[Samba] outbound replication of newly added DC not working

Andreas Oster aoster at novanetwork.de
Wed Mar 19 09:34:20 MDT 2014


Am 19.03.2014 16:16, schrieb Thomas Schulz:
>> Am 14.03.2014 12:48, schrieb Andreas Oster:
>>> Hi all,
>>>
>>> I have just added a DC to our existing AD. Join did work without any
>>> error messages but now I have recognized that only inbound replication
>>> from old DCs is working outbound list is empty.
>>>
>>> Samba version is: Version 4.2.0pre1-GIT-cff0f8e
>>>
>>> here is the output of samba-tool drs showrepl:
>>>
>>> DSA Options: 0x00000001
>>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>>> DSA invocationId: 3db6f686-cbd9-4ef8-992d-1ae1671e6c17
>>>
>>> ==== INBOUND NEIGHBORS ====
>>>
>>> DC=sambadom,DC=com
>>>          Standardname-des-ersten-Standorts\dc02 via RPC
>>>                  DSA object GUID: ef37f4de-a03c-493c-96f6-e521a5415d81
>>>                  Last attempt @ Fri Mar 14 12:41:07 2014 CET was successful
>>>                  0 consecutive failure(s).
>>>                  Last success @ Fri Mar 14 12:41:07 2014 CET
> 
> ------------------- lines removed ------------------------------
>>>
>>> CN=Schema,CN=Configuration,DC=sambadom,DC=com
>>>          Standardname-des-ersten-Standorts\dc01 via RPC
>>>                  DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>>>                  Last attempt @ Fri Mar 14 12:40:42 2014 CET was successful
>>>                  0 consecutive failure(s).
>>>                  Last success @ Fri Mar 14 12:40:42 2014 CET
>>>
>>> ==== OUTBOUND NEIGHBORS ====
>>>
>>> ==== KCC CONNECTION OBJECTS ====
>>>
>>> Connection --
>>>          Connection name: dc01
>>>          Enabled        : TRUE
>>>          Server DNS name : dc01.sambadom.com
>>>          Server DN name  : CN=NTDS
>>> Settings,CN=dc01,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,
>    CN=Configuration,DC=sambadom,DC=com
>>>                  TransportType: RPC
>>>                  options: 0x00000000
>>> Warning: No NC replicated for Connection!
>>> Connection --
>>>          Connection name: dc02
>>>          Enabled        : TRUE
>>>          Server DNS name : dc02.sambadom.com
>>>          Server DN name  : CN=NTDS
>>> Settings,CN=dc02,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,
>    CN=Configuration,DC=sambadom,DC=com
>>>                  TransportType: RPC
>>>                  options: 0x00000000
>>> Warning: No NC replicated for Connection!
>>>
>>> ( I have replaced domain and DC names in the output text !)
>>>
>>>
>>> Does anybody know how to fix this issue and get outbound replication to
>>> work ?
>>>
>>> I have already tried to demote and re-join the new DC, but this did not
>>> help. I have also checked the DNS entries and those seem to be OK.
>>>
>>> Thank you for your kind help
>>>
>>> best regards
>>>
>>> Andreas
>>>
>>
>> Hi all,
>>
>> I have been able to manually start outbound replication by issuing 
>> "samba-tool drs replicate" for all the missing outbound NCs.
> 
> Did you get a one time replication or does it now replicate automatically?
> I tried to use the "samba-tool drs replicate" command but I can not
> figrue out what to use for 'NC'. I found out what NC means but not exactly
> what to enter.
> 
> I set email to the list a few weeks ago about one way replication. I have
> been assuming that my problem is because I have a Windows 2000 DC and DNS
> replication is not supported with a Windows 2000 DC. I am about to try
> manually entering the DNS records for the Samba 4.1.6 DC into the
> Windows 2000 DNS and then see what happens.
>>
>> Thanks
>>
>> best regards
>>
>> Andreas
>> -- 
> 
> Tom Schulz
> Applied Dynamics Intl.
> schulz at adi.com
> 
Hello Thomas,

yes it is working for me now. NCs are in my case:

DC=sambadom,DC=com
DC=ForestDnsZones,DC=sambadom,DC=com
CN=Configuration,DC=sambadom,DC=com
DC=DomainDnsZones,DC=sambadom,DC=com
CN=Schema,CN=Configuration,DC=sambadom,DC=com

Obviously you will have different domain name entries.
If inbound replication is working you should see those entries when
executing "samba-tool drs showrepl".

I am not sure if replication is still supported between samba4 and
windows 2000, but it is vital, that all the required DNS entries are
available.
In the old samba4 alpha days replication did work, I know this for sure
because I migrated our win2000 AD to a samba4 only one.

In order to start outbound replication from one DC to the other you have
to do something like this, given that all outbound NCs are missing:

samba-tool drs replicate <destinationDC> <sourceDC> DC=sambadom,DC=com

samba-tool drs replicate <destinationDC> <sourceDC>
DC=ForestDnsZones,DC=sambadom,DC=com

samba-tool drs replicate <destinationDC> <sourceDC>
CN=Configuration,DC=sambadom,DC=com

samba-tool drs replicate <destinationDC> <sourceDC>
DC=DomainDnsZones,DC=sambadom,DC=com

samba-tool drs replicate <destinationDC> <sourceDC>
CN=Schema,CN=Configuration,DC=sambadom,DC=com

Make sure to use the correct NCs !  <sourceDC> is the DC which is
missing outbound replication peers.

best regards

Andreas



More information about the samba mailing list