[Samba] samba-tool domain schemaupgrade fails on DC member

Garming Sam garming at catalyst.net.nz
Wed Apr 17 00:28:14 UTC 2019 

Hi,

This is a known issue:

https://bugzilla.samba.org/show_bug.cgi?id=12204
https://bugzilla.samba.org/show_bug.cgi?id=13713

There are currently patches in master to fix this issue. We could
probably backport a patch to 4.10, but you'd have to rebuild Samba.

Alternatively, re-joining the domain controller (or joining a new DC and
demoting the old one) probably works because I believe there is code to
handle this case.

There's not really any rollback of this code besides keeping a backup.
Schema updates build on top of each other and once you're at a certain
level you can't undo them, neither on Windows.

Cheers,

Garming

On 17/04/19 6:58 AM, Elias Pereira via samba wrote:
> Hello,
>
> I upgrade the schema for our main ADDC and everything works properly, but
> the member DC (DC to an Existing AD) fails.
>
> Both servers are in version 4.10.2
> Distro: Debian 9.8
>
> *Main ADDC:*
>
> [2019/04/16 15:43:03.814846,  0]
> ../../source4/rpc_server/drsuapi/getncchanges.c:2919(dcesrv_drsuapi_DsGetNCChanges)
>   ../../source4/rpc_server/drsuapi/getncchanges.c:2919: DsGetNCChanges 2nd
> replication on different DN DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> (last_dn
> CN=ms-DS-cloudExtensionAttribute14,CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br)
>
> *Member DC:*
>
> [2019/04/16 15:42:55.703281,  0]
> ../../source4/dsdb/repl/replicated_objects.c:248(dsdb_repl_resolve_working_schema)
>   Can't continue Schema load: didn't manage to convert any objects: all 1
> remaining of 133 objects failed to convert
> [2019/04/16 15:42:55.703619,  0]
> ../../source4/dsdb/repl/replicated_objects.c:361(dsdb_repl_make_working_schema)
>   ../../source4/dsdb/repl/replicated_objects.c:361:
> dsdb_repl_resolve_working_schema() failed: WERR_INTERNAL_ERRORFailed to
> create working schema: WERR_INTERNAL_ERROR
>
> Is there any way to fix this problem?
>
> dumb question: Can I roolback the schemaupgrade? :D
>

More information about the samba mailing list