Need urgent help with samba4 DC re-join

Andrew Bartlett abartlet at samba.org
Wed Jun 27 06:33:03 MDT 2012 

On Wed, 2012-06-27 at 14:19 +0200, Andreas Oster wrote:
> Am 27.06.2012 12:29, schrieb Andrew Bartlett:
> > On Wed, 2012-06-27 at 20:21 +1000, Andrew Bartlett wrote:
> >> On Wed, 2012-06-27 at 08:21 +0200, Andreas Oster wrote:
> >>> Hello all,
> >>>
> >>> today I have tried to fix replication of ForestDnsZones and
> >>> DomainDnsZones. I pulled the current sources from GIT and recompiled
> >>> samba4. After installation I demoted the second DC, which completed
> >>> without any errors. Afterwards I have tried to re-join the server but
> >>> this is constantly failing. I have attached the d3 output of the join
> >>> attempt.
> >>>
> >>> In the PDC log.samba the following error comes up when joining of the
> >>> second DC failes:
> >>>
> >>> [2012/06/27 08:13:30,  0] ../source4/dsdb/common/util.c:2689(dsdb_savereps)
> >>>   Failed to store repsTo - objectclass_attrs: attribute 'dc' on entry
> >>> 'DC=DomainDnsZones,DC=novanetwork,DC=loc' does not exist in the
> >>> specified objectclasses!
> >>> [2012/06/27 08:13:30,  0]
> >>> ../source4/rpc_server/drsuapi/updaterefs.c:154(drsuapi_UpdateRefs)
> >>>   Failed to delete repsTo for d54eb180-fd57-4629-8f8f-bb48373a8daa:
> >>> WERR_DS_DRA_INTERNAL_ERROR
> >>>
> >>>
> >>> Stupid as I am, I did this on the productive system :-(
> >>
> >> Can you show us the full ldif for that DN on your PDC?
> >>
> >> ldbsearch -H sam.ldb -s base -b DC=DomainDnsZones,DC=novanetwork,DC=loc
> >> * objectClass repsFrom repsTo
> > 
> > Also, if you can back up your PDC, then run:
> > 
> > samba-tool dbcheck --cross-ncs -H sam.ldb --fix
> > 
> > That may address the issue.
> > 
> > Andrew Bartlett
> > 
> Hello Andrew,
> 
> do I have to stop samba4 before executing this command ?

It is not strictly required, but I would generally do that, and have a
backup first. 

> This morning I had a little conversation with Daniele Dario (demote
> error) who gave me some hints. I found, with his help, that there seems
> to be something wrong with my DNS database after demoting the second DC
> (novadc02)
> 
> This is what I get on the PDC, when using the command :
> 
> /usr/local/samba/bin$ ./samba-tool dns query
> 
> novadc01 _msdcs.novanetwork.loc @ ALL -U administrator
> Password for [NOVA\administrator]:
>   Name=, Records=2, Children=0
>     NS: NOVADC01.novanetwork.loc. (flags=600000f0, serial=1, ttl=900)
>     SOA: serial=38, refresh=900, retry=600, expire=86400,
> ns=novadc01.novanetwork.loc., email=hostmaster.novanetwork.loc.
> (flags=600000f0, serial=38, ttl=3600)
>   Name=7a16b14d-d320-4d7e-91a2-a61049a6f51e, Records=0, Children=0
>   Name=c60bca82-df6e-409e-85c5-e2cc733691da, Records=1, Children=0
>     CNAME: NOVADC01.novanetwork.loc. (flags=f0, serial=1, ttl=900)
>   Name=dc, Records=0, Children=2
>   Name=domains, Records=0, Children=1
>   Name=gc, Records=0, Children=2
>   Name=pdc, Records=0, Children=1
> 
> Daniele proposed to remove the
> "Name=7a16b14d-d320-4d7e-91a2-a61049a6f51e, Records=0, Children=0" entry
> with the help of:
> 
> ldbdel -H sam.ldb -b "DC=ForestDnsZones,DC=novanetwork,DC=loc"
> "(name=7a16b14d-d320-4d7e-91a2-a61049a6f51e)"

This isn't the issue you are hitting with the join.  The names may well
be left over in DNS, but the issue is that you have an incomplete
database object, and we need to work out how you got it in the first
place.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list