4.0.rc2 drs issue

Gémes Géza geza at kzsdabas.hu
Thu Oct 18 09:41:59 MDT 2012 

2012-10-18 07:43 keltezéssel, Matthieu Patou írta:
> On 10/17/2012 12:53 PM, Gémes Géza wrote:
>> Hi,
>>
>> I have a (production) domain created by a 3.5->4.0beta6(some git 
>> version)->4.0rc2 upgrade path, with the last upgrade executed as a 
>> join of a 4.0rc2 install (machine name dc1) and removal of the beta8 
>> install (machine name dc0). Immediately after the removal of beta8 (I 
>> wasn't able to demote it, however forcibly transfered the fsmo roles 
>> to rc2) I've installed another instance of rc2 (with the same IP 
>> address and name as beta8 had (dc0)) and joined it to rc2 (without 
>> removing anything related to dc0 from the directory). Unfortunately 
>> I've observed that drs is not working as expected (I had dc0 as an 
>> incoming and outgoing replica partner on dc1, but dc1 was only an 
>> incoming partner for dc0). Because of that I've decided to remove dc0 
>> from the domain entirely to rejoin it cleanly (also plan to upgrde 
>> both servers to rc3 in the process). Unfortunately dc0 won't demote 
>> as it claims to hold still two roles, but samba-tool fsmo show gives 
>> (on both servers) that all five roles are hold by dc1. Being stuck on 
>> it I've decided to forcibly remove it following: 
>> http://technet.microsoft.com/en-us/library/cc736378%28WS.10%29.aspx
>> After removal I've checked that dc0 disappeared without trace (except 
>> dns where I've cleaned it out).
>> After joining it back I still have:
>> root at dc1:~# samba-tool drs showrepl
>> Default-First-Site-Name\DC1
>> DSA Options: 0x00000001
>> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>> DSA invocationId: 574709d5-5de7-472a-ba15-fc7b5ca97da0
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> DC=DomainDnsZones,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC0 via RPC
>>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>>         Last attempt @ NTTIME(0) was successful
>>         0 consecutive failure(s).
>>         Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC0 via RPC
>>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>>         Last attempt @ NTTIME(0) was successful
>>         0 consecutive failure(s).
>>         Last success @ NTTIME(0)
>>
>> DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC0 via RPC
>>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>>         Last attempt @ NTTIME(0) was successful
>>         0 consecutive failure(s).
>>         Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC0 via RPC
>>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>>         Last attempt @ NTTIME(0) was successful
>>         0 consecutive failure(s).
>>         Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC0 via RPC
>>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>>         Last attempt @ NTTIME(0) was successful
> ^^^^^^^^^^^^^^^^^^^ This means that it has never replicated from this 
> server
>> 0 consecutive failure(s).
>>         Last success @ NTTIME(0)
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> DC=DomainDnsZones,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC0 via RPC
>>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>>         Last attempt @ NTTIME(0) was successful
>>         0 consecutive failure(s).
>>         Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC0 via RPC
>>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>>         Last attempt @ NTTIME(0) was successful
>>         0 consecutive failure(s).
>>         Last success @ NTTIME(0)
>>
>> DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC0 via RPC
>>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>>         Last attempt @ NTTIME(0) was successful
>>         0 consecutive failure(s).
>>         Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC0 via RPC
>>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>>         Last attempt @ NTTIME(0) was successful
>>         0 consecutive failure(s).
>>         Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC0 via RPC
>>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>>         Last attempt @ NTTIME(0) was successful
> ^^^^^^^^^^^^^^^^^^^ in outgoing the nttime is always 0
>> 0 consecutive failure(s).
>>         Last success @ NTTIME(0)
>>
>> ==== KCC CONNECTION OBJECTS ====
>>
>> Connection --
>>     Connection name: c9f0627b-6d81-4817-adca-1849005d0d7c
>>     Enabled        : TRUE
>>     Server DNS name : DC0.kzsdabas.hu
>>     Server DN name  : CN=NTDS 
>> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=kzsdabas,DC=hu
>>         TransportType: RPC
>>         options: 0x00000001
>> Warning: No NC replicated for Connection!
>>
>> Which seems ok
> no it's not
>>
>> and:
>> root at dc0:~# samba-tool drs showrepl
>> Default-First-Site-Name\DC0
>> DSA Options: 0x00000001
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> DSA invocationId: c733b71a-c093-4a0e-b990-839d8b9ffaf2
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> DC=DomainDnsZones,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC1 via RPC
>>         DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>>         Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
>>         0 consecutive failure(s).
>>         Last success @ Wed Oct 17 21:44:35 2012 CEST
>>
>> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC1 via RPC
>>         DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>>         Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
>>         0 consecutive failure(s).
>>         Last success @ Wed Oct 17 21:44:35 2012 CEST
>>
>> DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC1 via RPC
>>         DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>>         Last attempt @ Wed Oct 17 21:44:36 2012 CEST was successful
>>         0 consecutive failure(s).
>>         Last success @ Wed Oct 17 21:44:36 2012 CEST
>>
>> DC=ForestDnsZones,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC1 via RPC
>>         DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>>         Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
>>         0 consecutive failure(s).
>>         Last success @ Wed Oct 17 21:44:35 2012 CEST
>>
>> CN=Configuration,DC=kzsdabas,DC=hu
>>     Default-First-Site-Name\DC1 via RPC
>>         DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>>         Last attempt @ Wed Oct 17 21:44:36 2012 CEST was successful
>>         0 consecutive failure(s).
>>         Last success @ Wed Oct 17 21:44:36 2012 CEST
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> ==== KCC CONNECTION OBJECTS ====
>>
>> Connection --
>>     Connection name: 4eb7c88b-62c9-46d1-817d-15b5be7b9e41
>>     Enabled        : TRUE
>>     Server DNS name : DC1.kzsdabas.hu
>>     Server DN name  : CN=NTDS 
>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=kzsdabas,DC=hu
>>         TransportType: RPC
>>         options: 0x00000001
>> Warning: No NC replicated for Connection!
>>
>> Which seems less perfect
>
> Well you should check the repsto and repsfrom, attributes (use 
> ldbsearch -H ldap://<ip> --cross-ncs --show-binary '(repsto=*) 
> repsfrom repsto
>
> Also check that on both host you can resolve the two following DNS names
>
> <guid_ntds_server1>._msdcs.<domain>
> <guid_ntds_server2>._msdcs.<domain>
>
> Use this command:
>  ./bin/ldbsearch -H ldap://<ip>  '(invocationid=*)' --cross-ncs  
> objectguid to get the guid_ntds_server1 & guid_ntds_server2
>
> Matthieu.
>
>
> Matthieu
>
Thank you!

Will check it later today (had a serious network outage today still 
recovering :-( )

Cheers

Geza Gemes

More information about the samba-technical mailing list