Koozali.org: home of the SME Server

W10 will not connect to SME 9.2 domain

Offline wires12

  • **
  • 56
  • +0/-0
W10 will not connect to SME 9.2 domain
« on: June 24, 2018, 12:36:10 AM »
I know this issue has been touched on in other threads but to the best of my ability has not been resolved.

Following the (out of date) instructions at https://wiki.contribs.org/Windows_10_Support to join a W10 client to a SME 9.2 server acting as a domain controller gives a flat out That domain couldn't be found. Check the domain name and try again error.

Going the more useful way of using Control Panel (type control panel in the search box next to the start box and press enter) the error message from the System section, Computer name, domain, and workgroup settings is more helpful.

An Active Directory Domain Controller (AD DC) for the domain s106 could not be contacted.

The details are:

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

The domain name "s106" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "s106":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.s106

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

192.168.106.1

- One or more of the following zones do not include delegation to its child zone:

s106
. (the root zone)


This is apparently related to Windows update 1803. Not updating isn't really an option going forward and loss of domain functionality is a deal killer for me. I'll have to find another server solution if I can't join W10 machines to a stable version of SME as a domain controller. Hopefully I'm overlooking something, but if that something exists it should be described on the Wiki Windows_10_Support page.

What to do?

TIA!
« Last Edit: June 24, 2018, 01:04:04 AM by wires12 »

Online TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #1 on: June 24, 2018, 01:09:31 AM »
Unless you go back to an earlier version of Win10 and don't run any updates until they solve it just have to wait for Mt MS to fix it, this does no just effect SME9.2 or linux for that matter.

https://social.technet.microsoft.com/Forums/en-US/59183715-0c04-44f7-b5ea-bb37da4125a5/unable-to-join-domain-with-new-windows-10-computers-build-1803?forum=win10itpronetworking

Read down to the reply on the 21 Jun by Karen_Hu
--
qui scribit bis legit

Offline wires12

  • **
  • 56
  • +0/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #2 on: June 24, 2018, 01:24:30 AM »
this does no just effect SME9.2 or linux for that matter.

So distributions with newer versions of Samba have the same problem?

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: W10 will not connect to SME 9.2 domain
« Reply #3 on: June 24, 2018, 02:06:11 AM »
In fact, you only need 1709 or earlier to join the domain. Once joined, you can update to 1803 without problem. The problem is on windows' side. It's not clear yet if MS will fix it.
C'est la fin du monde !!! :lol:

Offline wires12

  • **
  • 56
  • +0/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #4 on: June 24, 2018, 05:39:30 AM »
In fact, you only need 1709 or earlier to join the domain. Once joined, you can update to 1803 without problem. The problem is on windows' side. It's not clear yet if MS will fix it.

Thank you!

While I have not tested this solution the problem will likely reoccur when one needs to leave the domain and rejoin in order to fix a broken relationship. Just managing a couple of hundred machines requires this step several times a year. Many times performed remotely. What then? Reinstall W10?

My concern is that M$ has no reason to fix this. Quite the contrary. If this pushes people to adopt the latest WINDOWS SERVER BAZILLION GOLD EDITION it's a win for them.

Not knowing all the stuff that goes on under the hood I assume SME 9.2 is running Samba 3.6. I wonder if Samba 4 suffers the same issue? If not and SME wants to stay relevant I'd imagine time is short to get Samba 4 implemented. Samba 4 has been out 6-7 years. I don't know the SME user base but I'd find it amazing if most SME servers don't have Windows clients and if those networks have more than 4-5 machines don't use domain logins. Unless I'm very wrong this is a big issue that is just starting to come to most user's attention.

I have to replace several networks this year and hoping M$ solves the problem or having to play upgrade games is not an option. I love the functionality of SME but lacking this capability it won't be viable for my customers. I hope there is a fix or a suggestion for a new/different distro. What I, and I'd assume many, really need is domain logins, SMB shares, backup and user management. Roaming profiles are a plus. I have a hard time believing that in 2018 many are using the "Internet Appliance" features like router, web server, email server and the like. In my experience those roles have moved to dedicated devices and the Cloud for security and enhanced functionality.

I have had to make painful transitions in server technology before as companies failed or software didn't keep up. I hope this is not another of those times. Compounding the problem this time will be that I'll have to replace the server OS on all the servers I manage instead of rotating through them as their replacement cycle comes up. I truly hope this will not to be the resolution of this problem. I really like SME and don't want to have to change!

Online TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #5 on: June 24, 2018, 09:37:41 AM »
Yes it does affect Smaba4. Plenty of discussions around re the issue.

eg nearest and dearest:  https://www.clearos.com/clearfoundation/social/community/windows-10-issue-with-samba-domains-and-filesharing-in-clearos
--
qui scribit bis legit

Offline wires12

  • **
  • 56
  • +0/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #6 on: June 24, 2018, 05:34:03 PM »
Yes it does affect Smaba4. Plenty of discussions around re the issue.

eg nearest and dearest:  https://www.clearos.com/clearfoundation/social/community/windows-10-issue-with-samba-domains-and-filesharing-in-clearos

Thanks for the link! Very interesting and helpful!

However unless I'm missing something it does not seem to make the point of Samba 4 not being a solution moving forward. Indeed that seems to be the path they are taking. From the top post; I am afraid ClearOS 6.x will not support a direct solution for Windows 1803 joining the Samba domain as 6.x only supports samba 3.x. ... The developers are currently working on a solution for ClearOS 7.x which runs samba 4.x. It *may* be possible to then use another box running 7.x as the directory server but the migration path but the upgrade path is currently uncertain.

Currently I'm testing the options on the Windows side outlined in the fine link you provided (would have been nice to have something like that here but I understand the difference between paid and not) and a CentOS 7 + Samba 4 installation and using Windows tools for user management.

I understand that Samba 4 is a big leap and it's entanglements with LDAP, DNS and the like will cause problems for many "Internet Appliance" parts of SME and it's brethren. Having made the trek from Netwinder then Cobalt Cube I understand the appeal of a all in one box but I haven't seen anyone use that functionality in years. Amazingly good routers are inexpensive, capable and give a extra layer of security. Email has become so complex and dangerous that hosting it on a file server containing your IP and users is a bit insane. So where does that leave a product like SME? Are people still using it as a router and email server on the same instance as file sharing and user management?

To me, and I'd assume many others, a file sharing, user management (domains) box with backup that could have some plugins for other tasks would be a wonderful thing.

Sorry if this is a bit far afield but when the road turns in an unexpected way you sometimes have to reevaluate the path.
« Last Edit: June 24, 2018, 05:36:00 PM by wires12 »

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #7 on: June 24, 2018, 05:56:34 PM »
Some form of Samba 4 would be in SME v10

Note there is big difference between standard file sharing et al as per Samba 3.x/4.x and the full Samba 4 + AD support.

Converting to S4 'as is' should not be that difficult. Running it as AD is... see the bug tracker for Gregs efforts in that direction. Full AD means a major rewrite of a large amount of code.

A few other points of note... we hadn't tested updating to Samba 4 on v9 as there were no packages available. RHEL finally built some for RHEL 6/SME v9 later last year I think. They have tested so check on the W10 issues... again see the bug tracker.

It would probably be possible to properly update to these on v9 (see the bug tracker) but it won't fix the W10 issue which is of M$s own making (and yes I'm sure they are making lots if $$$$ out of this little mistake!)

Yes it would be great to have v10 + Samba 4 + other goodness, but it needs time, bodies and lots of help.

Regrettably lots of people say we should do this that or the other, but when we ask for them to pitch in they never seem to have time or experience (we really need you time... we can help you with experience)

Personally I use SME for all sorts. Email, web, files, voip server, media etc. Real servers, VMs and cloud VMs, but have the benefit of having dumped Windows clients years ago. Best decision I ever made :-)

So, if you want to continue using SME please come and help and make it the distro you want.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #8 on: June 24, 2018, 07:32:55 PM »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #9 on: June 24, 2018, 07:45:49 PM »
Also look at these:

https://bugs.contribs.org/buglist.cgi?quicksearch=samba%204&list_id=86169

And this on integrating Samba 4 + AD

https://wiki.contribs.org/SAMBA_4_-_Misc_Development_Topics

In simple terms there are now Samba 4 rpms for standard file sharing available for SME v9, but this won't fix the W10 problem which is due to a bug in W10 leaving us as helpless as anyone else.

There has been work done on integrating full fat Samba 4 + AD into SME v10 by Greg but it still needs a mahoosive amount of work.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline wires12

  • **
  • 56
  • +0/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #10 on: June 24, 2018, 07:59:27 PM »
Thank you Reet and Janet! I had looked at the Samba4 for SME 9.x thread before posting but there is new info there! I'll be reading more!

Meanwhile time to roller skate!

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #11 on: June 24, 2018, 08:07:24 PM »
I hope you and others do take an interest, and actively join in. Nothing will happen if you don't......

Moving to the basic Samba 4 probably won't be a big issue.

However, there could be huge benefits from the full AD version, but that requires a lot of work and some serious "under the hood" changes.

However, amongst lots of other stuff, full AD has issues with properly supporting LDAP. Another can of worms ! Could be a long road.... :-)

There is more in the devinfo mailing archives.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Online TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #12 on: June 27, 2018, 04:37:25 PM »
Looks like Mr MS has been hard at it..see last comment and latest update

https://social.technet.microsoft.com/Forums/windows/en-US/4c2a029b-327a-4ad7-a2ce-7bd4fcc25226/windows-10-after-update-1803-odbc-sql-server-connect-problem?forum=win10itprogeneral

2018-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4284848)

--
qui scribit bis legit

Offline wires12

  • **
  • 56
  • +0/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #13 on: June 28, 2018, 05:03:07 PM »
I installed the KB4284848 update on a 1803 updated machine. I had great hopes but unless I'm missing something the update was no help for the W10 will not connect to SME 9.2 domain problem. The error message in the thread starter remains the same.

Attempts to clear the error include:
* Set fixed IPv4 address on the client PC with the SME server as secondary DNS
* Added SME server IP address to WINS tab in Advanced TCP/IP Settings
* Set network to private
* Turned on network discovery
* Turned off firewall
* Reboots and waiting

Has anyone had success with this update?

Online TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: W10 will not connect to SME 9.2 domain
« Reply #14 on: June 29, 2018, 12:07:22 AM »
Nope, fail. Clean install of a 1803 iso to a prox VM, was only able to map a drive, shared ibay on a 9.2 box after entering credentials.

Updated with all updates including the latest and greatest, behaviour not changed, same error message as you have shown.

SMB1 is now back and can be activated from the Turn Windows Features on or off, once done its back to the 1709 behaviour, not what you are after but small mercies.

Above is all with standard sme9.2, will also have a whirl with a samba4 setup (not holding breath)

Time to visit the local hardware store and buy a big hammer.
--
qui scribit bis legit