Need urgent help with samba4 DC re-join
Andreas Oster
aoster at novanetwork.de
Wed Jun 27 07:09:41 MDT 2012
Am 27.06.2012 14:58, schrieb Andrew Bartlett:
> On Wed, 2012-06-27 at 14:54 +0200, Andreas Oster wrote:
>> Am 27.06.2012 14:44, schrieb Andrew Bartlett:
>>> On Wed, 2012-06-27 at 14:39 +0200, Andreas Oster wrote:
>>>> Am 27.06.2012 14:26, schrieb Andrew Bartlett:
>>>>> On Wed, 2012-06-27 at 14:12 +0200, Andreas Oster wrote:
>>>>>> Am 27.06.2012 12:21, schrieb Andrew Bartlett:
>>>>>>> On Wed, 2012-06-27 at 08:21 +0200, Andreas Oster wrote:
>>>>>>>> Hello all,
>>>>>>>>
>>>>>>>> today I have tried to fix replication of ForestDnsZones and
>>>>>>>> DomainDnsZones. I pulled the current sources from GIT and recompiled
>>>>>>>> samba4. After installation I demoted the second DC, which completed
>>>>>>>> without any errors. Afterwards I have tried to re-join the server but
>>>>>>>> this is constantly failing. I have attached the d3 output of the join
>>>>>>>> attempt.
>>>>>>>>
>>>>>>>> In the PDC log.samba the following error comes up when joining of the
>>>>>>>> second DC failes:
>>>>>>>>
>>>>>>>> [2012/06/27 08:13:30, 0] ../source4/dsdb/common/util.c:2689(dsdb_savereps)
>>>>>>>> Failed to store repsTo - objectclass_attrs: attribute 'dc' on entry
>>>>>>>> 'DC=DomainDnsZones,DC=novanetwork,DC=loc' does not exist in the
>>>>>>>> specified objectclasses!
>>>>>>>> [2012/06/27 08:13:30, 0]
>>>>>>>> ../source4/rpc_server/drsuapi/updaterefs.c:154(drsuapi_UpdateRefs)
>>>>>>>> Failed to delete repsTo for d54eb180-fd57-4629-8f8f-bb48373a8daa:
>>>>>>>> WERR_DS_DRA_INTERNAL_ERROR
>>>>>>>>
>>>>>>>>
>>>>>>>> Stupid as I am, I did this on the productive system :-(
>>>>>>>
>>>>>>> Can you show us the full ldif for that DN on your PDC?
>>>>>>>
>>>>>>> ldbsearch -H sam.ldb -s base -b DC=DomainDnsZones,DC=novanetwork,DC=loc
>>>>>>> * objectClass repsFrom repsTo
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Andrew Bartlett
>>>>>>>
>>>>>> Hello Andrew,
>>>>>>
>>>>>> thank you for the fast response.
>>>>>>
>>>>>> Here is what ldbsearch returns:
>>>>>>
>>>>>> # record 1
>>>>>> dn: DC=DomainDnsZones,DC=novanetwork,DC=loc
>>>>>> objectClass: top
>>>>>
>>>>> OK, so that is your fundamental issue. The correct objectClass is
>>>>> domainDNS.
>>>>>
>>>>> This may be due to a stub object (an object which indicates that a full
>>>>> partition should be created below). Where and how was the DNS first
>>>>> created?
>>>>>
>>>>> Can you show me:
>>>>> ldbsearch -H sam.ldb -s base -b ""
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Andrew Bartlett
>>>>>
>>>> Hello Andrew,
>>>>
>>>> Initially I have started with a standard flat file bind9 config, later I
>>>> changed that to bind9_dlz by using an early version of Amitay's
>>>> upgrade_dns script with the --migrate=no switch. Then I created all my
>>>> static DNS entries by hand with the Windows DNS admin tool.
>>>> After doing some successful testing with clients (SYSVOL,NETLOGON,
>>>> GPOs,DNS) I added a second DC (novadc02)
>>>
>>> Thanks.
>>>
>>> We need to double-check what your DomainDNSZones entry looks like, then
>>> then work to make it look like this:
>>>
>>> (this is the one from make test)
>>> [abartlet at ruth samba]$ bin/ldbsearch -H st/dc//private/sam.ldb -s base
>>> -b dc=domaindnszones,dc=samba,dc=example,dc=com
>>> Unknown parameter encountered: "min receivefile size"
>>> Ignoring unknown parameter "min receivefile size"
>>> # record 1
>>> dn: DC=DomainDnsZones,DC=samba,DC=example,DC=com
>>> objectClass: top
>>> objectClass: domain
>>> objectClass: domainDNS
>>> description: Microsoft DNS Directory
>>> instanceType: 13
>>> whenCreated: 20120627054121.0Z
>>> uSNCreated: 3620
>>> name: DomainDnsZones
>>> objectGUID: daaf1e11-7df4-4631-bd74-f085b0aac1d9
>>> objectCategory:
>>> CN=Domain-DNS,CN=Schema,CN=Configuration,DC=samba,DC=example,D
>>> C=com
>>> msDS-NcType: 0
>>> dc: DomainDnsZones
>>> wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS
>>> Quotas,DC=Doma
>>> inDnsZones,DC=samba,DC=example,DC=com
>>> wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted
>>> Objects,DC=
>>> DomainDnsZones,DC=samba,DC=example,DC=com
>>> wellKnownObjects:
>>> B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=D
>>> omainDnsZones,DC=samba,DC=example,DC=com
>>> wellKnownObjects:
>>> B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=Dom
>>> ainDnsZones,DC=samba,DC=example,DC=com
>>> whenChanged: 20120627054126.0Z
>>> uSNChanged: 3632
>>> msDs-masteredBy: CN=NTDS
>>> Settings,CN=LOCALDC,CN=Servers,CN=Default-First-Site-
>>> Name,CN=Sites,CN=Configuration,DC=samba,DC=example,DC=com
>>> distinguishedName: DC=DomainDnsZones,DC=samba,DC=example,DC=com
>>>
>>> First please re-confirm the output of:
>>>
>>> ldbsearch -H sam.ldb -s base -b DC=DomainDnsZones,DC=novanetwork,DC=loc
>>>
>>> Start by setting objectclass to domaindns (it will fill in the rest)
>>> using ldbmodify and re-confirm again with:
>>>
>>> ldbsearch -H sam.ldb -s base -b DC=DomainDnsZones,DC=novanetwork,DC=loc
>>>
>>> Thanks,
>>>
>>> Andrew Bartlett
>>>
>> Hello Andrew,
>>
>> currently output looks like this:
>>
>> ../bin/ldbsearch -H sam.ldb -s base -b
>>
>> DC=DomainDnsZones,DC=novanetwork,DC=loc
>> # record 1
>> dn: DC=DomainDnsZones,DC=novanetwork,DC=loc
>> description: Microsoft DNS Directory
>> uSNCreated: 4050
>> name: DomainDnsZones
>> objectGUID: a1e40623-4805-4e11-9471-9cb0b49b1dc8
>> msDS-NcType: 0
>> dc: DomainDnsZones
>> wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS
>> Quotas,DC=Doma
>> inDnsZones,DC=novanetwork,DC=loc
>> wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted
>> Objects,DC=
>> DomainDnsZones,DC=novanetwork,DC=loc
>> wellKnownObjects:
>> B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=D
>> omainDnsZones,DC=novanetwork,DC=loc
>> wellKnownObjects:
>> B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=Dom
>> ainDnsZones,DC=novanetwork,DC=loc
>> msDs-masteredBy: CN=NTDS
>> Settings,CN=NOVADC01,CN=Servers,CN=Standardname-des-e
>> rsten-Standorts,CN=Sites,CN=Configuration,DC=novanetwork,DC=loc
>> objectClass: top
>> instanceType: 11
>> whenCreated: 20120422140706.0Z
>> whenChanged: 20120422140706.0Z
>> uSNChanged: 4116
>> objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
>> distinguishedName: DC=DomainDnsZones,DC=novanetwork,DC=loc
>
> Then simply setting objectclass to domaindns should fix this.
>
> If you are able to work out if this has ever been correct, it would be
> worth a small exploration to determine how it broke.
>
> ldbsearch -H sam.ldb -s base -b dc=domaindnszones,DC=novanetwork,DC=loc
> --reveal --show-binary replPropertyMetaData
>
> This command may indicate when objectclass was last changed.
>
> Thanks,
>
> Andrew Bartlett
>
Hello Andrew,
i think the only differences when doing a "ldbsearch -H sam.ldb -s base
-b DC=DomainDnsZones,DC=novanetwork,DC=loc" are:
objectClass: domain
objectClass: domainDNS
and
objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
I do not know if this was correct before demoting the second DC.
It did not come into my mind to check for errors because everything
worked like a charm and I was/am really happy with samba4.
here the output of:
../bin/ldbsearch -H sam.ldb -s base -b
dc=domaindnszones,DC=novanetwork,DC=loc --reveal --show-binary
replPropertyMetaData
# record 1
dn: DC=DomainDnsZones,DC=novanetwork,DC=loc
replPropertyMetaData: NDR: struct replPropertyMetaDataBlob
version : 0x00000001 (1)
reserved : 0x00000000 (0)
ctr : union replPropertyMetaDataCtr(case 1)
ctr1: struct replPropertyMetaDataCtr1
count : 0x00000009 (9)
reserved : 0x00000000 (0)
array: ARRAY(9)
array: struct replPropertyMetaData1
attid : DRSUAPI_ATTID_objectClass
(0x0)
version : 0x00000001 (1)
originating_change_time : Sun Apr 22 16:07:06 2012 CEST
originating_invocation_id:
fd9ca123-ed33-483a-a735-ff41940789a2
originating_usn : 0x0000000000003336 (13110)
local_usn : 0x0000000000001014 (4116)
array: struct replPropertyMetaData1
attid : DRSUAPI_ATTID_description
(0xD)
version : 0x00000001 (1)
originating_change_time : Sun Apr 22 16:03:41 2012 CEST
originating_invocation_id:
61f36cfd-ba7d-4702-87d3-7e861bb32cfe
originating_usn : 0x0000000000000fd2 (4050)
local_usn : 0x0000000000000fd2 (4050)
array: struct replPropertyMetaData1
attid :
DRSUAPI_ATTID_instanceType (0x20001)
version : 0x00000001 (1)
originating_change_time : Sun Apr 22 16:07:06 2012 CEST
originating_invocation_id:
fd9ca123-ed33-483a-a735-ff41940789a2
originating_usn : 0x0000000000003336 (13110)
local_usn : 0x0000000000001014 (4116)
array: struct replPropertyMetaData1
attid : DRSUAPI_ATTID_whenCreated
(0x20002)
version : 0x00000001 (1)
originating_change_time : Sun Apr 22 16:07:06 2012 CEST
originating_invocation_id:
fd9ca123-ed33-483a-a735-ff41940789a2
originating_usn : 0x0000000000003336 (13110)
local_usn : 0x0000000000001014 (4116)
array: struct replPropertyMetaData1
attid :
DRSUAPI_ATTID_ntSecurityDescriptor (0x20119)
version : 0x00000001 (1)
originating_change_time : Sun Apr 22 16:03:41 2012 CEST
originating_invocation_id:
61f36cfd-ba7d-4702-87d3-7e861bb32cfe
originating_usn : 0x0000000000000fd2 (4050)
local_usn : 0x0000000000000fd2 (4050)
array: struct replPropertyMetaData1
attid : DRSUAPI_ATTID_name (0x90001)
version : 0x00000001 (1)
originating_change_time : Sun Apr 22 16:07:06 2012 CEST
originating_invocation_id:
fd9ca123-ed33-483a-a735-ff41940789a2
originating_usn : 0x0000000000003336 (13110)
local_usn : 0x0000000000001014 (4116)
array: struct replPropertyMetaData1
attid :
DRSUAPI_ATTID_wellKnownObjects (0x9026A)
version : 0x00000001 (1)
originating_change_time : Sun Apr 22 16:03:42 2012 CEST
originating_invocation_id:
61f36cfd-ba7d-4702-87d3-7e861bb32cfe
originating_usn : 0x0000000000000fde (4062)
local_usn : 0x0000000000000fde (4062)
array: struct replPropertyMetaData1
attid :
DRSUAPI_ATTID_objectCategory (0x9030E)
version : 0x00000001 (1)
originating_change_time : Sun Apr 22 16:07:06 2012 CEST
originating_invocation_id:
fd9ca123-ed33-483a-a735-ff41940789a2
originating_usn : 0x0000000000003336 (13110)
local_usn : 0x0000000000001014 (4116)
array: struct replPropertyMetaData1
attid : UNKNOWN_ENUM_VALUE (0x150019)
version : 0x00000001 (1)
originating_change_time : Sun Apr 22 16:07:06 2012 CEST
originating_invocation_id:
fd9ca123-ed33-483a-a735-ff41940789a2
originating_usn : 0x0000000000003336 (13110)
local_usn : 0x0000000000001014 (4116)
# returned 1 records
# 1 entries
# 0 referrals
regards
Andreas
More information about the samba-technical
mailing list