Sync issue with Samba 4DC on Win 2k8 domain.

Allen Brown allen at qualica.com
Tue Apr 5 09:10:49 MDT 2011 

Good day

I have configured the following setup :

Windows 2008 SP1 as a forest DC at 2008 functional mode for domain.com
Windows 2008 SP1 as a domain DC at 2008 functional mode for dev.domain.com
Samba 4 Alpha 15 as a DC.

Configure, make, make quicktest and install all worked without any problems, the
vampire also 
succeeded completely, without any error, and the samba DC is registered as a DC 
in domain 
dev.domain.com.

I initially had DNS problems which I resolved by manually adding entries into 
the forward lookup zones 
for the samba 4 DC, obviously this is not ideal, but I'm assuming there is a 
specific DNS issue. I have 
allowed secure and non-secure DNS updates, also not ideal, but it seems to 
make some of the DNS 
issues go away.

On starting up Samba I see the errors as expressed below during operations.

root at dhcp138:/usr/local/samba# sbin/samba -i -M single
samba version 4.0.0alpha15-GIT-fe35ff2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2011
samba: using 'single' process model
../source4/dsdb/repl/drepl_ridalloc.c:43: 
RID Manager failed RID allocation - WERR_BADFILE - extended_ret[0x0]
../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - 
WERR_BADFILE - extended_ret[0x0]
Security token SIDs (7):
  SID[  0]: S-1-5-21-3837153879-3628249556-1053651393-1000
  SID[  1]: S-1-5-21-3837153879-3628249556-1053651393-516
  SID[  2]: S-1-5-9
  SID[  3]: S-1-5-32-560
  SID[  4]: S-1-1-0
  SID[  5]: S-1-5-2
  SID[  6]: S-1-5-11
 Privileges (0x               0):
 Rights (0x               0):
../source4/rpc_server/drsuapi/getncchanges.c:1311: DsGetNCChanges 
2nd replication on different DN 
CN=Schema,CN=Configuration,DC=domain,DC=com CN=Configuration,
DC=domain,DC=com (last_dn 
(null))
../source4/dsdb/repl/drepl_ridalloc.c:43: 
RID Manager failed RID allocation - WERR_BADFILE - 
extended_ret[0x0]

When testing sync I get the following output


root at dhcp138:/usr/local/samba# bin/samba-tool drs showrepl
Default-First-Site-Name\DHCP138
DSA Options: 0x00000001
DSA object GUID: dbc9d6ad-e4e0-400e-acfb-2b3e521aca51
DSA invocationId: e8f9940f-b0cb-48c5-b5a5-e187e94eda6f

==== INBOUND NEIGHBORS ====

DC=dev,DC=domain,DC=com
Default-First-Site-Name\AD02 via RPC
 DSA object GUID: ed246148-6e80-4b7e-aa7d-5010ac75e554
 Last attempt @ Tue Apr  5 16:43:56 2011 SAST failed, result 2 (WERR_BADFILE)
 13 consecutive failure(s).
 Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\AD02 via RPC
  DSA object GUID: ed246148-6e80-4b7e-aa7d-5010ac75e554
  Last attempt @ Tue Apr  5 16:44:11 2011 SAST failed, result 2 (WERR_BADFILE)
  12 consecutive failure(s).
  Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\AD01 via RPC
  DSA object GUID: 1ec714e7-26b1-4e3c-a24e-9ca64d042ef0
  Last attempt @ Tue Apr  5 16:44:13 2011 SAST failed, result 2 (WERR_BADFILE)
  11 consecutive failure(s).
  Last success @ NTTIME(0)

CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\AD02 via RPC
  DSA object GUID: ed246148-6e80-4b7e-aa7d-5010ac75e554
  Last attempt @ Tue Apr  5 16:44:01 2011 SAST failed, result 2 (WERR_BADFILE)
  13 consecutive failure(s).
  Last success @ NTTIME(0)

CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\AD01 via RPC
  DSA object GUID: 1ec714e7-26b1-4e3c-a24e-9ca64d042ef0
  Last attempt @ Tue Apr  5 16:44:06 2011 SAST failed, result 2 (WERR_BADFILE)
  11 consecutive failure(s).
  Last success @ NTTIME(0)

==== OUTBOUND NEIGHBORS ====

DC=dev,DC=domain,DC=com
        Default-First-Site-Name\AD02 via RPC
                DSA object GUID: ed246148-6e80-4b7e-aa7d-5010ac75e554
                Last attempt @ Tue Apr  5 16:46:34 2011 SAST was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: cc2c4750-08de-4fc5-b3e7-a1317bddb6a4
        Enabled        : TRUE
        Server DNS name : dhcp138.dev.domain.com
        Server DN name  : 
CN=NTDS Settings,CN=AD02,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=domain,DC=com
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
        Connection name: f13be618-d1f7-42ab-9d5c-1b936f5d106a
        Enabled        : TRUE
        Server DNS name : dhcp138.dev.domain.com
        Server DN name  : 
CN=NTDS Settings,CN=AD01,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=domain,DC=com
               TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!

It simply does not look like replication is working on any level.

Any assistance would be appreciated.

Thank you
Allen Brown

More information about the samba-technical mailing list