Need urgent help with samba4 DC re-join
Andreas Oster
aoster at novanetwork.de
Wed Jun 27 11:27:31 MDT 2012
Am 27.06.2012 15:43, schrieb Andreas Oster:
> Am 27.06.2012 15:35, schrieb Andrew Bartlett:
>> On Wed, 2012-06-27 at 15:28 +0200, Andreas Oster wrote:
>>> Am 27.06.2012 15:21, schrieb Andrew Bartlett:
>>>> On Wed, 2012-06-27 at 15:09 +0200, Andreas Oster wrote:
>>>>> Hello Andrew,
>>>>>
>>>>> i think the only differences when doing a "ldbsearch -H sam.ldb -s base
>>>>> -b DC=DomainDnsZones,DC=novanetwork,DC=loc" are:
>>>>>
>>>>> objectClass: domain
>>>>> objectClass: domainDNS
>>>>>
>>>>> and
>>>>>
>>>>> objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
>>>>>
>>>>>
>>>>> I do not know if this was correct before demoting the second DC.
>>>>> It did not come into my mind to check for errors because everything
>>>>> worked like a charm and I was/am really happy with samba4.
>>>>>
>>>>> here the output of:
>>>>>
>>>>> ../bin/ldbsearch -H sam.ldb -s base -b
>>>>> dc=domaindnszones,DC=novanetwork,DC=loc --reveal --show-binary
>>>>> replPropertyMetaData
>>>>
>>>> Thanks. This gives us a very good clue as to what has gone on:
>>>>
>>>> I'm assuming that 61f36cfd-ba7d-4702-87d3-7e861bb32cfe is PDC and
>>>> fd9ca123-ed33-483a-a735-ff41940789a2 was the BDC?
>>>>
>>>> The key attributes changed that you mention are objectClass and
>>>> objectCategory. Both need to be fixed. The incorrect values seem to
>>>> have been written at Sun Apr 22 16:07:06 2012 CEST compared with Sun Apr
>>>> 22 16:03:41 2012 CEST for the good ones.
>>>>
>>>> My guess is that in attempting to replicate the DNS to the slave with
>>>> the samba-tool drs commands, and running samba_upgradedns on that
>>>> server, have somehow sent back a corrupted version of the same object.
>>>>
>>>> Andrew Bartlett
>>>>
>>
>>> Hello Andrew,
>>>
>>> this is absolute possible. In a prior try to replicate the
>>> DomainDnsZones and ForestDnsZones I used the samba-tool drs command but
>>> this did not succeed and, if I do remember correct, quit with an error
>>> message. As everything kept on working as before, it did not come to my
>>> mind that it might have broken anything.
>>>
>>> Do you have an idea how to fix this ?
>>
>> ldbedit -H sam.ldb -s base -b dc=domaindnszones,DC=novanetwork,DC=loc
>>
>> Then set:
>>
>> objectClass: domainDNS
>> objectCategory:
>> CN=Domain-DNS,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
>>
>> That should fix it (I hope).
>>
>> This is the end for me for tonight, but I'll follow up tomorrow.
>> Hopefully others here can help you with any remaining details.
>>
>> KEEP GOOD BACKUPS.
>>
>> Thanks,
>>
>> Andrew Bartlett
>>
> Hello Andrew,
>
> thank you very much for your help. I appreciate very much that you use
> your limited time to help guys like me.
>
> I will create a backup and do the proposed changes with ldbedit. I will
> report here if joining works again afterwards.
>
> best regards
>
> Andreas
>
>
Hello Andrew,
unfortunately, I have been unable to modify/add the settings via
ldbedit. I got the following error message when committing the
modifications:
../bin/ldbedit -H sam.ldb -s base -b dc=domaindnszones,DC=novanetwork,DC=loc
failed to modify DC=DomainDnsZones,DC=novanetwork,DC=loc - cannot change
replicated attribute on partial replica at
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:1408
Any idea what could be causing it ?
Luckily, I did a vmware snapshot before demoting the second DC, I was so
upset that I forget about that. I have now reverted back to the old
snapshots and second DC is functional again.
I have done the tests with ldbsearch on the DomainDnsZones and
ForestDnsZones and realized, that the faulty entries already existed
before demoting. So I guess before I can demote the second DC again I
will have to fix those errors.
Thank you for your kind help
best regards
Andreas
More information about the samba-technical
mailing list