Need urgent help with samba4 DC re-join

Andrew Bartlett abartlet at samba.org
Wed Jun 27 06:58:12 MDT 2012 

On Wed, 2012-06-27 at 14:54 +0200, Andreas Oster wrote:
> Am 27.06.2012 14:44, schrieb Andrew Bartlett:
> > On Wed, 2012-06-27 at 14:39 +0200, Andreas Oster wrote:
> >> Am 27.06.2012 14:26, schrieb Andrew Bartlett:
> >>> On Wed, 2012-06-27 at 14:12 +0200, Andreas Oster wrote:
> >>>> Am 27.06.2012 12:21, schrieb Andrew Bartlett:
> >>>>> On Wed, 2012-06-27 at 08:21 +0200, Andreas Oster wrote:
> >>>>>> Hello all,
> >>>>>>
> >>>>>> today I have tried to fix replication of ForestDnsZones and
> >>>>>> DomainDnsZones. I pulled the current sources from GIT and recompiled
> >>>>>> samba4. After installation I demoted the second DC, which completed
> >>>>>> without any errors. Afterwards I have tried to re-join the server but
> >>>>>> this is constantly failing. I have attached the d3 output of the join
> >>>>>> attempt.
> >>>>>>
> >>>>>> In the PDC log.samba the following error comes up when joining of the
> >>>>>> second DC failes:
> >>>>>>
> >>>>>> [2012/06/27 08:13:30,  0] ../source4/dsdb/common/util.c:2689(dsdb_savereps)
> >>>>>>   Failed to store repsTo - objectclass_attrs: attribute 'dc' on entry
> >>>>>> 'DC=DomainDnsZones,DC=novanetwork,DC=loc' does not exist in the
> >>>>>> specified objectclasses!
> >>>>>> [2012/06/27 08:13:30,  0]
> >>>>>> ../source4/rpc_server/drsuapi/updaterefs.c:154(drsuapi_UpdateRefs)
> >>>>>>   Failed to delete repsTo for d54eb180-fd57-4629-8f8f-bb48373a8daa:
> >>>>>> WERR_DS_DRA_INTERNAL_ERROR
> >>>>>>
> >>>>>>
> >>>>>> Stupid as I am, I did this on the productive system :-(
> >>>>>
> >>>>> Can you show us the full ldif for that DN on your PDC?
> >>>>>
> >>>>> ldbsearch -H sam.ldb -s base -b DC=DomainDnsZones,DC=novanetwork,DC=loc
> >>>>> * objectClass repsFrom repsTo
> >>>>>
> >>>>> Thanks,
> >>>>>
> >>>>> Andrew Bartlett
> >>>>>
> >>>> Hello Andrew,
> >>>>
> >>>> thank you for the fast response.
> >>>>
> >>>> Here is what ldbsearch returns:
> >>>>
> >>>> # record 1
> >>>> dn: DC=DomainDnsZones,DC=novanetwork,DC=loc
> >>>> objectClass: top
> >>>
> >>> OK, so that is your fundamental issue.  The correct objectClass is
> >>> domainDNS.  
> >>>
> >>> This may be due to a stub object (an object which indicates that a full
> >>> partition should be created below).  Where and how was the DNS first
> >>> created?
> >>>
> >>> Can you show me:
> >>> ldbsearch -H sam.ldb -s base -b ""
> >>>
> >>> Thanks,
> >>>
> >>> Andrew Bartlett
> >>>
> >> Hello Andrew,
> >>
> >> Initially I have started with a standard flat file bind9 config, later I
> >> changed that to bind9_dlz by using an early version of Amitay's
> >> upgrade_dns script with the --migrate=no switch. Then I created all my
> >> static DNS entries by hand with the Windows DNS admin tool.
> >> After doing some successful testing with clients  (SYSVOL,NETLOGON,
> >> GPOs,DNS) I added a second DC (novadc02)
> > 
> > Thanks.
> > 
> > We need to double-check what your DomainDNSZones entry looks like, then
> > then work to make it look like this:
> > 
> > (this is the one from make test)
> > [abartlet at ruth samba]$ bin/ldbsearch -H st/dc//private/sam.ldb -s base
> > -b dc=domaindnszones,dc=samba,dc=example,dc=com
> > Unknown parameter encountered: "min receivefile size"
> > Ignoring unknown parameter "min receivefile size"
> > # record 1
> > dn: DC=DomainDnsZones,DC=samba,DC=example,DC=com
> > objectClass: top
> > objectClass: domain
> > objectClass: domainDNS
> > description: Microsoft DNS Directory
> > instanceType: 13
> > whenCreated: 20120627054121.0Z
> > uSNCreated: 3620
> > name: DomainDnsZones
> > objectGUID: daaf1e11-7df4-4631-bd74-f085b0aac1d9
> > objectCategory:
> > CN=Domain-DNS,CN=Schema,CN=Configuration,DC=samba,DC=example,D
> >  C=com
> > msDS-NcType: 0
> > dc: DomainDnsZones
> > wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS
> > Quotas,DC=Doma
> >  inDnsZones,DC=samba,DC=example,DC=com
> > wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted
> > Objects,DC=
> >  DomainDnsZones,DC=samba,DC=example,DC=com
> > wellKnownObjects:
> > B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=D
> >  omainDnsZones,DC=samba,DC=example,DC=com
> > wellKnownObjects:
> > B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=Dom
> >  ainDnsZones,DC=samba,DC=example,DC=com
> > whenChanged: 20120627054126.0Z
> > uSNChanged: 3632
> > msDs-masteredBy: CN=NTDS
> > Settings,CN=LOCALDC,CN=Servers,CN=Default-First-Site-
> >  Name,CN=Sites,CN=Configuration,DC=samba,DC=example,DC=com
> > distinguishedName: DC=DomainDnsZones,DC=samba,DC=example,DC=com
> > 
> > First please re-confirm the output of:
> > 
> > ldbsearch -H sam.ldb -s base -b DC=DomainDnsZones,DC=novanetwork,DC=loc
> > 
> > Start by setting objectclass to domaindns (it will fill in the rest)
> > using ldbmodify and re-confirm again with:
> > 
> > ldbsearch -H sam.ldb -s base -b DC=DomainDnsZones,DC=novanetwork,DC=loc
> > 
> > Thanks,
> > 
> > Andrew Bartlett
> > 
> Hello Andrew,
> 
> currently output looks like this:
> 
> ../bin/ldbsearch -H sam.ldb -s base -b
> 
> DC=DomainDnsZones,DC=novanetwork,DC=loc
> # record 1
> dn: DC=DomainDnsZones,DC=novanetwork,DC=loc
> description: Microsoft DNS Directory
> uSNCreated: 4050
> name: DomainDnsZones
> objectGUID: a1e40623-4805-4e11-9471-9cb0b49b1dc8
> msDS-NcType: 0
> dc: DomainDnsZones
> wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS
> Quotas,DC=Doma
>  inDnsZones,DC=novanetwork,DC=loc
> wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted
> Objects,DC=
>  DomainDnsZones,DC=novanetwork,DC=loc
> wellKnownObjects:
> B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=D
>  omainDnsZones,DC=novanetwork,DC=loc
> wellKnownObjects:
> B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=Dom
>  ainDnsZones,DC=novanetwork,DC=loc
> msDs-masteredBy: CN=NTDS
> Settings,CN=NOVADC01,CN=Servers,CN=Standardname-des-e
>  rsten-Standorts,CN=Sites,CN=Configuration,DC=novanetwork,DC=loc
> objectClass: top
> instanceType: 11
> whenCreated: 20120422140706.0Z
> whenChanged: 20120422140706.0Z
> uSNChanged: 4116
> objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
> distinguishedName: DC=DomainDnsZones,DC=novanetwork,DC=loc

Then simply setting objectclass to domaindns should fix this.

If you are able to work out if this has ever been correct, it would be
worth a small exploration to determine how it broke.  

ldbsearch -H sam.ldb -s base -b dc=domaindnszones,DC=novanetwork,DC=loc
--reveal --show-binary replPropertyMetaData

This command may indicate when objectclass was last changed. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list