[cifs-protocol] Windows DC returning WERR_DS_DRA_NO_REPLICA when Samba DC wants to send replica

Matthieu Patou mat at samba.org
Thu Jul 28 15:30:15 MDT 2011


Hello Dochelp team,


I'm prolonging my tests with s4 DC and Windows DC, and I've discovered 
another interesting situation:

My Samba DC is sending a DsReplicaSync call to a Windows 2003r2 DC:

        drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
           in: struct drsuapi_DsReplicaSync
               bind_handle              : *
                   bind_handle: struct policy_handle
                       handle_type              : 0x00000000 (0)
                       uuid                     : 
475694da-a2c9-49d7-8979-127fe2bf53c2
               level                    : 0x00000001 (1)
               req                      : *
                   req                      : union 
drsuapi_DsReplicaSyncRequest(case 1)
                   req1: struct drsuapi_DsReplicaSyncRequest1
                       naming_context           : *
                           naming_context: struct 
drsuapi_DsReplicaObjectIdentifier
                               __ndr_size               : 0x00000060 (96)
                               __ndr_size_sid           : 0x00000018 (24)
                               guid                     : 
e1c9fcb8-d491-4529-862d-814844073d80
                               sid                      : 
S-1-5-21-2292624160-2068466659-3617568066
                               __ndr_size_dn            : 0x00000013 (19)
                               dn                       : 'DC=domain,DC=tld'
                       source_dsa_guid          : 
f091b72b-4307-40d0-be64-ab697f35f106
                       source_dsa_dns           : NULL
                       options                  : 0x00080013 (524307)
                              1: DRSUAPI_DRS_ASYNC_OP
                              1: DRSUAPI_DRS_GETCHG_CHECK
                              1: DRSUAPI_DRS_UPDATE_NOTIFICATION
                              0: DRSUAPI_DRS_ADD_REF
                              0: DRSUAPI_DRS_SYNC_ALL
                              0: DRSUAPI_DRS_DEL_REF
                              1: DRSUAPI_DRS_WRIT_REP
                              0: DRSUAPI_DRS_INIT_SYNC
                              0: DRSUAPI_DRS_PER_SYNC
                              0: DRSUAPI_DRS_MAIL_REP
                              0: DRSUAPI_DRS_ASYNC_REP
                              0: DRSUAPI_DRS_IGNORE_ERROR
                              0: DRSUAPI_DRS_TWOWAY_SYNC
                              0: DRSUAPI_DRS_CRITICAL_ONLY
                              0: DRSUAPI_DRS_GET_ANC
                              0: DRSUAPI_DRS_GET_NC_SIZE
                              0: DRSUAPI_DRS_LOCAL_ONLY
                              0: DRSUAPI_DRS_NONGC_RO_REP
                              0: DRSUAPI_DRS_SYNC_BYNAME
                              0: DRSUAPI_DRS_REF_OK
                              0: DRSUAPI_DRS_FULL_SYNC_NOW
                              0: DRSUAPI_DRS_NO_SOURCE
                              0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
                              0: DRSUAPI_DRS_FULL_SYNC_PACKET
                              0: DRSUAPI_DRS_SYNC_REQUEUE
                              1: DRSUAPI_DRS_SYNC_URGENT
                              0: DRSUAPI_DRS_REF_GCSPN
                              0: DRSUAPI_DRS_NO_DISCARD
                              0: DRSUAPI_DRS_NEVER_SYNCED
                              0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
                              0: DRSUAPI_DRS_INIT_SYNC_NOW
                              0: DRSUAPI_DRS_PREEMPTED
                              0: DRSUAPI_DRS_SYNC_FORCED
                              0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
                              0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
                              0: DRSUAPI_DRS_USE_COMPRESSION
                              0: DRSUAPI_DRS_NEVER_NOTIFY
                              0: DRSUAPI_DRS_SYNC_PAS
                              0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP

The repsfrom of the DC (windows) is:
     decode_repsFromTo: struct decode_repsFromTo
         in: struct decode_repsFromTo
             blob: struct repsFromToBlob
                 version                  : 0x00000001 (1)
                 reserved                 : 0x00000000 (0)
                 ctr                      : union repsFromTo(case 1)
                 ctr1: struct repsFromTo1
                     blobsize                 : 0x00000116 (278)
                     consecutive_sync_failures: 0x00000000 (0)
                     last_success             : jeu. juil. 28 22:54:17 
2011 MSD
                     last_attempt             : jeu. juil. 28 22:54:17 
2011 MSD
                     result_last_attempt      : WERR_OK
                     other_info               : *
                         other_info: struct repsFromTo1OtherInfo
                             __dns_name_size          : 0x0000003a (58)
                             dns_name                 : 
'f091b72b-4307-40d0-be64-ab697f35f106._msdcs.domain.tld'
                     other_info_length        : 0x0000003e (62)
                     replica_flags            : 0x30000050 (805306448)
                            0: DRSUAPI_DRS_ASYNC_OP
                            0: DRSUAPI_DRS_GETCHG_CHECK
                            0: DRSUAPI_DRS_UPDATE_NOTIFICATION
                            0: DRSUAPI_DRS_ADD_REF
                            0: DRSUAPI_DRS_SYNC_ALL
                            0: DRSUAPI_DRS_DEL_REF
                            1: DRSUAPI_DRS_WRIT_REP
                            0: DRSUAPI_DRS_INIT_SYNC
                            1: DRSUAPI_DRS_PER_SYNC
                            0: DRSUAPI_DRS_MAIL_REP
                            0: DRSUAPI_DRS_ASYNC_REP
                            0: DRSUAPI_DRS_IGNORE_ERROR
                            0: DRSUAPI_DRS_TWOWAY_SYNC
                            0: DRSUAPI_DRS_CRITICAL_ONLY
                            0: DRSUAPI_DRS_GET_ANC
                            0: DRSUAPI_DRS_GET_NC_SIZE
                            0: DRSUAPI_DRS_LOCAL_ONLY
                            0: DRSUAPI_DRS_NONGC_RO_REP
                            0: DRSUAPI_DRS_SYNC_BYNAME
                            0: DRSUAPI_DRS_REF_OK
                            0: DRSUAPI_DRS_FULL_SYNC_NOW
                            0: DRSUAPI_DRS_NO_SOURCE
                            0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
                            0: DRSUAPI_DRS_FULL_SYNC_PACKET
                            0: DRSUAPI_DRS_SYNC_REQUEUE
                            0: DRSUAPI_DRS_SYNC_URGENT
                            0: DRSUAPI_DRS_REF_GCSPN
                            0: DRSUAPI_DRS_NO_DISCARD
                            0: DRSUAPI_DRS_NEVER_SYNCED
                            0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
                            0: DRSUAPI_DRS_INIT_SYNC_NOW
                            0: DRSUAPI_DRS_PREEMPTED
                            0: DRSUAPI_DRS_SYNC_FORCED
                            0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
                            0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
                            1: DRSUAPI_DRS_USE_COMPRESSION
                            1: DRSUAPI_DRS_NEVER_NOTIFY
                            0: DRSUAPI_DRS_SYNC_PAS
                            0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
                     schedule                 : 
100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100100
                     reserved                 : 0x00000000 (0)
                     highwatermark: struct drsuapi_DsReplicaHighWaterMark
                         tmp_highest_usn          : 0x0000000000073a7b 
(473723)
                         reserved_usn             : 0x0000000000000000 (0)
                         highest_usn              : 0x0000000000073a7b 
(473723)
                     source_dsa_obj_guid      : 
f091b72b-4307-40d0-be64-ab697f35f106
                     source_dsa_invocation_id :
                     transport_guid           : 
00000000-0000-0000-0000-000000000000


If I read correctly the paragraph 4.1.23 IDL_DRSReplicaSync (Opnum 2) 
the receiving server should return DS_DRA_NO_REPLICA  if

rf := select all v in nc!repsFrom
where DRS_SYNC_ALL in options
or (DRS_SYNC_BYNAME in options
and v.naDsa = msgIn.pszDsaSrc)
or (not DRS_SYNC_BYNAME in options
and v.uuidDsa = msgIn.uuidDsaSrc)
returns no rf.

In my case option has not DRS_SYNC_ALL nor DRS_SYNC_BYNAME but it seems 
that the uuidDSA (source_dsa_invocation_id in samba) is equal to the
uuidDsaSrc (source_dsa_guid in samba).

Is there something that I'm missing  or misinterpreting ?

Thanks for your help.

Matthieu.

-- 
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary




More information about the cifs-protocol mailing list