[Samba] samba-tool hangs on one dc
james.atwell365 at gmail.com
james.atwell365 at gmail.com
Tue Nov 21 15:33:43 UTC 2023
> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org> On Behalf Of Thomas
> Schachtner via samba
> Sent: Tuesday, November 21, 2023 9:16 AM
> To: samba at lists.samba.org
> Subject: [Samba] samba-tool hangs on one dc
>
> Hello,
>
> since some time (I don't remember since when) I have a strange phenomenon
> with one of my two samba4 DCs.
> Both dc1 and dc2 seem to run pretty fine and when working with Windows, I
> do not see any issues.
>
> But when issuing the following command on dc1, the command does not
> return but seems to be stuck.
>
> samba-tool drs showrepl
>
> When issuing the same command on dc2, it takes a second or so and the result
> is printed on the screen.
> The same with other commands like "samba-tool dns add"
>
> I already checked the samba log files, but I did not find any log entry.
>
> I know that it is difficult to provide a solution for a problem that is described so
> poorly, but I don't know how to further debug it.
> Any hints on how to move forward here and/or how to get more information?
>
> The output of samba-tool drs showrepl on dc2 does not show issues,
> regardless of which dc is replicated to which one (i.e. dc1 to tc2 or vice-versa).
> When executing repadmin /replsummary on a Windows client, also no errors
> are shown.
>
> Here's the output:
>
> root at dc2:/var/lib/samba# samba-tool drs showrepl
> Default-First-Site-Name\DC2
> DSA Options: 0x00000001
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> DSA invocationId: 0e649cb7-efc8-47ad-a841-4453973dbcec
>
> ==== INBOUND NEIGHBORS ====
>
> DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:26:25 2023 CET
>
> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:26:25 2023 CET
>
> CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:26:25 2023 CET
>
> DC=DomainDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:26:25 2023 CET
>
> DC=ForestDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:26:25 2023 CET
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: 138dbf8f-16ef-406e-87aa-72a25b4e03b6
> Enabled : TRUE
> Server DNS name : dc1.local.example.de
> Server DN name : CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
> Now, after 10 minutes or so, also dc1 finished the command.
> Here's the result:
>
> root at dc1:~# samba-tool drs showrepl
> Default-First-Site-Name\DC1
> DSA Options: 0x00000001
> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> DSA invocationId: a1e3fc90-833a-476e-8c8a-0753b5593ae3
>
> ==== INBOUND NEIGHBORS ====
>
> DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ Tue Nov 21 12:41:42 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:41:42 2023 CET
>
> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ Tue Nov 21 12:41:43 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:41:43 2023 CET
>
> CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ Tue Nov 21 12:41:43 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:41:43 2023 CET
>
> DC=DomainDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ Tue Nov 21 12:41:43 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:41:43 2023 CET
>
> DC=ForestDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ Tue Nov 21 12:41:41 2023 CET was successful
> 0 consecutive failure(s).
> Last success @ Tue Nov 21 12:41:41 2023 CET
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=local,DC=example,DC=de
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: 85d23471-63cd-4bf1-9238-1ea493d07a95
> Enabled : TRUE
> Server DNS name : dc2.local.example.de
> Server DN name : CN=NTDS
> Settings,CN=DC2,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
>
> Both servers (Ubuntu Server) have the latest updates installed.
> The samba version is 4.15.13-Ubuntu.
>
> What could be the reason why one dc takes so long with samba-tool
> commands while the other one is much faster?
>
> Best
> Tom
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
I've experienced this before and it's usually transient. If you want to see where in the process it's hanging, you can increase the debug level to something like 5.
samba-tool drs showrepl -d 5
More information about the samba
mailing list