Failed to prepare commit of transaction: DRS linked attribute for GUID
Tim Beale
timbeale at catalyst.net.nz
Tue Feb 6 21:48:13 UTC 2018
Hi Andrej,
OK, that's unfortunate that Samba 4.8 doesn't help.
>From memory, I think the patches I added take effect slightly earlier,
before the prepare_commit, i.e. the intention is to detect the problem
in the following call-chain:
dsdb_replicated_objects_commit --> replmd_extended -->
replmd_extended_replicated_objects --> replmd_replicated_apply_next -->
replmd_store_linked_attributes --> replmd_verify_linked_attribute -->
replmd_extract_la_entry_details. (This should return
WERR_DS_DRA_MISSING_PARENT and retry with GET_ANC)
So when the DC first receives the replication chunk, it should call
replmd_extract_la_entry_details() and look-up the source GUID before
continuing with the rest of the replication. So it's strange that it's
failing to find the source GUID later on in the prepare_commit. I'm not
really sure how this would happen. Is there any more debug you could
provide?
Cheers,
Tim
On 07/02/18 03:07, Andrej Gessel via samba-technical wrote:
> Hello Tim,
>
> I looked a bit deeper into this and you patch do not help here.
> We have following call tree:
>
> ldb_transaction_prepare -> replmd_prepare_commit ->
> replmd_process_linked_attribute -> replmd_extract_la_entry_details
>
> last function returns LDB_ERR_NO_SUCH_OBJECT, this error will be
> returned to caller (ldb_transaction_prepare), so the status
> WERR_DS_DRA_MISSING_PARENT will not be set and request will not be
> repeated with GET_ANC.
>
> The problem still exists in Samba 4.8.0rc2.
>
> samba-tool drs replicate with --local and with --full-sync ends up
> with the same error.
>
>
> Andrej
>
>
> Am 05.09.2017 um 00:11 schrieb Tim Beale via samba-technical:
>> Hi,
>>
>> We've seen this problem before when inter-operating with Microsoft. See:
>> https://lists.samba.org/archive/samba/2017-June/209020.html
>>
>> The patch that should fix this has been delivered to master. However,
>> unless we backport the related patches, it won't be in a Samba release
>> until 4.8.
>> https://git.samba.org/?p=samba.git;a=commit;h=f87332eb35638cc38f83c580d4623ab978088601
>>
>>
>> In the meantime you could try running 'samba-tool drs replicate
>> --local'. This should set the GET_ANC flag in the request, which should
>> hopefully avoid this problem.
>>
>> However, note that when inter-operating between Windows and Samba you
>> could still potentially get cases where replication succeeds, but linked
>> attributes are dropped (because Samba doesn't know how about the target
>> object yet). This should be fixed now in the latest master branch.
>>
>> Cheers,
>> Tim
>>
>> On 04/09/17 23:45, denis.shigapov via samba-technical wrote:
>>> There is a domain controller on windows 2008R2, DC samba Version 4.6.5
>>> is connected to it. After renaming the user to make mistakes:
>>>
>>> [2017/09/04 10:04:54.528818, 2]
>>> ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271(replmd_process_
>>> linked_attribute)
>>> ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271: WARNING:
>>> Failed to re-resolve GUID f5d7a9b2-981c-49c9-a262-f3ca4c90272a - using
>>> CN=Пользовтаель Пользоватеть,OU=Users Shop M,DC=euro,DC=ru
>>> [2017/09/04 10:04:54.547960, 2]
>>> ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271(replmd_process_
>>> linked_attribute)
>>> ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271: WARNING:
>>> Failed to re-resolve GUID bf04e179-4c7c-4cf9-b7a3-d37b287b1f3e - using
>>> CN=Пользоватеть2 Пользователь2,OU=продажи,OU=магазин,OU=Users
>>> Office,DC=euro,DC=ru
>>> [2017/09/04 10:04:54.615598, 2]
>>> ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271(replmd_process_
>>> linked_attribute)
>>> ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271: WARNING:
>>> Failed to re-resolve GUID bf04e179-4c7c-4cf9-b7a3-d37b287b1f3e - using
>>> CN=Пользоватеть2 Пользователь2,OU=продажи,OU=магазин,OU=Users
>>> Office,DC=euro,DC=ru
>>> [2017/09/04 10:04:54.622398, 0]
>>> ../source4/dsdb/repl/replicated_objects.c:933(dsdb_replicated_objects_c
>>> ommit)
>>> ../source4/dsdb/repl/replicated_objects.c:933 Failed to prepare
>>> commit of transaction: DRS linked attribute for GUID bf04e179-4c7c-
>>> 4cf9-b7a3-d37b287b1f3e - DN not found
>>> [2017/09/04 10:04:54.629436, 0]
>>> ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_source_ap
>>> ply_changes_trigger)
>>> Failed to commit objects:
>>> WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>>>
>>>
>>>
>>> I tried to start synchronization and got:
>>>
>>> samba-tool drs replicate srv-m-dc.euro.ru srv-o.euro.ru OU=Users\ Shop\
>>> M,DC=euro,DC=ru
>>> ERROR(<class 'samba.drs_utils.drsException'>):
>>> DsReplicaSync failed - drsException: DsReplicaSync failed (8440,
>>> 'WERR_DS_DRA_BAD_NC')
>>> File "/usr/lib64/python2.7/site-
>>> packages/samba/netcmd/drs.py", line 368, in run
>>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>>> source_dsa_guid, NC, req_options)
>>> File "/usr/lib64/python2.7/site-
>>> packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
>>> raise
>>> drsException("DsReplicaSync failed %s" % estr)
>>>
>
>
More information about the samba-technical
mailing list