Need urgent help with samba4 DC re-join
Andrew Bartlett
abartlet at samba.org
Mon Jul 2 16:32:52 MDT 2012
On Mon, 2012-07-02 at 20:00 +0200, Andreas Oster wrote:
> Hello Andrew,
>
> as I have written, I have managed to restore the system to the state
> before my disastrous attempt to demote my BDC (novadc02). Currently both
> servers operate normal but still the problems with objectClass and
> objectCategory of the DomainDnsZones and ForestDnsZones exists.
>
> Would it make sense to, after taking a proper backup, demote the second
> DC again or should the faulty DB entries be fixed first ?
I've been thinking over this, and the reason for the slow replies is
that the situation isn't easy to fix. Somehow (and I would like to
understand how), the instanceType in your DNS partition on the master is
set not to include the WRITE bit. This causes the repl_meta_data
message you see.
However, I'm pretty sure 'fixing' the instanceType bit would be
prohibited by the objectclass module, enforcing the broken schema.
Given all that, it seems the 'safe' way to fix it is to correct the
instanceType based on the msDS-hasMasterNCs attribute in a dbcheck
routine, setting various flags to bypass checking for this specific
change, but I've not written that yet.
Sorry,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list