Migrated to s4. Replication issues.

Sergey Urushkin urushkin at telros.ru
Sun Nov 11 23:29:26 MST 2012 

Hi!
Last week, we did the migration from s3 to s4 (more than half thousand
users, 2 DCs, dns - bind flat files). If you're interested, I'll write
about details of the migration later. To be short: there were not any
serious issues.
But for now, I have 2 replication issues that I think you'll be
interested in.

1. From time to time (after some changes are made to the directory, e.g.
group policies) I see these messages in the logs (log level =2):

[2012/11/12 09:23:00,  0]
../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
  IRPC callback failed for DsReplicaSync - NT_STATUS_IO_TIMEOUT
[2012/11/12 09:23:00,  2]
default/librpc/gen_ndr/ndr_drsuapi_s.c:394(drsuapi__op_reply)
  dcerpc_fault WERR_EPT_S_CANT_PERFORM_OP in drsuapi_DsReplicaSync

It is repeating until I restart samba (I have a cronjob for this on both
DCs as a dirty workaround). After restarting all is ok, until something
(don't know what exactly) is changed in the directory again.
samba-tool dbcheck doesn't find anything wrong.
What additional info could help here? Because of the restarting - this
issue is really critical for us, I'll be glad if you help me with this.

2. While migrating, I periodically run dbcheck on both DCs (just to see
if db error occurs), a few times there were errors (which were fixed
successfully). And I finally noticed when it happens for sure: after
deleting user with samba-tool on the first dc, I get these errors with
dbcheck on the second:

# samba-tool dbcheck --cross-ncs --fix --yes
Checking 5286 objects
ERROR: target DN is deleted for member in object
CN=Project,CN=Users,DC=domain,DC=ru -
<GUID=2b091e47-c82c-4a5d-95e9-b06cd4615fbb>;<SID=S-1-5-21-530720856-2058831417-1234567890-4304>;CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
Objects,DC=domain,DC=ru
Target GUID points at deleted DN
CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
Objects,DC=domain,DC=ru
Remove DN link? [YES]
Removed deleted DN on attribute member
ERROR: target DN is deleted for member in object
CN=1c_user,CN=Users,DC=domain,DC=ru -
<GUID=2b091e47-c82c-4a5d-95e9-b06cd4615fbb>;<SID=S-1-5-21-530720856-2058831417-1234567890-4304>;CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
Objects,DC=domain,DC=ru
Target GUID points at deleted DN
CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
Objects,DC=domain,DC=ru
Remove DN link? [YES]
Removed deleted DN on attribute member
ERROR: target DN is deleted for member in object
CN=ti,CN=Users,DC=domain,DC=ru -
<GUID=2b091e47-c82c-4a5d-95e9-b06cd4615fbb>;<SID=S-1-5-21-530720856-2058831417-1234567890-4304>;CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
Objects,DC=domain,DC=ru
Target GUID points at deleted DN
CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
Objects,DC=domain,DC=ru
Remove DN link? [YES]
Removed deleted DN on attribute member
ERROR: target DN is deleted for member in object
CN=hp5550,CN=Users,DC=domain,DC=ru -
<GUID=2b091e47-c82c-4a5d-95e9-b06cd4615fbb>;<SID=S-1-5-21-530720856-2058831417-1234567890-4304>;CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
Objects,DC=domain,DC=ru
Target GUID points at deleted DN
CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
Objects,DC=domain,DC=ru
Remove DN link? [YES]
Removed deleted DN on attribute member
Checked 5286 objects (4 errors)

user1 was the member of all these groups. Do you have any ideas about this?

Thank you for s4.

-- 
Best regards,
Sergey Urushkin

More information about the samba-technical mailing list