Multi-Samba4 DC Domain With Replication/DNS Issues

Ted Salmon tass2001 at hotmail.com
Fri Dec 2 11:44:29 MST 2011


Hello,
I recently setup a second AD DC in my Domain which is running in a VM. Both DCs in the domain run Samba4 Alpha 17 (Final Alpha) and were installed from the same package which I compiled. The PDC of the domain is running Bind 9.8.1 P1 with GSSAPI for Kerberos DNS updates which are working great (I've added multiple client machines and watched them replicate into the DNS). The trouble comes with replication from DC to DC. It seems the PDC replicates just fine to the other DC in the domain but replication does not work from the secondary DC back to the PDC. I noticed that the Secondary DC is also NOT in DNS so I had to add it via host entry (really ghetto). I'm not sure why it won't show up in DNS as other client machines on the domain replicate into DNS without fault. The PDC does have all failures for replication in and error out with 'WERR_BADFILE'. Also, is there a way to remove the secondary DC from the domain now that it's been joined?
Here's what my PDC has to say about AD DCs in my domain:root at NETW1-STATS:~# ldbsearch -H /usr/var/lib/samba/private/sam.ldb objectclass=ntdsdsa objectguid --cross-ncs# record 1dn: CN=NTDS Settings,CN=NETW1-STATS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=network,DC=localobjectGUID: 607a8cb6-c2ed-4e21-b616-576fae043d7b
# record 2dn: CN=NTDS Settings,CN=NETW2-DEV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=network,DC=localobjectGUID: 78398891-722d-4c85-96b4-41416e126a1c
# returned 2 records# 2 entries# 0 referrals
Show Replication from the PDC:root at NETW1-STATS:~# samba-tool drs showreplDefault-First-Site-Name\NETW1-STATSDSA Options: 0x00000001DSA object GUID: 607a8cb6-c2ed-4e21-b616-576fae043d7bDSA invocationId: 7e13dc83-79f2-4400-9702-9afcdc59a6f7
==== INBOUND NEIGHBORS ====
DC=domain,DC=network,DC=local        Default-First-Site-Name\NETW2-DEV via RPC                DSA object GUID: 78398891-722d-4c85-96b4-41416e126a1c                Last attempt @ Fri Dec  2 10:35:24 2011 PST failed, result 2 (WERR_BADFILE)                1144 consecutive failure(s).                Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=domain,DC=network,DC=local        Default-First-Site-Name\NETW2-DEV via RPC                DSA object GUID: 78398891-722d-4c85-96b4-41416e126a1c                Last attempt @ Fri Dec  2 10:35:24 2011 PST failed, result 2 (WERR_BADFILE)                1144 consecutive failure(s).                Last success @ NTTIME(0)
CN=Configuration,DC=domain,DC=network,DC=local        Default-First-Site-Name\NETW2-DEV via RPC                DSA object GUID: 78398891-722d-4c85-96b4-41416e126a1c                Last attempt @ Fri Dec  2 10:35:24 2011 PST failed, result 2 (WERR_BADFILE)                1144 consecutive failure(s).                Last success @ NTTIME(0)
==== OUTBOUND NEIGHBORS ====
DC=domain,DC=network,DC=local        Default-First-Site-Name\NETW2-DEV via RPC                DSA object GUID: 78398891-722d-4c85-96b4-41416e126a1c                Last attempt @ Fri Dec  2 10:36:52 2011 PST failed, result 2 (WERR_BADFILE)                46 consecutive failure(s).                Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=domain,DC=network,DC=local        Default-First-Site-Name\NETW2-DEV via RPC                DSA object GUID: 78398891-722d-4c85-96b4-41416e126a1c                Last attempt @ Fri Dec  2 10:36:51 2011 PST failed, result 2 (WERR_BADFILE)                46 consecutive failure(s).                Last success @ NTTIME(0)
CN=Configuration,DC=domain,DC=network,DC=local        Default-First-Site-Name\NETW2-DEV via RPC                DSA object GUID: 78398891-722d-4c85-96b4-41416e126a1c                Last attempt @ Fri Dec  2 10:36:52 2011 PST failed, result 2 (WERR_BADFILE)                46 consecutive failure(s).                Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --        Connection name: f7423b83-b8f9-4d6a-a890-6ce49fe0034f        Enabled        : TRUE        Server DNS name : NETW1-STATS.domain.network.local        Server DN name  : CN=NTDS Settings,CN=NETW2-DEV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=network,DC=local                TransportType: RPC                options: 0x00000001Warning: No NC replicated for Connection!
and from the Secondary DC:root at NETW2-DEV:~# samba-tool drs showreplDefault-First-Site-Name\NETW2-DEVDSA Options: 0x00000001DSA object GUID: 78398891-722d-4c85-96b4-41416e126a1cDSA invocationId: baa50915-e4b0-4c9f-aa27-e48e53b340d8
==== INBOUND NEIGHBORS ====
CN=Configuration,DC=domain,DC=network,DC=local        Default-First-Site-Name\NETW1-STATS via RPC                DSA object GUID: 607a8cb6-c2ed-4e21-b616-576fae043d7b                Last attempt @ Fri Dec  2 10:33:12 2011 PST was successful                0 consecutive failure(s).                Last success @ Fri Dec  2 10:33:12 2011 PST
DC=domain,DC=network,DC=local        Default-First-Site-Name\NETW1-STATS via RPC                DSA object GUID: 607a8cb6-c2ed-4e21-b616-576fae043d7b                Last attempt @ Fri Dec  2 10:33:11 2011 PST was successful                0 consecutive failure(s).                Last success @ Fri Dec  2 10:33:11 2011 PST
CN=Schema,CN=Configuration,DC=domain,DC=network,DC=local        Default-First-Site-Name\NETW1-STATS via RPC                DSA object GUID: 607a8cb6-c2ed-4e21-b616-576fae043d7b                Last attempt @ Fri Dec  2 10:33:12 2011 PST was successful                0 consecutive failure(s).                Last success @ Fri Dec  2 10:33:12 2011 PST
==== OUTBOUND NEIGHBORS ====
==== KCC CONNECTION OBJECTS ====
Connection --        Connection name: ed2ab61a-c222-4586-8b3f-a40d7675af39        Enabled        : TRUE        Server DNS name : NETW2-DEV.domain.network.local        Server DN name  : CN=NTDS Settings,CN=NETW1-STATS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=network,DC=local                TransportType: RPC                options: 0x00000001Warning: No NC replicated for Connection!

DNS axfr:root at NETW1-STATS:~# dig @localhost domain.network.local axfr
; <<>> DiG 9.8.1-P1 <<>> @localhost domain.network.local axfr; (1 server found);; global options: +cmddomain.network.local.   604800  IN      SOA     NETW1-STATS.domain.network.local. hostmaster.domain.network.local. 2011111211 172800 14400 3628800 604800domain.network.local.   604800  IN      NS      NETW1-STATS.domain.network.local.domain.network.local.   604800  IN      A       10.200.1.5_kerberos.domain.network.local. 604800 IN TXT   "DOMAIN.NETWORK.LOCAL"607a8cb6-c2ed-4e21-b616-576fae043d7b._msdcs.domain.network.local. 604800 IN CNAME NETW1-STATS.domain.network.local._kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.network.local. 604800 IN SRV 0 100 88 NETW1-STATS.domain.network.local._ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.network.local. 604800 IN SRV 0 100 389 NETW1-STATS.domain.network.local._kerberos._tcp.dc._msdcs.domain.network.local. 604800 IN SRV 0 100 88 NETW1-STATS.domain.network.local._ldap._tcp.dc._msdcs.domain.network.local. 604800 IN SRV 0 100 389 NETW1-STATS.domain.network.local._ldap._tcp.c884d078-5656-47b6-b28d-e7d0be029abc.domains._msdcs.domain.network.local. 604800 IN SRV 0 100 389 NETW1-STATS.domain.network.local.gc._msdcs.domain.network.local. 604800 IN A     10.200.1.5_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.network.local. 604800 IN SRV 0 100 3268 NETW1-STATS.domain.network.local._ldap._tcp.gc._msdcs.domain.network.local. 604800 IN SRV 0 100 3268 NETW1-STATS.domain.network.local._ldap._tcp.pdc._msdcs.domain.network.local. 604800 IN SRV 0 100 389 NETW1-STATS.domain.network.local._gc._tcp.Default-First-Site-Name._sites.domain.network.local. 604800 IN SRV 0 100 3268 NETW1-STATS.domain.network.local._kerberos._tcp.Default-First-Site-Name._sites.domain.network.local. 604800 IN SRV 0 100 88 NETW1-STATS.domain.network.local._ldap._tcp.Default-First-Site-Name._sites.domain.network.local. 604800 IN SRV 0 100 389 NETW1-STATS.domain.network.local._gc._tcp.domain.network.local. 604800 IN SRV    0 100 3268 NETW1-STATS.domain.network.local._kerberos._tcp.domain.network.local. 604800 IN SRV 0 100 88 NETW1-STATS.domain.network.local._kerberos-master._tcp.domain.network.local. 604800 IN SRV 0 100 88 NETW1-STATS.domain.network.local._kpasswd._tcp.domain.network.local. 604800 IN SRV 0 100 464 NETW1-STATS.domain.network.local._ldap._tcp.domain.network.local. 604800 IN SRV  0 100 389 NETW1-STATS.domain.network.local._kerberos._udp.domain.network.local. 604800 IN SRV 0 100 88 NETW1-STATS.domain.network.local._kerberos-master._udp.domain.network.local. 604800 IN SRV 0 100 88 NETW1-STATS.domain.network.local._kpasswd._udp.domain.network.local. 604800 IN SRV 0 100 464 NETW1-STATS.domain.network.local.LAPPY.domain.network.local. 1200 IN     A       10.200.1.6 <<< Dynamic DNS UpdateNETW1-STATS.domain.network.local. 604800 IN A   10.200.1.5NETW1-WINVM.domain.network.local. 1200 IN A     10.200.1.11 <<< Dynamic DNS Updatedomain.network.local.   604800  IN      SOA     NETW1-STATS.domain.network.local. hostmaster.domain.network.local. 2011111211 172800 14400 3628800 604800;; Query time: 4 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Fri Dec  2 10:39:18 2011;; XFR size: 29 records (messages 1, bytes 1685)
Thanks!
-Ted Salmon 		 	   		  


More information about the samba-technical mailing list