unable to add replication for ForestDnsZones and DomainDnsZones

Andreas Oster aoster at novanetwork.de
Tue Jun 19 00:23:59 MDT 2012 

Am 19.06.2012 08:06, schrieb Mike Howard:
> On 19/06/2012 06:21, Andreas Oster wrote:
>> Am 16.06.2012 18:19, schrieb Andreas Oster:
>>> Hi all,
>>>
>>> I am trying to setup DRS replication of the ForestDnsZones
>>> and DomainDnsZones between two samba4 DCs but get errors when issuing
>>> the following command on primary DC dc01 (running DNS server):
>>>
>>> ./samba-tool drs replicate dc02.example.local dc01.example.local
>>> 'DC=DomainDnsZones,DC=example,DC=local" -d3
>>>
>>> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
>>> params.c:pm_process() - Processing configuration file
>>> "/usr/local/samba/etc/smb.conf"
>>> ldb_wrap open of secrets.ldb
>>> GENSEC backend 'gssapi_spnego' registered
>>> GENSEC backend 'gssapi_krb5' registered
>>> GENSEC backend 'gssapi_krb5_sasl' registered
>>> GENSEC backend 'schannel' registered
>>> GENSEC backend 'spnego' registered
>>> GENSEC backend 'ntlmssp' registered
>>> GENSEC backend 'krb5' registered
>>> GENSEC backend 'fake_gssapi_krb5' registered
>>> Using binding ncacn_ip_tcp:dc02.example.local[,seal]
>>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>>> drsException: DsReplicaSync failed (8442, 'WERR_DS_DRA_INTERNAL_ERROR')
>>>    File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line
>>> 331, in run
>>>      drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,
>>> source_dsa_guid, NC, req_options)
>>>    File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line
>>> 83, in sendDsReplicaSync
>>>      raise drsException("DsReplicaSync failed %s" % estr)
>>>
>>>
>>> Does anybody have an idea what could the cause of this ?
>>>
>>> Samba4 version: samba version 4.0.0beta2-GIT-bbb7cbf
>>>
>>> Thank you for your kind help
>>>
>>> best regards
>>>
>>> Andreas
>>>
>>>
>> Hi all,
>>
>> does nobody have an idea what could cause this issue ? Can someone give
>> me some hints how to resolve this ?
>>
>> Thank you for your kind help
>>
>> best regards
>>
>> Andreas
>>
>>
> Hi Andreas,
> 
> I can't help with the specific error, I've experienced numerous similar
> errors but I didn't document or even understand them all.
> 
> With regard to the process, I often find that repeating the command
> 'just works', but I guess you already tried that. Also, the version of
> the code your using seems to make a difference, even day to day.
> 
> This probably wont help you, but what works for me is tarring up my
> samba directory (known working pdc and unjoined bdc dirs) then join the
> the secondary (bdc), start the bdc and then after a short time restart
> the bdc followed by a restart of the pdc. This _usually_ results in the
> basic (3) partitions being replicated, both inbound and outbound. If
> not, a few more restarts may/usually works or stop both dcs, delete,
> untar and start again.
> 
> Once the basic replication is confirmed, tar up both dirs again then;
> 
> On PDC
> 
> samba-tool drs replicate wheezy ns1 DC=DomainDnsZones,DC=ictspt,DC=com
> -UAdministrator
> samba-tool drs replicate wheezy ns1 DC=ForestDnsZones,DC=ictspt,DC=com
> -UAdministrator
> 
> On BDC
> 
> samba-tool drs replicate ns1 wheezy DC=DomainDnsZones,DC=ictspt,DC=com
> -UAdministrator
> samba-tool drs replicate ns1 wheezy DC=ForestDnsZones,DC=ictspt,DC=com
> -UAdministrator
> 
> and 8 times out of 10, the above succeed. When they don't, just
> re-running the command immediately more often than not succeeds, failing
> that, stop samba, delete, untar, repeat :)
> 
> Then it's simply a matter of 'samba_upgradedns', however, currently
> that's not of much use (at least to me) as the replication isn't full.
> What happens (every time now, regardless) is that _no_ record data is
> transferred, just names, but more crucially, the zone SOA record is not
> transferred/created on the bdc. The same happens with new zones created
> on the pdc, the copy that appears on the bdc is missing the SOA.
> 
> Sorry I can't be of any more help. All the above is just my experience,
> not authoritative.
> 
> Anybody know how to add the SOA record to a zone manually after
> replication? Maybe with ldb-tools or such like?
> 
> Cheers,
> 
Hello Mike,

this is actually very useful information. I already have tried to setup
a redundant DNS a view weeks ago and now thought to give it another try.
I had the same incomplete replication problems which you describe but
did hope that this has been resolved in the meantime.

I guess I will wait till it is an officially announced feature :-)

Thank you very much.

best regards

Andreas

More information about the samba-technical mailing list