[Samba] Demote a dead PDC: residuals in "DNS" console
Ole Traupe
ole.traupe at tu-berlin.de
Thu Oct 29 09:01:39 UTC 2015
Ok, I made a backup following the Samba wiki and then did this. Had to
wait a bit between updating the SOA's because I got a strange error
message saying that a time value for the non-update of some resource
cleanup wasn't set. But a few minutes later I could update the second
SOA as well, and now the Samba log is clean.
Ole
Am 28.10.2015 um 16:42 schrieb Ole Traupe:
> Hi,
>
> I demoted my PDC (DC1) forcefully, because replication (among others)
> wasn't working anymore due to hard disk failure and I was afraid of
> spending a lot of time on nothing.
>
> With DC1 offline I seized the FSMO roles on DC2 (4.2.5), restarted
> Samba, and found errors in the samba log due to the missing DC1.
>
> I removed the two DNS entries created according to this site:
> https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
> I applied the script suggested here:
> https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC
> This removed the DC1 entry in ADUC and "Active Directory Sites and
> Services".
>
> However, the error persists (10 minute interval; sanitized):
> # /usr/local/samba/sbin/samba_dnsupdate: couldn't get address for
> 'dc1.my.domain.de': not found
>
> Likely due to further DNS entries, the last-mentioned site suggests to
> remove them by hand. Most of the containers in the DNS console have
> only duplicate entries for DC1/2, so no problem. However, 3 don't:
>
>
> (removed subfolder and client PC entries; sanitized, translated where
> necessary GR->EN)
>
>
> *DNS/DC2/Forward-Lookupzones/my.domain.de*
>
> Name Type Data Time stamp
> (identical to parent folder) Source of Authority (SOA) [3],
> dc1.my.domain.de., hostmaster.my.domain.de. ?28.?10.?2015 15:00:00
> (identical to parent folder) Nameserver (NS) dc1.my.domain.de.
> Static
> (identical to parent folder) Host (A) IP__of__DC1 Static
> (identical to parent folder) Host (A) IP__of__DC2 Static
> DC2 Host (A) 130.149.34.118 ?29.?07.?2015 13:00:00
>
>
> *DNS/DC2/Forward-Lookupzones/_msdcs.my.domain.de*
>
> (identical to parent folder) Source of Authority (SOA) [3],
> dc1.my.domain.de., hostmaster.my.domain.de. ?28.?10.?2015 15:00:00
> (identical to parent folder) Nameserver (NS) dc1.my.domain.de.
> Static
> objectGUID__of__DC2 Alias (CNAME) DC2.my.domain.de.
> ?29.?07.?2015 13:00:00
>
>
> *DNS/DC2/Forward-Lookupzones/_msdcs.my.domain.de/pdc/_tcp*
>
> _ldap Service Identification (SRV) [0][100][389]
> dc1.my.domain.de. Static
>
>
> What to do in these cases? Is it safe to open the properties of the
> non-duplicate entries and replace DC1 with DC2?
>
> Ole
>
>
>
More information about the samba
mailing list