Migrated to s4. Replication issues.

Sergey Urushkin urushkin at telros.ru
Mon Nov 12 02:04:29 MST 2012 

Forgot to mention:

# samba --version
Version 4.1.0pre1-GIT-50d47fc

# uname -a
Linux dc0 3.2.0-32-generic #51-Ubuntu SMP Wed Sep 26 21:33:09 UTC 2012
x86_64 x86_64 x86_64 GNU/Linux

12.11.2012 10:29, Sergey Urushkin пишет:
> Hi!
> Last week, we did the migration from s3 to s4 (more than half thousand
> users, 2 DCs, dns - bind flat files). If you're interested, I'll write
> about details of the migration later. To be short: there were not any
> serious issues.
> But for now, I have 2 replication issues that I think you'll be
> interested in.
>
> 1. From time to time (after some changes are made to the directory, e.g.
> group policies) I see these messages in the logs (log level =2):
>
> [2012/11/12 09:23:00,  0]
> ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
>   IRPC callback failed for DsReplicaSync - NT_STATUS_IO_TIMEOUT
> [2012/11/12 09:23:00,  2]
> default/librpc/gen_ndr/ndr_drsuapi_s.c:394(drsuapi__op_reply)
>   dcerpc_fault WERR_EPT_S_CANT_PERFORM_OP in drsuapi_DsReplicaSync
>
> It is repeating until I restart samba (I have a cronjob for this on both
> DCs as a dirty workaround). After restarting all is ok, until something
> (don't know what exactly) is changed in the directory again.
> samba-tool dbcheck doesn't find anything wrong.
> What additional info could help here? Because of the restarting - this
> issue is really critical for us, I'll be glad if you help me with this.
>
> 2. While migrating, I periodically run dbcheck on both DCs (just to see
> if db error occurs), a few times there were errors (which were fixed
> successfully). And I finally noticed when it happens for sure: after
> deleting user with samba-tool on the first dc, I get these errors with
> dbcheck on the second:
>
> # samba-tool dbcheck --cross-ncs --fix --yes
> Checking 5286 objects
> ERROR: target DN is deleted for member in object
> CN=Project,CN=Users,DC=domain,DC=ru -
> <GUID=2b091e47-c82c-4a5d-95e9-b06cd4615fbb>;<SID=S-1-5-21-530720856-2058831417-1234567890-4304>;CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
> Objects,DC=domain,DC=ru
> Target GUID points at deleted DN
> CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
> Objects,DC=domain,DC=ru
> Remove DN link? [YES]
> Removed deleted DN on attribute member
> ERROR: target DN is deleted for member in object
> CN=1c_user,CN=Users,DC=domain,DC=ru -
> <GUID=2b091e47-c82c-4a5d-95e9-b06cd4615fbb>;<SID=S-1-5-21-530720856-2058831417-1234567890-4304>;CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
> Objects,DC=domain,DC=ru
> Target GUID points at deleted DN
> CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
> Objects,DC=domain,DC=ru
> Remove DN link? [YES]
> Removed deleted DN on attribute member
> ERROR: target DN is deleted for member in object
> CN=ti,CN=Users,DC=domain,DC=ru -
> <GUID=2b091e47-c82c-4a5d-95e9-b06cd4615fbb>;<SID=S-1-5-21-530720856-2058831417-1234567890-4304>;CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
> Objects,DC=domain,DC=ru
> Target GUID points at deleted DN
> CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
> Objects,DC=domain,DC=ru
> Remove DN link? [YES]
> Removed deleted DN on attribute member
> ERROR: target DN is deleted for member in object
> CN=hp5550,CN=Users,DC=domain,DC=ru -
> <GUID=2b091e47-c82c-4a5d-95e9-b06cd4615fbb>;<SID=S-1-5-21-530720856-2058831417-1234567890-4304>;CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
> Objects,DC=domain,DC=ru
> Target GUID points at deleted DN
> CN=user1\0ADEL:2b091e47-c82c-4a5d-95e9-b06cd4615fbb,CN=Deleted
> Objects,DC=domain,DC=ru
> Remove DN link? [YES]
> Removed deleted DN on attribute member
> Checked 5286 objects (4 errors)
>
> user1 was the member of all these groups. Do you have any ideas about this?
>
> Thank you for s4.
>

-- 
Best regards,
Sergey Urushkin

More information about the samba-technical mailing list