[Samba] Replication Problem with Deleted Object on Samba 4.1.17

Achim Gottinger achim at ag-web.biz
Wed Jul 22 00:04:20 UTC 2015 

Am 21.07.2015 um 20:26 schrieb Achim Gottinger:
> Hello List,
>
> Im running an network with five samba 4 addc, all on debian wheezy 
> with the sernet packages. Recently an replication error showed up for 
> an single Computer (WIN7-M-ADMIN) record. So I unjoined the pc from 
> the domain deleted it's record from dc1 manually on the other dc's it 
> had been removed automaticaly during unjoin.
> Now I get the following error
>
> [2015/07/21 20:15:40.113205,  0] 
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>   ldb: No objectClass found in replPropertyMetaData for 
> CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted 
> Objects,DC=domain,DC=local!
>
> [2015/07/21 20:15:40.113772,  0] 
> ../source4/dsdb/repl/replicated_objects.c:783(dsdb_replicated_objects_commit)
>   Failed to apply records: replmd_replicated_apply_add: error during 
> DRS repl ADD: No objectClass found in replPropertyMetaData for 
> CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted 
> Objects,DC=domain,DC=local!
>   : Object class violation
> [2015/07/21 20:15:40.114277,  0] 
> ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger)
>   Failed to commit objects: 
> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>
> Joing does not help the Computer shows up on dc's 2-4 but not on dc1.
>
> On dc1 there is no record for win7-m-admin neighter an deleted one.
>
> samba-tool dbcheck -cross-ncs show's no errors on all dc's.
> samba-tool ldbcmp detects an missing win7-m-admin record on dc1.
>
> An year back it was possible to remove Deleted Object with ldbdel
>
> Now:
> ldbdel --show-deleted --extended-dn -H /var/lib/samba/private/sam.ldb 
> -b "CN=Deleted Objects,DC=domain,DC=local" 
> '<GUID=a8530d8e-1767-4f6b-8fe9-ce11a51b295c>'
> Results in:
> delete of '' failed - (Unwilling to perform) Refusing to delete 
> tombstone object 
> CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted 
> Objects,DC=fot,DC=local.  This check is to prevent corruption of the 
> replicated state.
>
> I'd just purge this record from dc's 2-4 and rejoin the computer once 
> again but unfortunately this is no longer possible because of this new 
> check. Is there an way to force the deletion, because the replicated 
> state is already corrupted?
>
> Thanks in advance
> Achim~
>
Fixed it with

samba-tool drs replicate dc2 dc1 DC=fot,DC=local --full-sync

and so on till samba-tool drs showrepl showed no more errors on all dc's.

More information about the samba mailing list