unable to add replication for ForestDnsZones and DomainDnsZones

Mike Howard mike at dewberryfields.co.uk
Tue Jun 19 00:06:34 MDT 2012


On 19/06/2012 06:21, Andreas Oster wrote:
> Am 16.06.2012 18:19, schrieb Andreas Oster:
>> Hi all,
>>
>> I am trying to setup DRS replication of the ForestDnsZones
>> and DomainDnsZones between two samba4 DCs but get errors when issuing
>> the following command on primary DC dc01 (running DNS server):
>>
>> ./samba-tool drs replicate dc02.example.local dc01.example.local
>> 'DC=DomainDnsZones,DC=example,DC=local" -d3
>>
>> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
>> params.c:pm_process() - Processing configuration file
>> "/usr/local/samba/etc/smb.conf"
>> ldb_wrap open of secrets.ldb
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> Using binding ncacn_ip_tcp:dc02.example.local[,seal]
>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>> drsException: DsReplicaSync failed (8442, 'WERR_DS_DRA_INTERNAL_ERROR')
>>    File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line
>> 331, in run
>>      drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,
>> source_dsa_guid, NC, req_options)
>>    File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line
>> 83, in sendDsReplicaSync
>>      raise drsException("DsReplicaSync failed %s" % estr)
>>
>>
>> Does anybody have an idea what could the cause of this ?
>>
>> Samba4 version: samba version 4.0.0beta2-GIT-bbb7cbf
>>
>> Thank you for your kind help
>>
>> best regards
>>
>> Andreas
>>
>>
> Hi all,
>
> does nobody have an idea what could cause this issue ? Can someone give
> me some hints how to resolve this ?
>
> Thank you for your kind help
>
> best regards
>
> Andreas
>
>
Hi Andreas,

I can't help with the specific error, I've experienced numerous similar 
errors but I didn't document or even understand them all.

With regard to the process, I often find that repeating the command 
'just works', but I guess you already tried that. Also, the version of 
the code your using seems to make a difference, even day to day.

This probably wont help you, but what works for me is tarring up my 
samba directory (known working pdc and unjoined bdc dirs) then join the 
the secondary (bdc), start the bdc and then after a short time restart 
the bdc followed by a restart of the pdc. This _usually_ results in the 
basic (3) partitions being replicated, both inbound and outbound. If 
not, a few more restarts may/usually works or stop both dcs, delete, 
untar and start again.

Once the basic replication is confirmed, tar up both dirs again then;

On PDC

samba-tool drs replicate wheezy ns1 DC=DomainDnsZones,DC=ictspt,DC=com 
-UAdministrator
samba-tool drs replicate wheezy ns1 DC=ForestDnsZones,DC=ictspt,DC=com 
-UAdministrator

On BDC

samba-tool drs replicate ns1 wheezy DC=DomainDnsZones,DC=ictspt,DC=com 
-UAdministrator
samba-tool drs replicate ns1 wheezy DC=ForestDnsZones,DC=ictspt,DC=com 
-UAdministrator

and 8 times out of 10, the above succeed. When they don't, just 
re-running the command immediately more often than not succeeds, failing 
that, stop samba, delete, untar, repeat :)

Then it's simply a matter of 'samba_upgradedns', however, currently 
that's not of much use (at least to me) as the replication isn't full. 
What happens (every time now, regardless) is that _no_ record data is 
transferred, just names, but more crucially, the zone SOA record is not 
transferred/created on the bdc. The same happens with new zones created 
on the pdc, the copy that appears on the bdc is missing the SOA.

Sorry I can't be of any more help. All the above is just my experience, 
not authoritative.

Anybody know how to add the SOA record to a zone manually after 
replication? Maybe with ldb-tools or such like?

Cheers,

-- 
Any question is easy if you know the answer!


More information about the samba-technical mailing list