Need urgent help with samba4 DC re-join

Andreas Oster aoster at novanetwork.de
Wed Jun 27 06:19:09 MDT 2012 

Am 27.06.2012 12:29, schrieb Andrew Bartlett:
> On Wed, 2012-06-27 at 20:21 +1000, Andrew Bartlett wrote:
>> On Wed, 2012-06-27 at 08:21 +0200, Andreas Oster wrote:
>>> Hello all,
>>>
>>> today I have tried to fix replication of ForestDnsZones and
>>> DomainDnsZones. I pulled the current sources from GIT and recompiled
>>> samba4. After installation I demoted the second DC, which completed
>>> without any errors. Afterwards I have tried to re-join the server but
>>> this is constantly failing. I have attached the d3 output of the join
>>> attempt.
>>>
>>> In the PDC log.samba the following error comes up when joining of the
>>> second DC failes:
>>>
>>> [2012/06/27 08:13:30,  0] ../source4/dsdb/common/util.c:2689(dsdb_savereps)
>>>   Failed to store repsTo - objectclass_attrs: attribute 'dc' on entry
>>> 'DC=DomainDnsZones,DC=novanetwork,DC=loc' does not exist in the
>>> specified objectclasses!
>>> [2012/06/27 08:13:30,  0]
>>> ../source4/rpc_server/drsuapi/updaterefs.c:154(drsuapi_UpdateRefs)
>>>   Failed to delete repsTo for d54eb180-fd57-4629-8f8f-bb48373a8daa:
>>> WERR_DS_DRA_INTERNAL_ERROR
>>>
>>>
>>> Stupid as I am, I did this on the productive system :-(
>>
>> Can you show us the full ldif for that DN on your PDC?
>>
>> ldbsearch -H sam.ldb -s base -b DC=DomainDnsZones,DC=novanetwork,DC=loc
>> * objectClass repsFrom repsTo
> 
> Also, if you can back up your PDC, then run:
> 
> samba-tool dbcheck --cross-ncs -H sam.ldb --fix
> 
> That may address the issue.
> 
> Andrew Bartlett
> 
Hello Andrew,

do I have to stop samba4 before executing this command ?

This morning I had a little conversation with Daniele Dario (demote
error) who gave me some hints. I found, with his help, that there seems
to be something wrong with my DNS database after demoting the second DC
(novadc02)

This is what I get on the PDC, when using the command :

/usr/local/samba/bin$ ./samba-tool dns query

novadc01 _msdcs.novanetwork.loc @ ALL -U administrator
Password for [NOVA\administrator]:
  Name=, Records=2, Children=0
    NS: NOVADC01.novanetwork.loc. (flags=600000f0, serial=1, ttl=900)
    SOA: serial=38, refresh=900, retry=600, expire=86400,
ns=novadc01.novanetwork.loc., email=hostmaster.novanetwork.loc.
(flags=600000f0, serial=38, ttl=3600)
  Name=7a16b14d-d320-4d7e-91a2-a61049a6f51e, Records=0, Children=0
  Name=c60bca82-df6e-409e-85c5-e2cc733691da, Records=1, Children=0
    CNAME: NOVADC01.novanetwork.loc. (flags=f0, serial=1, ttl=900)
  Name=dc, Records=0, Children=2
  Name=domains, Records=0, Children=1
  Name=gc, Records=0, Children=2
  Name=pdc, Records=0, Children=1

Daniele proposed to remove the
"Name=7a16b14d-d320-4d7e-91a2-a61049a6f51e, Records=0, Children=0" entry
with the help of:

ldbdel -H sam.ldb -b "DC=ForestDnsZones,DC=novanetwork,DC=loc"
"(name=7a16b14d-d320-4d7e-91a2-a61049a6f51e)"


best regards

Andreas

More information about the samba-technical mailing list