[cifs-protocol] Windows DC returning WERR_DS_DRA_NO_REPLICA when Samba DC wants to send replica
Matthieu Patou
mat at samba.org
Thu Jul 28 15:30:15 MDT 2011
Hello Dochelp team,
I'm prolonging my tests with s4 DC and Windows DC, and I've discovered
another interesting situation:
My Samba DC is sending a DsReplicaSync call to a Windows 2003r2 DC:
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
in: struct drsuapi_DsReplicaSync
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
475694da-a2c9-49d7-8979-127fe2bf53c2
level : 0x00000001 (1)
req : *
req : union
drsuapi_DsReplicaSyncRequest(case 1)
req1: struct drsuapi_DsReplicaSyncRequest1
naming_context : *
naming_context: struct
drsuapi_DsReplicaObjectIdentifier
__ndr_size : 0x00000060 (96)
__ndr_size_sid : 0x00000018 (24)
guid :
e1c9fcb8-d491-4529-862d-814844073d80
sid :
S-1-5-21-2292624160-2068466659-3617568066
__ndr_size_dn : 0x00000013 (19)
dn : 'DC=domain,DC=tld'
source_dsa_guid :
f091b72b-4307-40d0-be64-ab697f35f106
source_dsa_dns : NULL
options : 0x00080013 (524307)
1: DRSUAPI_DRS_ASYNC_OP
1: DRSUAPI_DRS_GETCHG_CHECK
1: DRSUAPI_DRS_UPDATE_NOTIFICATION
0: DRSUAPI_DRS_ADD_REF
0: DRSUAPI_DRS_SYNC_ALL
0: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
0: DRSUAPI_DRS_INIT_SYNC
0: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
0: DRSUAPI_DRS_FULL_SYNC_NOW
0: DRSUAPI_DRS_NO_SOURCE
0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
1: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
0: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
0: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
0: DRSUAPI_DRS_USE_COMPRESSION
0: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
The repsfrom of the DC (windows) is:
decode_repsFromTo: struct decode_repsFromTo
in: struct decode_repsFromTo
blob: struct repsFromToBlob
version : 0x00000001 (1)
reserved : 0x00000000 (0)
ctr : union repsFromTo(case 1)
ctr1: struct repsFromTo1
blobsize : 0x00000116 (278)
consecutive_sync_failures: 0x00000000 (0)
last_success : jeu. juil. 28 22:54:17
2011 MSD
last_attempt : jeu. juil. 28 22:54:17
2011 MSD
result_last_attempt : WERR_OK
other_info : *
other_info: struct repsFromTo1OtherInfo
__dns_name_size : 0x0000003a (58)
dns_name :
'f091b72b-4307-40d0-be64-ab697f35f106._msdcs.domain.tld'
other_info_length : 0x0000003e (62)
replica_flags : 0x30000050 (805306448)
0: DRSUAPI_DRS_ASYNC_OP
0: DRSUAPI_DRS_GETCHG_CHECK
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
0: DRSUAPI_DRS_ADD_REF
0: DRSUAPI_DRS_SYNC_ALL
0: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
0: DRSUAPI_DRS_INIT_SYNC
1: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
0: DRSUAPI_DRS_FULL_SYNC_NOW
0: DRSUAPI_DRS_NO_SOURCE
0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
0: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
0: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
1: DRSUAPI_DRS_USE_COMPRESSION
1: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
schedule :
100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100
reserved : 0x00000000 (0)
highwatermark: struct drsuapi_DsReplicaHighWaterMark
tmp_highest_usn : 0x0000000000073a7b
(473723)
reserved_usn : 0x0000000000000000 (0)
highest_usn : 0x0000000000073a7b
(473723)
source_dsa_obj_guid :
f091b72b-4307-40d0-be64-ab697f35f106
source_dsa_invocation_id :
transport_guid :
00000000-0000-0000-0000-000000000000
If I read correctly the paragraph 4.1.23 IDL_DRSReplicaSync (Opnum 2)
the receiving server should return DS_DRA_NO_REPLICA if
rf := select all v in nc!repsFrom
where DRS_SYNC_ALL in options
or (DRS_SYNC_BYNAME in options
and v.naDsa = msgIn.pszDsaSrc)
or (not DRS_SYNC_BYNAME in options
and v.uuidDsa = msgIn.uuidDsaSrc)
returns no rf.
In my case option has not DRS_SYNC_ALL nor DRS_SYNC_BYNAME but it seems
that the uuidDSA (source_dsa_invocation_id in samba) is equal to the
uuidDsaSrc (source_dsa_guid in samba).
Is there something that I'm missing or misinterpreting ?
Thanks for your help.
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
More information about the cifs-protocol
mailing list