4.0.rc2 drs issue
Gémes Géza
geza at kzsdabas.hu
Thu Oct 18 09:41:59 MDT 2012
2012-10-18 07:43 keltezéssel, Matthieu Patou írta:
> On 10/17/2012 12:53 PM, Gémes Géza wrote:
>> Hi,
>>
>> I have a (production) domain created by a 3.5->4.0beta6(some git
>> version)->4.0rc2 upgrade path, with the last upgrade executed as a
>> join of a 4.0rc2 install (machine name dc1) and removal of the beta8
>> install (machine name dc0). Immediately after the removal of beta8 (I
>> wasn't able to demote it, however forcibly transfered the fsmo roles
>> to rc2) I've installed another instance of rc2 (with the same IP
>> address and name as beta8 had (dc0)) and joined it to rc2 (without
>> removing anything related to dc0 from the directory). Unfortunately
>> I've observed that drs is not working as expected (I had dc0 as an
>> incoming and outgoing replica partner on dc1, but dc1 was only an
>> incoming partner for dc0). Because of that I've decided to remove dc0
>> from the domain entirely to rejoin it cleanly (also plan to upgrde
>> both servers to rc3 in the process). Unfortunately dc0 won't demote
>> as it claims to hold still two roles, but samba-tool fsmo show gives
>> (on both servers) that all five roles are hold by dc1. Being stuck on
>> it I've decided to forcibly remove it following:
>> http://technet.microsoft.com/en-us/library/cc736378%28WS.10%29.aspx
>> After removal I've checked that dc0 disappeared without trace (except
>> dns where I've cleaned it out).
>> After joining it back I still have:
>> root at dc1:~# samba-tool drs showrepl
>> Default-First-Site-Name\DC1
>> DSA Options: 0x00000001
>> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>> DSA invocationId: 574709d5-5de7-472a-ba15-fc7b5ca97da0
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> DC=DomainDnsZones,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC0 via RPC
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC0 via RPC
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC0 via RPC
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC0 via RPC
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC0 via RPC
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> Last attempt @ NTTIME(0) was successful
> ^^^^^^^^^^^^^^^^^^^ This means that it has never replicated from this
> server
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> DC=DomainDnsZones,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC0 via RPC
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC0 via RPC
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC0 via RPC
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC0 via RPC
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC0 via RPC
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> Last attempt @ NTTIME(0) was successful
> ^^^^^^^^^^^^^^^^^^^ in outgoing the nttime is always 0
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> ==== KCC CONNECTION OBJECTS ====
>>
>> Connection --
>> Connection name: c9f0627b-6d81-4817-adca-1849005d0d7c
>> Enabled : TRUE
>> Server DNS name : DC0.kzsdabas.hu
>> Server DN name : CN=NTDS
>> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=kzsdabas,DC=hu
>> TransportType: RPC
>> options: 0x00000001
>> Warning: No NC replicated for Connection!
>>
>> Which seems ok
> no it's not
>>
>> and:
>> root at dc0:~# samba-tool drs showrepl
>> Default-First-Site-Name\DC0
>> DSA Options: 0x00000001
>> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
>> DSA invocationId: c733b71a-c093-4a0e-b990-839d8b9ffaf2
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> DC=DomainDnsZones,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>> Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Wed Oct 17 21:44:35 2012 CEST
>>
>> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>> Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Wed Oct 17 21:44:35 2012 CEST
>>
>> DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>> Last attempt @ Wed Oct 17 21:44:36 2012 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Wed Oct 17 21:44:36 2012 CEST
>>
>> DC=ForestDnsZones,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>> Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Wed Oct 17 21:44:35 2012 CEST
>>
>> CN=Configuration,DC=kzsdabas,DC=hu
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
>> Last attempt @ Wed Oct 17 21:44:36 2012 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Wed Oct 17 21:44:36 2012 CEST
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> ==== KCC CONNECTION OBJECTS ====
>>
>> Connection --
>> Connection name: 4eb7c88b-62c9-46d1-817d-15b5be7b9e41
>> Enabled : TRUE
>> Server DNS name : DC1.kzsdabas.hu
>> Server DN name : CN=NTDS
>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=kzsdabas,DC=hu
>> TransportType: RPC
>> options: 0x00000001
>> Warning: No NC replicated for Connection!
>>
>> Which seems less perfect
>
> Well you should check the repsto and repsfrom, attributes (use
> ldbsearch -H ldap://<ip> --cross-ncs --show-binary '(repsto=*)
> repsfrom repsto
>
> Also check that on both host you can resolve the two following DNS names
>
> <guid_ntds_server1>._msdcs.<domain>
> <guid_ntds_server2>._msdcs.<domain>
>
> Use this command:
> ./bin/ldbsearch -H ldap://<ip> '(invocationid=*)' --cross-ncs
> objectguid to get the guid_ntds_server1 & guid_ntds_server2
>
> Matthieu.
>
>
> Matthieu
>
Thank you!
Will check it later today (had a serious network outage today still
recovering :-( )
Cheers
Geza Gemes
More information about the samba-technical
mailing list