[Samba] Replication Problems After Changing FSMO DC
Dale Renton
drenton at gmail.com
Tue Jan 10 23:12:53 UTC 2023
I should also say the inbound and outbound neighbors are also pointing to
the old DCs, dc1 and dc2. Here is the full output of "samba-tool drs
showrepl".
ExampleSite2\DC5
DSA Options: 0x00000001
DSA object GUID: be89f4dc-a137-488b-a240-99ee2346fe26
DSA invocationId: aa3234ab-936f-4eb8-8386-e4817fb0185d
==== INBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=ad,DC=example,DC=com
ExampleSite\DC1 via RPC
DSA object GUID: d7d15fb1-2dc8-47cf-a0be-564be531e82a
Last attempt @ Tue Jan 10 19:06:58 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
6991 consecutive failure(s).
Last success @ Sat Dec 17 12:32:15 2022 AST
DC=DomainDnsZones,DC=ad,DC=example,DC=com
ExampleSite\DC1 via RPC
DSA object GUID: d7d15fb1-2dc8-47cf-a0be-564be531e82a
Last attempt @ Tue Jan 10 19:06:57 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
6991 consecutive failure(s).
Last success @ Sat Dec 17 12:34:44 2022 AST
DC=DomainDnsZones,DC=ad,DC=example,DC=com
ExampleSite\DC3 via RPC
DSA object GUID: 6afda200-7d62-489d-be33-a708d9a374cf
Last attempt @ Tue Jan 10 19:07:02 2023 AST was successful
0 consecutive failure(s).
Last success @ Tue Jan 10 19:07:02 2023 AST
DC=ForestDnsZones,DC=ad,DC=example,DC=com
ExampleSite\DC1 via RPC
DSA object GUID: d7d15fb1-2dc8-47cf-a0be-564be531e82a
Last attempt @ Tue Jan 10 19:06:57 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
6991 consecutive failure(s).
Last success @ Sat Dec 17 12:32:15 2022 AST
CN=Configuration,DC=ad,DC=example,DC=com
ExampleSite\DC1 via RPC
DSA object GUID: d7d15fb1-2dc8-47cf-a0be-564be531e82a
Last attempt @ Tue Jan 10 19:06:58 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
6991 consecutive failure(s).
Last success @ Sat Dec 17 12:32:15 2022 AST
DC=ad,DC=example,DC=com
ExampleSite\DC1 via RPC
DSA object GUID: d7d15fb1-2dc8-47cf-a0be-564be531e82a
Last attempt @ Tue Jan 10 19:06:58 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
6990 consecutive failure(s).
Last success @ Sat Dec 17 12:32:34 2022 AST
DC=ad,DC=example,DC=com
ExampleSite\DC3 via RPC
DSA object GUID: 6afda200-7d62-489d-be33-a708d9a374cf
Last attempt @ Tue Jan 10 19:06:58 2023 AST was successful
0 consecutive failure(s).
Last success @ Tue Jan 10 19:06:58 2023 AST
==== OUTBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=ad,DC=example,DC=com
ExampleSite\DC2 via RPC
DSA object GUID: 3191b42f-a292-4dc6-8359-5db29d76cd99
Last attempt @ Tue Jan 10 19:07:06 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
417 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=ad,DC=example,DC=com
ExampleSite\DC2 via RPC
DSA object GUID: 3191b42f-a292-4dc6-8359-5db29d76cd99
Last attempt @ Tue Jan 10 19:07:06 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
392059 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=ad,DC=example,DC=com
ExampleSite\DC2 via RPC
DSA object GUID: 3191b42f-a292-4dc6-8359-5db29d76cd99
Last attempt @ Tue Jan 10 19:07:06 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
425 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=ad,DC=example,DC=com
ExampleSite\DC2 via RPC
DSA object GUID: 3191b42f-a292-4dc6-8359-5db29d76cd99
Last attempt @ Tue Jan 10 19:07:06 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
417 consecutive failure(s).
Last success @ NTTIME(0)
DC=ad,DC=example,DC=com
ExampleSite\DC2 via RPC
DSA object GUID: 3191b42f-a292-4dc6-8359-5db29d76cd99
Last attempt @ Tue Jan 10 19:07:06 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
241634 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: d0753cd3-dc40-4cdc-b554-0d0382dc6751
Enabled : TRUE
Server DNS name : dc1.ad.example.com
Server DN name : CN=NTDS
Settings,CN=DC1,CN=Servers,CN=ExampleSite,CN=Sites,CN=Configuration,DC=ad,DC=example,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
On Tue, Jan 10, 2023 at 6:58 PM Dale Renton <drenton at gmail.com> wrote:
> Hello,
>
> dc1 and dc2 were running 4.13
> dc3, dc4, dc5, dc6 are running 4.16
>
> I created 2 new DCs, dc3 and dc4 and deleted dc1 and dc2. dc3 holds the
> FSMO roles, dc1 used to. We have some other DCs, dc5 and dc6 that are
> still pointing to dc1 and dc2 for replication.
>
> samba-tool drs replicate dc5 dc3 DC=ad,DC=example,DC=com --full-sync (I
> ran on dc5, works fine)
>
> however "samba-tool drs showrepl" on dc5 shows KCC CONNECTION OBJECTS are
> still pointing to dc1
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: d0753cd3-dc40-4cdc-b554-0d0382dc6751
> Enabled : TRUE
> Server DNS name : dc1.ad.example.com
> Server DN name : CN=NTDS Settings,CN=DC1,CN=Servers,CN=
> ExampleSite,CN=Sites,CN=Configuration,DC=ad,DC=oxfordfrozenfoods,DC=com
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
> dc1 and dc2 were removed via "samba-tool domain demote
> --remove-other-dead-server=DC1" on dc3 after the server was off.
>
> How can I get the KCC CONNECTION OBJECTS on dc5 to point to dc3 instead of
> dc1 ?
>
> Thanks,
> Dale
>
More information about the samba
mailing list