Need urgent help with samba4 DC re-join

Andrew Bartlett abartlet at samba.org
Wed Jun 27 06:52:39 MDT 2012 

On Wed, 2012-06-27 at 22:44 +1000, Andrew Bartlett wrote:
> On Wed, 2012-06-27 at 14:39 +0200, Andreas Oster wrote:
> > Am 27.06.2012 14:26, schrieb Andrew Bartlett:
> > > On Wed, 2012-06-27 at 14:12 +0200, Andreas Oster wrote:
> > >> Am 27.06.2012 12:21, schrieb Andrew Bartlett:
> > >>> On Wed, 2012-06-27 at 08:21 +0200, Andreas Oster wrote:
> > >>>> Hello all,
> > >>>>
> > >>>> today I have tried to fix replication of ForestDnsZones and
> > >>>> DomainDnsZones. I pulled the current sources from GIT and recompiled
> > >>>> samba4. After installation I demoted the second DC, which completed
> > >>>> without any errors. Afterwards I have tried to re-join the server but
> > >>>> this is constantly failing. I have attached the d3 output of the join
> > >>>> attempt.
> > >>>>
> > >>>> In the PDC log.samba the following error comes up when joining of the
> > >>>> second DC failes:
> > >>>>
> > >>>> [2012/06/27 08:13:30,  0] ../source4/dsdb/common/util.c:2689(dsdb_savereps)
> > >>>>   Failed to store repsTo - objectclass_attrs: attribute 'dc' on entry
> > >>>> 'DC=DomainDnsZones,DC=novanetwork,DC=loc' does not exist in the
> > >>>> specified objectclasses!
> > >>>> [2012/06/27 08:13:30,  0]
> > >>>> ../source4/rpc_server/drsuapi/updaterefs.c:154(drsuapi_UpdateRefs)
> > >>>>   Failed to delete repsTo for d54eb180-fd57-4629-8f8f-bb48373a8daa:
> > >>>> WERR_DS_DRA_INTERNAL_ERROR
> > >>>>
> > >>>>
> > >>>> Stupid as I am, I did this on the productive system :-(
> > >>>
> > >>> Can you show us the full ldif for that DN on your PDC?
> > >>>
> > >>> ldbsearch -H sam.ldb -s base -b DC=DomainDnsZones,DC=novanetwork,DC=loc
> > >>> * objectClass repsFrom repsTo
> > >>>
> > >>> Thanks,
> > >>>
> > >>> Andrew Bartlett
> > >>>
> > >> Hello Andrew,
> > >>
> > >> thank you for the fast response.
> > >>
> > >> Here is what ldbsearch returns:
> > >>
> > >> # record 1
> > >> dn: DC=DomainDnsZones,DC=novanetwork,DC=loc
> > >> objectClass: top
> > > 
> > > OK, so that is your fundamental issue.  The correct objectClass is
> > > domainDNS.  
> > > 
> > > This may be due to a stub object (an object which indicates that a full
> > > partition should be created below).  Where and how was the DNS first
> > > created?
> > > 
> > > Can you show me:
> > > ldbsearch -H sam.ldb -s base -b ""
> > > 
> > > Thanks,
> > > 
> > > Andrew Bartlett
> > > 
> > Hello Andrew,
> > 
> > Initially I have started with a standard flat file bind9 config, later I
> > changed that to bind9_dlz by using an early version of Amitay's
> > upgrade_dns script with the --migrate=no switch. Then I created all my
> > static DNS entries by hand with the Windows DNS admin tool.
> > After doing some successful testing with clients  (SYSVOL,NETLOGON,
> > GPOs,DNS) I added a second DC (novadc02)
> 
> Thanks.
> 
> We need to double-check what your DomainDNSZones entry looks like, then
> then work to make it look like this:
> 
> (this is the one from make test)
> [abartlet at ruth samba]$ bin/ldbsearch -H st/dc//private/sam.ldb -s base
> -b dc=domaindnszones,dc=samba,dc=example,dc=com
> Unknown parameter encountered: "min receivefile size"
> Ignoring unknown parameter "min receivefile size"
> # record 1
> dn: DC=DomainDnsZones,DC=samba,DC=example,DC=com
> objectClass: top
> objectClass: domain
> objectClass: domainDNS
> description: Microsoft DNS Directory
> instanceType: 13
> whenCreated: 20120627054121.0Z
> uSNCreated: 3620
> name: DomainDnsZones
> objectGUID: daaf1e11-7df4-4631-bd74-f085b0aac1d9
> objectCategory:
> CN=Domain-DNS,CN=Schema,CN=Configuration,DC=samba,DC=example,D
>  C=com
> msDS-NcType: 0
> dc: DomainDnsZones
> wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS
> Quotas,DC=Doma
>  inDnsZones,DC=samba,DC=example,DC=com
> wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted
> Objects,DC=
>  DomainDnsZones,DC=samba,DC=example,DC=com
> wellKnownObjects:
> B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=D
>  omainDnsZones,DC=samba,DC=example,DC=com
> wellKnownObjects:
> B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=Dom
>  ainDnsZones,DC=samba,DC=example,DC=com
> whenChanged: 20120627054126.0Z
> uSNChanged: 3632
> msDs-masteredBy: CN=NTDS
> Settings,CN=LOCALDC,CN=Servers,CN=Default-First-Site-
>  Name,CN=Sites,CN=Configuration,DC=samba,DC=example,DC=com
> distinguishedName: DC=DomainDnsZones,DC=samba,DC=example,DC=com
> 
> First please re-confirm the output of:
> 
> ldbsearch -H sam.ldb -s base -b DC=DomainDnsZones,DC=novanetwork,DC=loc
> 
> Start by setting objectclass to domaindns (it will fill in the rest)
> using ldbmodify and re-confirm again with:
> 
> ldbsearch -H sam.ldb -s base -b DC=DomainDnsZones,DC=novanetwork,DC=loc

Also, please keep a backup, as if this is something we can automatically
correct, I would like to try (and having a DB for you to test my changes
with is very helpful).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list