[Samba] samba-tool hangs on one dc
Luis Peromarta
lperoma at icloud.com
Tue Nov 21 15:19:13 UTC 2023
Hi.
smb.conf for the DCs?
What’s in resolv.conf for Both DCs?
Are they in the same LAN? Any firewalls ?
Rgds,
LP
On Nov 21, 2023 at 15:16 +0100, Thomas Schachtner via samba <samba at lists.samba.org>, wrote:
> Hello,
>
> since some time (I don't remember since when) I have a strange
> phenomenon with one of my two samba4 DCs.
> Both dc1 and dc2 seem to run pretty fine and when working with Windows,
> I do not see any issues.
>
> But when issuing the following command on dc1, the command does not
> return but seems to be stuck.
>
> samba-tool drs showrepl
>
> When issuing the same command on dc2, it takes a second or so and the
> result is printed on the screen.
> The same with other commands like "samba-tool dns add"
>
> I already checked the samba log files, but I did not find any log entry.
>
> I know that it is difficult to provide a solution for a problem that is
> described so poorly, but I don't know how to further debug it.
> Any hints on how to move forward here and/or how to get more information?
>
> The output of samba-tool drs showrepl on dc2 does not show issues,
> regardless of which dc is replicated to which one (i.e. dc1 to tc2 or
> vice-versa).
> When executing repadmin /replsummary on a Windows client, also no errors
> are shown.
>
> Here's the output:
>
> root at dc2:/var/lib/samba# samba-tool drs showrepl
> Default-First-Site-Name\DC2
> DSA Options: 0x00000001
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> DSA invocationId: 0e649cb7-efc8-47ad-a841-4453973dbcec
>
> ==== INBOUND NEIGHBORS ====
>
> DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:26:25 2023 CET
>
> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:26:25 2023 CET
>
> CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:26:25 2023 CET
>
> DC=DomainDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:26:25 2023 CET
>
> DC=ForestDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:26:25 2023 CET
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: 138dbf8f-16ef-406e-87aa-72a25b4e03b6
> Enabled : TRUE
> Server DNS name : dc1.local.example.de
> Server DN name : CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
> Now, after 10 minutes or so, also dc1 finished the command.
> Here's the result:
>
> root at dc1:~# samba-tool drs showrepl
> Default-First-Site-Name\DC1
> DSA Options: 0x00000001
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> DSA invocationId: a1e3fc90-833a-476e-8c8a-0753b5593ae3
>
> ==== INBOUND NEIGHBORS ====
>
> DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ Tue Nov 21 12:41:42 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:41:42 2023 CET
>
> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ Tue Nov 21 12:41:43 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:41:43 2023 CET
>
> CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ Tue Nov 21 12:41:43 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:41:43 2023 CET
>
> DC=DomainDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ Tue Nov 21 12:41:43 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:41:43 2023 CET
>
> DC=ForestDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ Tue Nov 21 12:41:41 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:41:41 2023 CET
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: 85d23471-63cd-4bf1-9238-1ea493d07a95
> Enabled : TRUE
> Server DNS name : dc2.local.example.de
> Server DN name : CN=NTDS
> Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
>
> Both servers (Ubuntu Server) have the latest updates installed.
> The samba version is 4.15.13-Ubuntu.
>
> What could be the reason why one dc takes so long with samba-tool
> commands while the other one is much faster?
>
> Best
> Tom
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list