[Samba] samba-tool hangs on one dc
Thomas Schachtner
Thomas.schachtner at eltheim.de
Tue Nov 21 22:50:16 UTC 2023
> On Tue, 2023-11-21 at 10:33 -0500, James Atwell via samba wrote:
>>
>>> -----Original Message-----
>>> From: samba<samba-bounces at lists.samba.org> On Behalf Of Thomas
>>> Schachtner via samba
>>> Sent: Tuesday, November 21, 2023 9:16 AM
>>> To:samba at lists.samba.org
>>> Subject: [Samba] samba-tool hangs on one dc
>>>
>>> Hello,
>>>
>>> since some time (I don't remember since when) I have a strange
>>> phenomenon
>>> with one of my two samba4 DCs.
>>> Both dc1 and dc2 seem to run pretty fine and when working with
>>> Windows, I
>>> do not see any issues.
>>>
>>> But when issuing the following command on dc1, the command does not
>>> return but seems to be stuck.
>>>
>>> samba-tool drs showrepl
>>>
>>> When issuing the same command on dc2, it takes a second or so and
>>> the result
>>> is printed on the screen.
>>> The same with other commands like "samba-tool dns add"
>>>
>>> I already checked the samba log files, but I did not find any log
>>> entry.
>>>
>>> I know that it is difficult to provide a solution for a problem
>>> that is described so
>>> poorly, but I don't know how to further debug it.
>>> Any hints on how to move forward here and/or how to get more
>>> information?
>>>
>>> The output of samba-tool drs showrepl on dc2 does not show issues,
>>> regardless of which dc is replicated to which one (i.e. dc1 to tc2
>>> or vice-versa).
>>> When executing repadmin /replsummary on a Windows client, also no
>>> errors
>>> are shown.
>>>
>>> Here's the output:
>>>
>>> root at dc2:/var/lib/samba# samba-tool drs showrepl
>>> Default-First-Site-Name\DC2
>>> DSA Options: 0x00000001
>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>>> DSA invocationId: 0e649cb7-efc8-47ad-a841-4453973dbcec
>>>
>>> ==== INBOUND NEIGHBORS ====
>>>
>>> DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC1 via RPC
>>> DSA object GUID: 4872003f-2bd7-4393-9eed-
>>> 1ceaeecf92eb
>>> Last attempt @ Tue Nov 21 12:26:25 2023 CET was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Nov 21 12:26:25 2023 CET
>>>
>>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC1 via RPC
>>> DSA object GUID: 4872003f-2bd7-4393-9eed-
>>> 1ceaeecf92eb
>>> Last attempt @ Tue Nov 21 12:26:25 2023 CET was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Nov 21 12:26:25 2023 CET
>>>
>>> CN=Configuration,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC1 via RPC
>>> DSA object GUID: 4872003f-2bd7-4393-9eed-
>>> 1ceaeecf92eb
>>> Last attempt @ Tue Nov 21 12:26:25 2023 CET was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Nov 21 12:26:25 2023 CET
>>>
>>> DC=DomainDnsZones,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC1 via RPC
>>> DSA object GUID: 4872003f-2bd7-4393-9eed-
>>> 1ceaeecf92eb
>>> Last attempt @ Tue Nov 21 12:26:25 2023 CET was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Nov 21 12:26:25 2023 CET
>>>
>>> DC=ForestDnsZones,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC1 via RPC
>>> DSA object GUID: 4872003f-2bd7-4393-9eed-
>>> 1ceaeecf92eb
>>> Last attempt @ Tue Nov 21 12:26:25 2023 CET was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Nov 21 12:26:25 2023 CET
>>>
>>> ==== OUTBOUND NEIGHBORS ====
>>>
>>> DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC1 via RPC
>>> DSA object GUID: 4872003f-2bd7-4393-9eed-
>>> 1ceaeecf92eb
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC1 via RPC
>>> DSA object GUID: 4872003f-2bd7-4393-9eed-
>>> 1ceaeecf92eb
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Configuration,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC1 via RPC
>>> DSA object GUID: 4872003f-2bd7-4393-9eed-
>>> 1ceaeecf92eb
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=DomainDnsZones,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC1 via RPC
>>> DSA object GUID: 4872003f-2bd7-4393-9eed-
>>> 1ceaeecf92eb
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=ForestDnsZones,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC1 via RPC
>>> DSA object GUID: 4872003f-2bd7-4393-9eed-
>>> 1ceaeecf92eb
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> ==== KCC CONNECTION OBJECTS ====
>>>
>>> Connection --
>>> Connection name: 138dbf8f-16ef-406e-87aa-72a25b4e03b6
>>> Enabled : TRUE
>>> Server DNS name : dc1.local.example.de
>>> Server DN name : CN=NTDS
>>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-
>>> Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
>>> TransportType: RPC
>>> options: 0x00000001
>>> Warning: No NC replicated for Connection!
>>>
>>> Now, after 10 minutes or so, also dc1 finished the command.
>>> Here's the result:
>>>
>>> root at dc1:~# samba-tool drs showrepl
>>> Default-First-Site-Name\DC1
>>> DSA Options: 0x00000001
>>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>>> DSA invocationId: a1e3fc90-833a-476e-8c8a-0753b5593ae3
>>>
>>> ==== INBOUND NEIGHBORS ====
>>>
>>> DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC2 via RPC
>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
>>> 00a0db86e6a8
>>> Last attempt @ Tue Nov 21 12:41:42 2023 CET was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Nov 21 12:41:42 2023 CET
>>>
>>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC2 via RPC
>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
>>> 00a0db86e6a8
>>> Last attempt @ Tue Nov 21 12:41:43 2023 CET was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Nov 21 12:41:43 2023 CET
>>>
>>> CN=Configuration,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC2 via RPC
>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
>>> 00a0db86e6a8
>>> Last attempt @ Tue Nov 21 12:41:43 2023 CET was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Nov 21 12:41:43 2023 CET
>>>
>>> DC=DomainDnsZones,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC2 via RPC
>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
>>> 00a0db86e6a8
>>> Last attempt @ Tue Nov 21 12:41:43 2023 CET was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Nov 21 12:41:43 2023 CET
>>>
>>> DC=ForestDnsZones,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC2 via RPC
>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
>>> 00a0db86e6a8
>>> Last attempt @ Tue Nov 21 12:41:41 2023 CET was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Nov 21 12:41:41 2023 CET
>>>
>>> ==== OUTBOUND NEIGHBORS ====
>>>
>>> DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC2 via RPC
>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
>>> 00a0db86e6a8
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC2 via RPC
>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
>>> 00a0db86e6a8
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Configuration,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC2 via RPC
>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
>>> 00a0db86e6a8
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=DomainDnsZones,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC2 via RPC
>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
>>> 00a0db86e6a8
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=ForestDnsZones,DC=local,DC=example,DC=de
>>> Default-First-Site-Name\DC2 via RPC
>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
>>> 00a0db86e6a8
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> ==== KCC CONNECTION OBJECTS ====
>>>
>>> Connection --
>>> Connection name: 85d23471-63cd-4bf1-9238-1ea493d07a95
>>> Enabled : TRUE
>>> Server DNS name : dc2.local.example.de
>>> Server DN name : CN=NTDS
>>> Settings,CN=DC2,CN=Servers,CN=Default-First-Site-
>>> Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
>>> TransportType: RPC
>>> options: 0x00000001
>>> Warning: No NC replicated for Connection!
>>>
>>>
>>>
>>> Both servers (Ubuntu Server) have the latest updates installed.
>>> The samba version is 4.15.13-Ubuntu.
>>>
>>> What could be the reason why one dc takes so long with samba-tool
>>> commands while the other one is much faster?
>>>
>>> Best
>>> Tom
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:https://lists.samba.org/mailman/options/samba
>> I've experienced this before and it's usually transient. If you want
>> to see where in the process it's hanging, you can increase the debug
>> level to something like 5.
>>
>> samba-tool drs showrepl -d 5
>>
>
> I've had the experience of samba-tool hanging when DNS is
> misconfigured.
Sure, there may be a faulty DNS configuration, but all the permissions
seem to be identical on both servers and the permissions of the users
are also the same.
If it's a DNS issue, why does it work on one DC then and not on the
other one?
Or in other words: How could I investigate this DNS issue?
More information about the samba
mailing list