unable to add replication for ForestDnsZones and DomainDnsZones
mike at dewberryfields.co.uk
Tue Jun 19 00:06:34 MDT 2012
On 19/06/2012 06:21, Andreas Oster wrote:
> Am 16.06.2012 18:19, schrieb Andreas Oster:
>> Hi all,
>> I am trying to setup DRS replication of the ForestDnsZones
>> and DomainDnsZones between two samba4 DCs but get errors when issuing
>> the following command on primary DC dc01 (running DNS server):
>> ./samba-tool drs replicate dc02.example.local dc01.example.local
>> 'DC=DomainDnsZones,DC=example,DC=local" -d3
>> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
>> params.c:pm_process() - Processing configuration file
>> ldb_wrap open of secrets.ldb
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> Using binding ncacn_ip_tcp:dc02.example.local[,seal]
>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>> drsException: DsReplicaSync failed (8442, 'WERR_DS_DRA_INTERNAL_ERROR')
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line
>> 331, in run
>> drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,
>> source_dsa_guid, NC, req_options)
>> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line
>> 83, in sendDsReplicaSync
>> raise drsException("DsReplicaSync failed %s" % estr)
>> Does anybody have an idea what could the cause of this ?
>> Samba4 version: samba version 4.0.0beta2-GIT-bbb7cbf
>> Thank you for your kind help
>> best regards
> Hi all,
> does nobody have an idea what could cause this issue ? Can someone give
> me some hints how to resolve this ?
> Thank you for your kind help
> best regards
I can't help with the specific error, I've experienced numerous similar
errors but I didn't document or even understand them all.
With regard to the process, I often find that repeating the command
'just works', but I guess you already tried that. Also, the version of
the code your using seems to make a difference, even day to day.
This probably wont help you, but what works for me is tarring up my
samba directory (known working pdc and unjoined bdc dirs) then join the
the secondary (bdc), start the bdc and then after a short time restart
the bdc followed by a restart of the pdc. This _usually_ results in the
basic (3) partitions being replicated, both inbound and outbound. If
not, a few more restarts may/usually works or stop both dcs, delete,
untar and start again.
Once the basic replication is confirmed, tar up both dirs again then;
samba-tool drs replicate wheezy ns1 DC=DomainDnsZones,DC=ictspt,DC=com
samba-tool drs replicate wheezy ns1 DC=ForestDnsZones,DC=ictspt,DC=com
samba-tool drs replicate ns1 wheezy DC=DomainDnsZones,DC=ictspt,DC=com
samba-tool drs replicate ns1 wheezy DC=ForestDnsZones,DC=ictspt,DC=com
and 8 times out of 10, the above succeed. When they don't, just
re-running the command immediately more often than not succeeds, failing
that, stop samba, delete, untar, repeat :)
Then it's simply a matter of 'samba_upgradedns', however, currently
that's not of much use (at least to me) as the replication isn't full.
What happens (every time now, regardless) is that _no_ record data is
transferred, just names, but more crucially, the zone SOA record is not
transferred/created on the bdc. The same happens with new zones created
on the pdc, the copy that appears on the bdc is missing the SOA.
Sorry I can't be of any more help. All the above is just my experience,
Anybody know how to add the SOA record to a zone manually after
replication? Maybe with ldb-tools or such like?
Any question is easy if you know the answer!
More information about the samba-technical