new one? If this is possible to do I think we should quit wasting time trying to fix the old issue and build a new box and migrate if possible, now if this is not possible then I will send you the upgradeprovision information so we can get this issue resolved.
Comment 47 Robert Clauff 2013-03-14 18:25:23 UTC
I have been tasked to move forward back on this project so I need to know what I need for you guys so we can start to try and move forward on this project to get my DC fixed and upgraded and working again.