W2k3 migration to S4
Matthieu Patou
mat at matws.net
Tue Jun 12 22:11:14 MDT 2012
On 06/12/2012 11:00 AM, Juan Pablo Lorier wrote:
> Hi everybody,
>
> I've been trying to migrate our domain from windows to samba4. I have
> 2 w2k3 as domain controllers and created 2 samba 4 beta 2 (at this
> time) servers.
> In this 2 samba servers I managed to register them as DCs and setup
> BIND as slaves for the Win DNS (this way I replicated everything
> externally as I quite still don't get if I need to compile samba for
> bind_dlz or it's already a default).
> I'm now checking everything from the samba side to see if it's working
> fine, but got lot of things I need to ask for.
> I'll put my commentos in blue so they can be more visible between the
> logs pastes
>
> First, I got this errors in both samba DCs
>
> IRPC callback failed for DsReplicaSync - NT_STATUS_IO_TIMEOUT
> [2012/06/12 11:36:30, 0]
> ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
> IRPC callback failed for DsReplicaSync - NT_STATUS_IO_TIMEOUT
> [2012/06/12 11:36:33, 0]
> ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
> IRPC callback failed for DsReplicaSync - NT_STATUS_IO_TIMEOUT
> [2012/06/12 11:36:40, 0]
> ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
> IRPC callback failed for DsReplicaSync - NT_STATUS_IO_TIMEOUT
> [2012/06/12 11:36:40, 0]
> ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done)
> UpdateRefs failed with WERR_DS_DRA_BUSY/NT code 0xc00020f6 for
> f0658d7e-7b99-4def-bc69-1cbcc2aa5742._msdcs.montecarlotv.com.uy
> DC=montecarlotv,DC=com,DC=uy
> [2012/06/12 11:36:43, 0]
> ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
> IRPC callback failed for DsReplicaSync - NT_STATUS_IO_TIMEOUT
> [2012/06/12 11:36:53, 0]
> ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
> IRPC callback failed for - NT_STATUS_IO_TIMEOUT
> [2012/06/12 11:37:03, 0]
> ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
> IRPC callback failed for DsReplicaSync - NT_STATUS_IO_TIMEOUT
>
> The WERR_DS_DRA_BUSY/NT error refers to the sambaDC1 itself that is
> where the log fragment was taken from. In the other server only shows
> the DsReplicaSync error.
>
> I think that most of this may be caused by the way I've setup the DNS
> servers. As a way of testing BIND replication as slaves, I've set the
> DNS option of the win DHCP server to the BIND servers instead of the
> win DNS (it's working fine for the clients) and maybe this is messing
> up with samba trying to replicate against the samba server themselves
> instead of the win servers.
In order for replication to work correctly samba needs to register some
DNS records, as I understand for the moment samba is configured to use
bind as DNS server this will not work very good as the bind DNS server
will receive DNS update requests from samba but won't be able to do the
updates (as it's a slave).
Can you try to use the windows DNS server ?
> Other thing is that DNS is not correctly synchronising from the samba
> side, if I samba-tool dns query the servers, they return a list of
> mostly names without A records:
>
> /usr/local/samba/bin/samba-tool dns query sambaDC1 montecarlotv.com.uy
> @ ALL -U administrador
> Password for [CANAL4\administrador]:
> Name=, Records=0, Children=0
> Name=64CB0F5A, Records=0, Children=0
> Name=64CB0F86, Records=0, Children=0
> Name=_msdcs, Records=0, Children=6
> Name=_sites, Records=0, Children=1
> Name=_tcp, Records=0, Children=4
> Name=_udp, Records=0, Children=2
> Name=aborques-w7, Records=1, Children=0
> A: 192.168.6.92 (flags=f0, serial=15462, ttl=1200)
> Name=ademartino-ws, Records=0, Children=0
> Name=ads1, Records=2, Children=0
> A: 192.168.2.55 (flags=f0, serial=15492, ttl=3600)
> A: 192.168.128.55 (flags=f0, serial=15492, ttl=3600)
> Name=ALARRABURU-PC, Records=1, Children=0
> A: 192.168.11.123 (flags=f0, serial=15481, ttl=1200)
> Name=alfredo-pc, Records=0, Children=0
> Name=algocontigo-nb, Records=0, Children=0
> Name=ALLONE, Records=0, Children=0
> Name=almacen, Records=0, Children=0
> Name=almacen-ws, Records=0, Children=0
> Name=alopez, Records=0, Children=0
> Name=alopez--pc, Records=0, Children=0
> Name=alpha, Records=0, Children=0
> Name=android_bb2773c0e1d90342, Records=0, Children=0
> Name=android_dccd3641b8ef31c1, Records=0, Children=0
> Name=antispam, Records=0, Children=0
> Name=archivotn, Records=0, Children=0
> Name=arnunez-pc, Records=0, Children=0
> Name=bdc, Records=0, Children=0
> Name=bdu-nb, Records=1, Children=0
> A: 192.168.2.135 (flags=f0, serial=15465, ttl=900)
> Name=BDU-prod, Records=0, Children=0
> Name=bdubdu-ws, Records=0, Children=0
> Name=BMC_DHCP, Records=0, Children=0
> Name=borques-ws, Records=0, Children=0
> Name=BRODRIGUEZ--PC, Records=0, Children=0
> Name=buendia-wxp, Records=0, Children=0
> Name=caballero-ws, Records=0, Children=0
> Name=CABUARAB-7, Records=0, Children=0
> Name=CABUARAB-W7, Records=0, Children=0
> Name=CABUARAB-WS, Records=0, Children=0
> Name=cadete-ws, Records=0, Children=0
> Name=centos, Records=0, Children=0
> Name=cmesa, Records=0, Children=0
> Name=cobranza-ws, Records=0, Children=0
> Name=cont-spatrone-pc, Records=0, Children=0
> Name=Contadora, Records=0, Children=0
> Name=contenidos1, Records=0, Children=0
> Name=correo, Records=0, Children=0
> Name=correo2, Records=0, Children=0
> Name=CREGUEIRO-PC, Records=0, Children=0
> Name=cregueiro-ws, Records=0, Children=0
> Name=CROMANOFF, Records=0, Children=0
> Name=david, Records=0, Children=0
> Name=dbserver01, Records=0, Children=0
> Name=desarrollo, Records=1, Children=0
> A: 192.168.2.150 (flags=f0, serial=15415, ttl=1200)
> Name=desarrollo-pc, Records=0, Children=0
> Name=DOLIVAR-W7, Records=0, Children=0
> Name=Dolivar-ws, Records=0, Children=0
> Name=DomainDnsZones, Records=0, Children=2
> Name=ds, Records=0, Children=0
> Name=EDITORES-PC, Records=0, Children=0
> Name=eferrari-ws, Records=0, Children=0
> Name=emayone, Records=0, Children=0
> Name=EMAYONE-W7, Records=0, Children=0
> Name=emayone-ws, Records=0, Children=0
> Name=EPSONC566BF, Records=0, Children=0
> Name=eqp011, Records=0, Children=0
> Name=eset-srv, Records=0, Children=0
> Name=fabianc-pc, Records=0, Children=0
> Name=fgiancola, Records=0, Children=0
> Name=FGIANCOLA-PC, Records=1, Children=0
> A: 192.168.11.79 (flags=f0, serial=15517, ttl=1200)
> Name=FILMOTECA, Records=0, Children=0
> Name=FILMOTECA-PC, Records=1, Children=0
> A: 192.168.6.87 (flags=f0, serial=15456, ttl=1200)
> Name=filmoteca2, Records=0, Children=0
> Name=filmoteca_pc, Records=0, Children=0
> Name=Fimoteca2, Records=0, Children=0
> Name=firewall, Records=0, Children=0
> Name=firewall0, Records=0, Children=0
> Name=firewall2, Records=0, Children=0
> Name=fnoya-pc, Records=0, Children=0
> Name=fnoya-ws, Records=0, Children=0
> Name=ForestDnsZones, Records=0, Children=2
> Name=ftarrago, Records=0, Children=0
> Name=ftarrago-ws, Records=0, Children=0
> Name=ftp, Records=0, Children=0
> Name=ftpviejo, Records=0, Children=0
> Name=ggrasso-eqp, Records=0, Children=0
> Name=grabadortn1, Records=0, Children=0
> Name=grabadortn2, Records=0, Children=0
> Name=grabadortn3, Records=0, Children=0
> Name=GRAFICOS-T3500A, Records=0, Children=0
> Name=GRAFICOS-T3500B, Records=1, Children=0
> A: 192.168.6.61 (flags=f0, serial=15438, ttl=1200)
> Name=GRAFICOS390, Records=1, Children=0
> A: 192.168.6.64 (flags=f0, serial=15445, ttl=1200)
> Name=GRAFICOSQUAD, Records=1, Children=0
> A: 192.168.6.67 (flags=f0, serial=15446, ttl=1200)
> Name=GranHermano-1, Records=0, Children=0
> Name=GranHermano-2, Records=0, Children=0
> Name=gsanvicente, Records=0, Children=0
> Name=gsorrondeguy-eqp, Records=0, Children=0
> Name=guardia2-ws, Records=0, Children=0
> Name=guardias-pc, Records=1, Children=0
> A: 192.168.6.77 (flags=f0, serial=15513, ttl=1200)
> Name=HPfaxSecretaria, Records=0, Children=0
> Name=hquirque, Records=0, Children=0
> Name=hquirque-ws, Records=0, Children=0
> Name=JGimenez-nb, Records=1, Children=0
> A: 192.168.12.117 (flags=f0, serial=15516, ttl=1200)
> Name=jmartinez-nb, Records=1, Children=0
> A: 192.168.11.91 (flags=f0, serial=15454, ttl=1200)
> Name=lorena-ws, Records=0, Children=0
> Name=MacPro-3, Records=1, Children=0
> A: 192.168.2.158 (flags=f0, serial=15476, ttl=900)
> Name=macpro1, Records=0, Children=0
> Name=macpro3, Records=6, Children=0
> A: 192.168.6.82 (flags=f0, serial=15448, ttl=3600)
> A: 192.168.6.64 (flags=f0, serial=15448, ttl=86400)
> A: 192.168.11.139 (flags=f0, serial=15448, ttl=86400)
> A: 192.168.6.61 (flags=f0, serial=15448, ttl=86400)
> A: 192.168.6.69 (flags=f0, serial=15448, ttl=86400)
> A: 192.168.6.74 (flags=f0, serial=15448, ttl=86400)
> Name=macpro_1, Records=0, Children=0
> Name=mant-tec, Records=1, Children=0
> A: 192.168.6.69 (flags=f0, serial=15447, ttl=900)
> Name=MARKETING-NB, Records=0, Children=0
> Name=masstech, Records=0, Children=0
> Name=master, Records=0, Children=0
> Name=mguerrero, Records=0, Children=0
> Name=MMOSCA-PC, Records=0, Children=0
> Name=MMOSCA-THINK, Records=0, Children=0
> Name=mmunilla-ws, Records=0, Children=0
> Name=montecar-c04414, Records=0, Children=0
> Name=movil, Records=0, Children=0
> Name=MROBLES-PC, Records=1, Children=0
> A: 192.168.11.83 (flags=f0, serial=15510, ttl=1200)
> Name=oracle, Records=0, Children=0
> Name=PBIDEGAIN-PC, Records=0, Children=0
> Name=pbidegain-ws, Records=0, Children=0
> Name=pbx, Records=0, Children=0
> Name=pc1, Records=0, Children=0
> Name=PCRELOJ, Records=0, Children=0
> Name=pdc, Records=0, Children=0
> Name=PrinterSrvUSB, Records=0, Children=0
> Name=produccion2, Records=0, Children=0
> Name=promociones2, Records=0, Children=0
> Name=ramiro-pc, Records=0, Children=0
> Name=raquelpc, Records=0, Children=0
> Name=rastreadora, Records=1, Children=0
> A: 192.168.2.109 (flags=f0, serial=15419, ttl=900)
> Name=rbaillo, Records=0, Children=0
> Name=rbaillo-ws, Records=0, Children=0
> Name=rbdu, Records=0, Children=0
> Name=resara-server, Records=0, Children=0
> Name=rhevm, Records=0, Children=0
> Name=rmartinez-ws, Records=0, Children=0
> Name=romay-nb, Records=0, Children=0
> Name=router, Records=0, Children=0
> Name=RRHH-W7, Records=1, Children=0
> A: 192.168.6.86 (flags=f0, serial=15451, ttl=1200)
> Name=RRHH-WS, Records=0, Children=0
> Name=rtemes-ws, Records=0, Children=0
> Name=sambadc1, Records=0, Children=0
> Name=sambadc2, Records=0, Children=0
> Name=san, Records=0, Children=0
> Name=sanson, Records=0, Children=0
> Name=sislen, Records=0, Children=0
> Name=sistemas, Records=0, Children=0
> Name=sistemas-c77a8f, Records=0, Children=0
> Name=sonidoemule, Records=0, Children=0
> Name=sonidomacA, Records=0, Children=0
> Name=sonidomacamonte, Records=0, Children=0
> Name=SPATRONE-WS, Records=0, Children=0
> Name=spnario-pc, Records=0, Children=0
> Name=squidrast, Records=0, Children=0
> Name=srv-mm, Records=1, Children=0
> A: 192.168.2.59 (flags=f0, serial=15501, ttl=3600)
> Name=srvora, Records=0, Children=0
> Name=STREAM-PC, Records=0, Children=0
> Name=T4-7-EQP, Records=0, Children=0
> Name=tecnica-telenoche, Records=0, Children=0
> Name=telefonista, Records=0, Children=0
> Name=telenoch-pc, Records=0, Children=0
> Name=telenoche-2, Records=0, Children=0
> Name=telenoche-lnv1, Records=0, Children=0
> Name=telenoche-lvn1, Records=0, Children=0
> Name=telenoche1, Records=0, Children=0
> Name=telenoir, Records=0, Children=0
> Name=tn-internet-3, Records=0, Children=0
> Name=tn-internet3, Records=1, Children=0
> A: 192.168.2.185 (flags=f0, serial=15496, ttl=900)
> Name=tn-mesa3, Records=1, Children=0
> A: 192.168.2.160 (flags=f0, serial=15479, ttl=900)
> Name=uynotegu1, Records=1, Children=0
> A: 192.168.2.102 (flags=f0, serial=15491, ttl=900)
> Name=uysgonzal3z, Records=0, Children=0
> Name=uyvdiaz2, Records=1, Children=0
> A: 192.168.2.142 (flags=f0, serial=15410, ttl=900)
> Name=vcamps-ws, Records=0, Children=0
> Name=ventas, Records=0, Children=0
> Name=VENTAS-NBVF, Records=0, Children=0
> Name=ventas1, Records=1, Children=0
> A: 192.168.11.126 (flags=f0, serial=15515, ttl=1200)
> Name=ventas3, Records=1, Children=0
> A: 192.168.2.128 (flags=f0, serial=15425, ttl=1200)
> A: 192.168.6.79 (flags=f0, serial=15450, ttl=1200)
> Name=XRX_0000AA965F30, Records=0, Children=0
> Name=zeus, Records=0, Children=0
Which output do you get if you query a windows DC ?
>
>
> The replica seems to work in parts (except for the timeouts in the
> log) as the samba-tool shows success with the win servers:
>
> /usr/local/samba/bin/samba-tool drs showrepl
> Nombre-predeterminado-primer-sitio\SAMBADC1
> DSA Options: 0x00000001
> DSA object GUID: f0658d7e-7b99-4def-bc69-1cbcc2aa5742
> DSA invocationId: 86649b1f-c393-4f3b-b113-9336c7b70bff
>
> ==== INBOUND NEIGHBORS ====
>
> DC=DomainDnsZones,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SRV-MM via RPC
> DSA object GUID: f4f6a5c1-019e-4f43-8b9c-cd7421807a25
> Last attempt @ Tue Jun 12 11:46:43 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:43 2012 UYT
>
> DC=DomainDnsZones,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\ADS1 via RPC
> DSA object GUID: 791ba4cd-2a04-4c91-8c0c-fd68660f9c00
> Last attempt @ Tue Jun 12 11:46:43 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:43 2012 UYT
>
> DC=DomainDnsZones,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SAMBADC2 via RPC
> DSA object GUID: 131b04bb-7c4d-4970-af6f-e0b9b5089de7
> Last attempt @ Tue Jun 12 11:46:43 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:43 2012 UYT
>
> DC=ForestDnsZones,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SRV-MM via RPC
> DSA object GUID: f4f6a5c1-019e-4f43-8b9c-cd7421807a25
> Last attempt @ Tue Jun 12 11:46:43 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:43 2012 UYT
>
> DC=ForestDnsZones,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\ADS1 via RPC
> DSA object GUID: 791ba4cd-2a04-4c91-8c0c-fd68660f9c00
> Last attempt @ Tue Jun 12 11:46:43 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:43 2012 UYT
>
> DC=ForestDnsZones,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SAMBADC2 via RPC
> DSA object GUID: 131b04bb-7c4d-4970-af6f-e0b9b5089de7
> Last attempt @ Tue Jun 12 11:46:43 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:43 2012 UYT
>
> CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\ADS1 via RPC
> DSA object GUID: 791ba4cd-2a04-4c91-8c0c-fd68660f9c00
> Last attempt @ Tue Jun 12 11:46:43 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:43 2012 UYT
>
> CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SAMBADC2 via RPC
> DSA object GUID: 131b04bb-7c4d-4970-af6f-e0b9b5089de7
> Last attempt @ Tue Jun 12 11:46:44 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:44 2012 UYT
>
> CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\VPDC via RPC
> DSA object GUID: 82d713a4-cb7c-4a16-8efd-e39f052ddd6c
> Last attempt @ Tue Jun 12 11:46:44 2012 UYT failed, result 2
> (WERR_BADFILE)
> 53023 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SRV-MM via RPC
> DSA object GUID: f4f6a5c1-019e-4f43-8b9c-cd7421807a25
> Last attempt @ Tue Jun 12 11:46:44 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:44 2012 UYT
>
> CN=Schema,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\ADS1 via RPC
> DSA object GUID: 791ba4cd-2a04-4c91-8c0c-fd68660f9c00
> Last attempt @ Tue Jun 12 11:46:44 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:44 2012 UYT
>
> CN=Schema,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SAMBADC2 via RPC
> DSA object GUID: 131b04bb-7c4d-4970-af6f-e0b9b5089de7
> Last attempt @ Tue Jun 12 11:46:44 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:44 2012 UYT
>
> CN=Schema,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\VPDC via RPC
> DSA object GUID: 82d713a4-cb7c-4a16-8efd-e39f052ddd6c
> Last attempt @ Tue Jun 12 11:46:44 2012 UYT failed, result 2
> (WERR_BADFILE)
> 53023 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SRV-MM via RPC
> DSA object GUID: f4f6a5c1-019e-4f43-8b9c-cd7421807a25
> Last attempt @ Tue Jun 12 11:46:45 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:45 2012 UYT
>
> DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\ADS1 via RPC
> DSA object GUID: 791ba4cd-2a04-4c91-8c0c-fd68660f9c00
> Last attempt @ Tue Jun 12 11:46:45 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:45 2012 UYT
>
> DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SAMBADC2 via RPC
> DSA object GUID: 131b04bb-7c4d-4970-af6f-e0b9b5089de7
> Last attempt @ Tue Jun 12 11:46:45 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:45 2012 UYT
>
> DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\VPDC via RPC
> DSA object GUID: 82d713a4-cb7c-4a16-8efd-e39f052ddd6c
> Last attempt @ Tue Jun 12 11:46:45 2012 UYT failed, result 2
> (WERR_BADFILE)
> 53023 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SRV-MM via RPC
> DSA object GUID: f4f6a5c1-019e-4f43-8b9c-cd7421807a25
> Last attempt @ Tue Jun 12 11:46:45 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:46:45 2012 UYT
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=DomainDnsZones,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SAMBADC2 via RPC
> DSA object GUID: 131b04bb-7c4d-4970-af6f-e0b9b5089de7
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SAMBADC2 via RPC
> DSA object GUID: 131b04bb-7c4d-4970-af6f-e0b9b5089de7
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\ADS1 via RPC
> DSA object GUID: 791ba4cd-2a04-4c91-8c0c-fd68660f9c00
> Last attempt @ Tue Jun 12 11:38:52 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:38:52 2012 UYT
>
> CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SRV-MM via RPC
> DSA object GUID: f4f6a5c1-019e-4f43-8b9c-cd7421807a25
> Last attempt @ Tue Jun 12 11:38:52 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:38:52 2012 UYT
>
> CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SAMBADC2 via RPC
> DSA object GUID: 131b04bb-7c4d-4970-af6f-e0b9b5089de7
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\ADS1 via RPC
> DSA object GUID: 791ba4cd-2a04-4c91-8c0c-fd68660f9c00
> Last attempt @ Tue Jun 12 11:38:52 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:38:52 2012 UYT
>
> CN=Schema,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SRV-MM via RPC
> DSA object GUID: f4f6a5c1-019e-4f43-8b9c-cd7421807a25
> Last attempt @ Tue Jun 12 11:38:52 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:38:52 2012 UYT
>
> CN=Schema,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SAMBADC2 via RPC
> DSA object GUID: 131b04bb-7c4d-4970-af6f-e0b9b5089de7
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\ADS1 via RPC
> DSA object GUID: 791ba4cd-2a04-4c91-8c0c-fd68660f9c00
> Last attempt @ Tue Jun 12 11:38:52 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:38:52 2012 UYT
>
> DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SRV-MM via RPC
> DSA object GUID: f4f6a5c1-019e-4f43-8b9c-cd7421807a25
> Last attempt @ Tue Jun 12 11:38:52 2012 UYT was successful
> 0 consecutive failure(s).
> Last success @ Tue Jun 12 11:38:52 2012 UYT
>
> DC=montecarlotv,DC=com,DC=uy
> Nombre-predeterminado-primer-sitio\SAMBADC2 via RPC
> DSA object GUID: 131b04bb-7c4d-4970-af6f-e0b9b5089de7
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: 2e571bb4-f625-48af-b980-fc3d363e89c1
> Enabled : TRUE
> Server DNS name : SAMBADC1.montecarlotv.com.uy
> Server DN name : CN=NTDS
> Settings,CN=SAMBADC2,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
> Connection name: aad5ad6c-6b64-49c6-b0d6-ef892fbdb0ff
> Enabled : TRUE
> Server DNS name : SAMBADC1.montecarlotv.com.uy
> Server DN name : CN=NTDS
> Settings,CN=ADS1,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
> Connection name: d01c119d-6bd5-4fe8-ac9f-313dd4ac3eac
> Enabled : TRUE
> Server DNS name : SAMBADC1.montecarlotv.com.uy
> Server DN name : CN=NTDS
> Settings,CN=SRV-MM,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
> Connection name: f0bdb815-d181-440e-a916-33c4cfeaaf09
> Enabled : TRUE
> Server DNS name : SAMBADC1.montecarlotv.com.uy
> Server DN name : CN=NTDS
> Settings,CN=VPDC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
> I've followed the list for the last two weeks and saw an error for KDC
> server, but I don't get how to adapt his case to mine to test the
> solution.
> If I run dnsupdate to refresh the records, it claims that there's
> nothing to sync:
Did you notice the high number of errors with DC VPDC ?
>
> /usr/local/samba/sbin/samba_dnsupdate --verbose
> IPs: ['fe80::216:3eff:fe7b:5916%eth0', '192.168.128.206']
> Skipping PDC entry (SRV
> _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389)
> as we are not a PDC
> Skipping PDC entry (SRV
> _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389)
> as we are not a PDC
> Looking for DNS entry A montecarlotv.com.uy 192.168.128.206 as
> montecarlotv.com.uy.
> Looking for DNS entry A sambadc1.montecarlotv.com.uy 192.168.128.206
> as sambadc1.montecarlotv.com.uy.
> Looking for DNS entry A gc._msdcs.montecarlotv.com.uy 192.168.128.206
> as gc._msdcs.montecarlotv.com.uy.
> Looking for DNS entry CNAME
> f0658d7e-7b99-4def-bc69-1cbcc2aa5742._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy as
> f0658d7e-7b99-4def-bc69-1cbcc2aa5742._msdcs.montecarlotv.com.uy.
> Looking for DNS entry SRV _kpasswd._tcp.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 464 as _kpasswd._tcp.montecarlotv.com.uy.
> Checking 0 100 464 ads1.montecarlotv.com.uy. against SRV
> _kpasswd._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 464
> Checking 0 100 464 srv-mm.montecarlotv.com.uy. against SRV
> _kpasswd._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 464
> Checking 0 100 464 sambadc2.montecarlotv.com.uy. against SRV
> _kpasswd._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 464
> Checking 0 100 464 sambadc1.montecarlotv.com.uy. against SRV
> _kpasswd._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 464
> Looking for DNS entry SRV _kpasswd._udp.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 464 as _kpasswd._udp.montecarlotv.com.uy.
> Checking 0 100 464 srv-mm.montecarlotv.com.uy. against SRV
> _kpasswd._udp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 464
> Checking 0 100 464 sambadc2.montecarlotv.com.uy. against SRV
> _kpasswd._udp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 464
> Checking 0 100 464 ads1.montecarlotv.com.uy. against SRV
> _kpasswd._udp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 464
> Checking 0 100 464 sambadc1.montecarlotv.com.uy. against SRV
> _kpasswd._udp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 464
> Looking for DNS entry SRV _kerberos._tcp.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88 as _kerberos._tcp.montecarlotv.com.uy.
> Checking 0 100 88 ads1.montecarlotv.com.uy. against SRV
> _kerberos._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 srv-mm.montecarlotv.com.uy. against SRV
> _kerberos._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 sambadc2.montecarlotv.com.uy. against SRV
> _kerberos._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 sambadc1.montecarlotv.com.uy. against SRV
> _kerberos._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 88
> Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88 as
> _kerberos._tcp.dc._msdcs.montecarlotv.com.uy.
> Checking 0 100 88 sambadc2.montecarlotv.com.uy. against SRV
> _kerberos._tcp.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 ads1.montecarlotv.com.uy. against SRV
> _kerberos._tcp.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 sambadc1.montecarlotv.com.uy. against SRV
> _kerberos._tcp.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88
> Looking for DNS entry SRV
> _kerberos._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88 as
> _kerberos._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy.
> Checking 0 100 88 ads1.montecarlotv.com.uy. against SRV
> _kerberos._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 sambadc2.montecarlotv.com.uy. against SRV
> _kerberos._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 srv-mm.montecarlotv.com.uy. against SRV
> _kerberos._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 sambadc1.montecarlotv.com.uy. against SRV
> _kerberos._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88
> Looking for DNS entry SRV
> _kerberos._tcp.nombre-predeterminado-primer-sitio._sites.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88 as
> _kerberos._tcp.nombre-predeterminado-primer-sitio._sites.dc._msdcs.montecarlotv.com.uy.
> Checking 0 100 88 ads1.montecarlotv.com.uy. against SRV
> _kerberos._tcp.nombre-predeterminado-primer-sitio._sites.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 srv-mm.montecarlotv.com.uy. against SRV
> _kerberos._tcp.nombre-predeterminado-primer-sitio._sites.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 sambadc1.montecarlotv.com.uy. against SRV
> _kerberos._tcp.nombre-predeterminado-primer-sitio._sites.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88
> Looking for DNS entry SRV _kerberos._udp.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 88 as _kerberos._udp.montecarlotv.com.uy.
> Checking 0 100 88 ads1.montecarlotv.com.uy. against SRV
> _kerberos._udp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 sambadc2.montecarlotv.com.uy. against SRV
> _kerberos._udp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 srv-mm.montecarlotv.com.uy. against SRV
> _kerberos._udp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 88
> Checking 0 100 88 sambadc1.montecarlotv.com.uy. against SRV
> _kerberos._udp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 88
> Looking for DNS entry SRV _ldap._tcp.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389 as _ldap._tcp.montecarlotv.com.uy.
> Checking 0 100 389 sambadc2.montecarlotv.com.uy. against SRV
> _ldap._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 389
> Checking 0 100 389 srv-mm.montecarlotv.com.uy. against SRV
> _ldap._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 389
> Checking 0 100 389 ads1.montecarlotv.com.uy. against SRV
> _ldap._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 389
> Checking 0 100 389 sambadc1.montecarlotv.com.uy. against SRV
> _ldap._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 389
> Looking for DNS entry SRV _ldap._tcp.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389 as
> _ldap._tcp.dc._msdcs.montecarlotv.com.uy.
> Checking 0 100 389 ads1.montecarlotv.com.uy. against SRV
> _ldap._tcp.dc._msdcs.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 389
> Checking 0 100 389 sambadc1.montecarlotv.com.uy. against SRV
> _ldap._tcp.dc._msdcs.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 389
> Looking for DNS entry SRV _ldap._tcp.gc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 3268 as
> _ldap._tcp.gc._msdcs.montecarlotv.com.uy.
> Checking 0 100 3268 sambadc2.montecarlotv.com.uy. against SRV
> _ldap._tcp.gc._msdcs.montecarlotv.com.uy sambadc1.montecarlotv.com.uy
> 3268
> Checking 0 100 3268 sambadc1.montecarlotv.com.uy. against SRV
> _ldap._tcp.gc._msdcs.montecarlotv.com.uy sambadc1.montecarlotv.com.uy
> 3268
> Looking for DNS entry SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389 as
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy.
> Checking 0 100 389 sambadc2.montecarlotv.com.uy. against SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389
> Checking 0 100 389 sambadc1.montecarlotv.com.uy. against SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389
> Looking for DNS entry SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389 as
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.dc._msdcs.montecarlotv.com.uy.
> Checking 0 100 389 ads1.montecarlotv.com.uy. against SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389
> Checking 0 100 389 srv-mm.montecarlotv.com.uy. against SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389
> Checking 0 100 389 sambadc2.montecarlotv.com.uy. against SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389
> Checking 0 100 389 sambadc1.montecarlotv.com.uy. against SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.dc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389
> Looking for DNS entry SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.gc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 3268 as
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.gc._msdcs.montecarlotv.com.uy.
> Checking 0 100 3268 sambadc2.montecarlotv.com.uy. against SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.gc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 3268
> Checking 0 100 3268 srv-mm.montecarlotv.com.uy. against SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.gc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 3268
> Checking 0 100 3268 sambadc1.montecarlotv.com.uy. against SRV
> _ldap._tcp.nombre-predeterminado-primer-sitio._sites.gc._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 3268
> Looking for DNS entry SRV
> _ldap._tcp.f9a44048-4010-4c15-a197-46267bca489c.domains._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389 as
> _ldap._tcp.f9a44048-4010-4c15-a197-46267bca489c.domains._msdcs.montecarlotv.com.uy.
> Checking 0 100 389 srv-mm.montecarlotv.com.uy. against SRV
> _ldap._tcp.f9a44048-4010-4c15-a197-46267bca489c.domains._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389
> Checking 0 100 389 sambadc2.montecarlotv.com.uy. against SRV
> _ldap._tcp.f9a44048-4010-4c15-a197-46267bca489c.domains._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389
> Checking 0 100 389 ads1.montecarlotv.com.uy. against SRV
> _ldap._tcp.f9a44048-4010-4c15-a197-46267bca489c.domains._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389
> Checking 0 100 389 sambadc1.montecarlotv.com.uy. against SRV
> _ldap._tcp.f9a44048-4010-4c15-a197-46267bca489c.domains._msdcs.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 389
> Looking for DNS entry SRV _gc._tcp.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 3268 as _gc._tcp.montecarlotv.com.uy.
> Checking 0 100 3268 sambadc2.montecarlotv.com.uy. against SRV
> _gc._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 3268
> Checking 0 100 3268 sambadc1.montecarlotv.com.uy. against SRV
> _gc._tcp.montecarlotv.com.uy sambadc1.montecarlotv.com.uy 3268
> Looking for DNS entry SRV
> _gc._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 3268 as
> _gc._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy.
> Checking 0 100 3268 sambadc1.montecarlotv.com.uy. against SRV
> _gc._tcp.nombre-predeterminado-primer-sitio._sites.montecarlotv.com.uy
> sambadc1.montecarlotv.com.uy 3268
> No DNS updates needed
>
> Sorry for the long logs, I've cutted irrelevant parts as much as I could.
> The windows DNS servers are still the autoritative for the zone, so I
> don't know why the samba DCs try to use the local DNS (I have resolve
> pointing the ADS1 win server) as this may be the reason many things
> work in halves.
> How do I know if samba is using BIND or the internal DNS? When I start
> BIND I see the DLZ entries with no error, but it doesn't meen the
> samba is using them at all.
> Regards,
>
> Juan Pablo Lorier
>
>
Matthieu.
More information about the samba-technical
mailing list