4.0.rc2 drs issue

Gémes Géza geza at kzsdabas.hu
Wed Oct 17 23:28:41 MDT 2012 

2012-10-17 21:53 keltezéssel, Gémes Géza írta:
> Hi,
>
> I have a (production) domain created by a 3.5->4.0beta6(some git 
> version)->4.0rc2 upgrade path, with the last upgrade executed as a 
> join of a 4.0rc2 install (machine name dc1) and removal of the beta8 
> install (machine name dc0). Immediately after the removal of beta8 (I 
> wasn't able to demote it, however forcibly transfered the fsmo roles 
> to rc2) I've installed another instance of rc2 (with the same IP 
> address and name as beta8 had (dc0)) and joined it to rc2 (without 
> removing anything related to dc0 from the directory). Unfortunately 
> I've observed that drs is not working as expected (I had dc0 as an 
> incoming and outgoing replica partner on dc1, but dc1 was only an 
> incoming partner for dc0). Because of that I've decided to remove dc0 
> from the domain entirely to rejoin it cleanly (also plan to upgrde 
> both servers to rc3 in the process). Unfortunately dc0 won't demote as 
> it claims to hold still two roles, but samba-tool fsmo show gives (on 
> both servers) that all five roles are hold by dc1. Being stuck on it 
> I've decided to forcibly remove it following: 
> http://technet.microsoft.com/en-us/library/cc736378%28WS.10%29.aspx
> After removal I've checked that dc0 disappeared without trace (except 
> dns where I've cleaned it out).
> After joining it back I still have:
> root at dc1:~# samba-tool drs showrepl
> Default-First-Site-Name\DC1
> DSA Options: 0x00000001
> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
> DSA invocationId: 574709d5-5de7-472a-ba15-fc7b5ca97da0
>
> ==== INBOUND NEIGHBORS ====
>
> DC=DomainDnsZones,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC0 via RPC
>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>         Last attempt @ NTTIME(0) was successful
>         0 consecutive failure(s).
>         Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC0 via RPC
>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>         Last attempt @ NTTIME(0) was successful
>         0 consecutive failure(s).
>         Last success @ NTTIME(0)
>
> DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC0 via RPC
>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>         Last attempt @ NTTIME(0) was successful
>         0 consecutive failure(s).
>         Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC0 via RPC
>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>         Last attempt @ NTTIME(0) was successful
>         0 consecutive failure(s).
>         Last success @ NTTIME(0)
>
> CN=Configuration,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC0 via RPC
>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>         Last attempt @ NTTIME(0) was successful
>         0 consecutive failure(s).
>         Last success @ NTTIME(0)
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=DomainDnsZones,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC0 via RPC
>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>         Last attempt @ NTTIME(0) was successful
>         0 consecutive failure(s).
>         Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC0 via RPC
>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>         Last attempt @ NTTIME(0) was successful
>         0 consecutive failure(s).
>         Last success @ NTTIME(0)
>
> DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC0 via RPC
>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>         Last attempt @ NTTIME(0) was successful
>         0 consecutive failure(s).
>         Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC0 via RPC
>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>         Last attempt @ NTTIME(0) was successful
>         0 consecutive failure(s).
>         Last success @ NTTIME(0)
>
> CN=Configuration,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC0 via RPC
>         DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>         Last attempt @ NTTIME(0) was successful
>         0 consecutive failure(s).
>         Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
>     Connection name: c9f0627b-6d81-4817-adca-1849005d0d7c
>     Enabled        : TRUE
>     Server DNS name : DC0.kzsdabas.hu
>     Server DN name  : CN=NTDS 
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=kzsdabas,DC=hu
>         TransportType: RPC
>         options: 0x00000001
> Warning: No NC replicated for Connection!
>
> Which seems ok
>
> and:
> root at dc0:~# samba-tool drs showrepl
> Default-First-Site-Name\DC0
> DSA Options: 0x00000001
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> DSA invocationId: c733b71a-c093-4a0e-b990-839d8b9ffaf2
>
> ==== INBOUND NEIGHBORS ====
>
> DC=DomainDnsZones,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC1 via RPC
>         DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>         Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
>         0 consecutive failure(s).
>         Last success @ Wed Oct 17 21:44:35 2012 CEST
>
> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC1 via RPC
>         DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>         Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
>         0 consecutive failure(s).
>         Last success @ Wed Oct 17 21:44:35 2012 CEST
>
> DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC1 via RPC
>         DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>         Last attempt @ Wed Oct 17 21:44:36 2012 CEST was successful
>         0 consecutive failure(s).
>         Last success @ Wed Oct 17 21:44:36 2012 CEST
>
> DC=ForestDnsZones,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC1 via RPC
>         DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>         Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
>         0 consecutive failure(s).
>         Last success @ Wed Oct 17 21:44:35 2012 CEST
>
> CN=Configuration,DC=kzsdabas,DC=hu
>     Default-First-Site-Name\DC1 via RPC
>         DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>         Last attempt @ Wed Oct 17 21:44:36 2012 CEST was successful
>         0 consecutive failure(s).
>         Last success @ Wed Oct 17 21:44:36 2012 CEST
>
> ==== OUTBOUND NEIGHBORS ====
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
>     Connection name: 4eb7c88b-62c9-46d1-817d-15b5be7b9e41
>     Enabled        : TRUE
>     Server DNS name : DC1.kzsdabas.hu
>     Server DN name  : CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=kzsdabas,DC=hu
>         TransportType: RPC
>         options: 0x00000001
> Warning: No NC replicated for Connection!
>
> Which seems less perfect
Hi,

The problems doesn't end yet :-(
Trying to start from scratch with the replication again, I've forcibly 
removed dc0 again (still complained at demote that it holds two roles, 
while fsmo show gives that all five roles are hold by the other server 
(dc1)). Now on dc1 with dc0 retired completely samba-tool drs showrepl 
errors with:
Default-First-Site-Name\DC1
DSA Options: 0x00000001
DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
DSA invocationId: 574709d5-5de7-472a-ba15-fc7b5ca97da0

==== INBOUND NEIGHBORS ====

ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610723, 
'NT_STATUS_RPC_PROTOCOL_ERROR')

Than you for any idea about what needs to be done!

Cheers

Geza

More information about the samba-technical mailing list