[Samba] Replication between Samba DCs (on different sites)?
Rowland Penny
rpenny at samba.org
Wed Feb 8 11:43:08 UTC 2023
On 08/02/2023 11:10, Lorenzo Milesi via samba wrote:
>
>> Replication is still not working on dc2:
>> root at dc2~# samba-tool drs replicate dc2 dc1
>> DC=ForestDnsZones,DC=wdc,DC=domain,DC=it
>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>> drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND')
>> File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570, in run
>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid,
>> NC, req_options)
>> File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 100, in
>> sendDsReplicaSync
>> raise drsException("DsReplicaSync failed %s" % estr)
>
> I found this [1] message, I checked my DNS and I have the same situation as shacky, dc2 DNS records are missing in the _msdcs zone. Same in the main domain zone, NS records exist only for dc1 and dc3.
That thread referred to a domain that had started out as an early AD dns
system, which is different from what is used now. However, I do not
really think it can have anything to do with with your domain, mainly
because you have two fully working DC's. If you had the old dns system,
all of your DC's would have the old dns system.
>
> Running upgradedns reports everything is fine:
> root at dc2:~# samba_upgradedns --dns-backend=BIND9_DLZ
> Reading domain information
> DNS accounts already exist
> No zone file /var/lib/samba/bind-dns/dns/WDC.DOMAIN.IT.zone (normal)
> DNS partitions already exist
> dns-dc2 account already exists
> See /var/lib/samba/bind-dns/named.conf for an example configuration include file for BIND
> and /var/lib/samba/bind-dns/named.txt for further documentation required for secure DNS updates
> Finished upgrading DNS
>
>
> I checked the DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com record in /var/lib/samba/private/sam.ldb and all DCs have one (although dc2 is the only one full capital).
I wouldn't worry about that, it appears to be normal (for Samba anyway)
Rowland
More information about the samba
mailing list