[Samba] Fwd: dnsdomainzone replication failure
Achim Gottinger
achim at ag-web.biz
Thu Jul 24 09:32:13 MDT 2014
Am 24.07.2014 15:19, schrieb C.Kindler:
>
> ok, with ldbsearch I found the entry:
>
Good so one of these should work
*ldbsearch -H ldap://localhost -U administrator --show-deleted cn=**2\\3B\\00\\001\\00\\00!\\00\\00\\00\\00\\00\\00\\0ADEL\\0ADEL:**
*ldbsearch -H ldap://localhost -U administrator --show-deleted cn=**2\3B\00\001\00\00!\00\00\00\00\00\00\\0ADEL:**
Once you figured out how to escape the cn correct you can follow the docs, move the object back to it's original place, edit the renamed entry and remove the 3 lines*.
*Then rename it with MS DNS Admin Tools. Maybe you can find at your working DC what string got messed up. Can be you have to do it at both faulty dc's.*
*
>
> # record 27
> dn:
> DC=2\3B\00\001\00\00!\00\00\00\00\00\00\0ADEL:51220e6c-5b94-42e7-b595-95dfed68e408,CN=Deleted
> Objects,DC=DomainDnsZones,DC=ad,DC=wuestenrot,DC=at
> objectClass: top
> objectClass: dnsNode
> instanceType: 4
> whenCreated: 20140724062353.0Z
> uSNCreated: 876200
> objectGUID: 51220e6c-5b94-42e7-b595-95dfed68e408
> isDeleted: TRUE
> lastKnownParent: DC=ad.wuestenrot.at
> <http://ad.wuestenrot.at>,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,D
> C=wuestenrot,DC=at
> isRecycled: TRUE
> dc::
> GTI7AElEAAAhAAAAAAAAACALP193fwAA8AQzX3d/AAAgAAAAAAAAAHAAAAAAAAAAYP8NX3d/A
> AA=
> name::
> GTI7AElEAAAhAAAAAAAAACALP193fwAA8AQzX3d/AAAgAAAAAAAAAHAAAAAAAAAAYP8NX3d
> /AAA=
> whenChanged: 20140724104134.0Z
> uSNChanged: 879249
> distinguishedName::
> REM9GTJcM0JcMDBcMDAxXDAwXDAwIVwwMFwwMFwwMFwwMFwwMFwwMFwwQU
> RFTDo1MTIyMGU2Yy01Yjk0LTQyZTctYjU5NS05NWRmZWQ2OGU0MDgsQ049RGVsZXRlZCBPYmplY3R
> zLERDPURvbWFpbkRuc1pvbmVzLERDPWFkLERDPXd1ZXN0ZW5yb3QsREM9YXQ=
>
>
> this record exists on DC1 and DC2.
>
> therefore as you mentioned the wiki.samba.org <http://wiki.samba.org>
> site:
> just for clarifcation: ldbedit...
> and then: objectCategory?
> the following lines to delete:
>
> isDeleted: TRUE
> isRecycled: TRUE
> isDeleted: TRUE
>
> is this true?
>
> BTW: what does it mean?
>
> DC=DomainDnsZones,DC=ad,DC=wuestenrot,DC=at
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: 41153b09-2116-4567-aea2-584f9b159b6d
> Last attempt @ Thu Jul 24 15:15:45 2014 CEST failed,
> result 31 (WERR_GENERAL_FAILURE)
> 549 consecutive failure(s).
> Last success @ Thu Jul 24 15:15:06 2014 CEST
>
>
> is this WERR_GENERAL_FAIILURE the false entry in the deleted Objects?
>
> how about sync from dc3? there is no rubbish deleted object?
>
>
>
> 2014-07-24 14:17 GMT+02:00 Achim Gottinger <achim at ag-web.biz
> <mailto:achim at ag-web.biz>>:
>
> Am 24.07.2014 13 <tel:24.07.2014%2013>:40, schrieb C.Kindler:
>> I already deleted the entry - hmmm, how to rename the entry?
> It's mentioned here.
>
> https://wiki.samba.org/index.php/Restoring_deleted_AD_objects#Reanimating_deleted_objects
>
> maybe you can use objectGUID instead of cn
>
> Does this find your record?
>
> ldbsearch -H
> /var/lib/samba/private/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=WUESTENROT\,DC\=AT.ldb
> 'objectGUID=da87670c-b794-4c0c-86c3-dd54357ecf71'
>
>
>>
>>
>> 2014-07-24 13:08 GMT+02:00 Achim Gottinger <achim at ag-web.biz
>> <mailto:achim at ag-web.biz>>:
>>
>> Am 24.07.2014 12 <tel:24.07.2014%2012>:46, schrieb Achim
>> Gottinger:
>>
>> Am 24.07.2014 12 <tel:24.07.2014%2012>:38, schrieb C.Kindler:
>>
>> Hello Achim,
>>
>> thanks a lot for your kindly reply.
>>
>> On DC3 there is no error on dc3. Sorry, I forgot to
>> mention this.
>>
>>
>>
>> I found a terrible dns-entry on dc1 & dc2.
>> (<C0>;#004#001#004<FF><FF><FF>.ad.example.com
>> <http://ad.example.com> <http://ad.example.com>)
>>
>>
>>
>> with samba-tool dns query there is the following entry:
>>
>> Name=^Y2;, Records=1, Children=0
>> A: 172.21.21.171 (flags=f0, serial=13441, ttl=900)
>>
>>
>> on dc1 und &dc2.
>>
>> how can I delete such a strange entry? What is the
>> easiest and best way to clean up?
>>
>> If you have Microsoft Admin Tools running using DNS
>> Management there would be easiest.
>> samba-tool dns delete sould be tricky with that name. :-)
>>
>> I'd try to rename the entry otherwise you might end up with
>> and deleted entry with that faulty multibyte character which
>> will cause replication errors till purged in 180 days (default).
>>
>>
>
>
More information about the samba
mailing list