[Samba] Trouble demoting DC with broken replication
lp101
lingpanda101 at gmail.com
Thu May 8 07:30:01 MDT 2014
Hello,
Remove all traces of the demoted DC from your DNS. Use Windows ADUC
module to remove the DC from the Domain Controllers OU. Use ADSI to
remove all traces of the NTDS files and demoted server. Be careful using
ADSI. Give it a few moments to allow the changes to replicate across all
your existing DC's.
On 5/8/2014 9:06 AM, Andreas Oster wrote:
> Am 08.05.2014 15:03, schrieb Andreas Oster:
>> Hi all,
>>
>> I am currently struggling to remove one of our Samba4 DC from the
>> domain. Some time ago, adding a new Samba DC to our AD did not succeed
>> and I had to demote the new server again. After removal, replication on
>> one of the old/existing DCs got weird.
>>
>> /usr/local/samba/bin/samba-tool drs showrepl gives the following:
>>
>> Standardname-des-ersten-Standorts\dc02
>> DSA Options: 0x00000001
>> DSA object GUID: ef37f4de-a03c-493c-96f6-e521a5415d81
>> DSA invocationId: b0bc10b9-a67f-4550-8fbf-3dc9fbe6fecc
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc01 via RPC
>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>> Last attempt @ Thu May 8 14:49:28 2014 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Thu May 8 14:49:28 2014 CEST
>>
>> DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc03 via RPC
>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>> Last attempt @ Thu May 8 14:49:24 2014 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Thu May 8 14:49:24 2014 CEST
>>
>> DC=ForestDnsZones,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc01 via RPC
>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>> Last attempt @ Thu May 8 14:48:50 2014 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Thu May 8 14:48:50 2014 CEST
>>
>> DC=ForestDnsZones,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc03 via RPC
>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>> Last attempt @ Thu May 8 14:48:51 2014 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Thu May 8 14:48:51 2014 CEST
>>
>> CN=Configuration,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc01 via RPC
>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>> Last attempt @ Thu May 8 14:48:54 2014 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Thu May 8 14:48:54 2014 CEST
>>
>> CN=Configuration,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc03 via RPC
>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>> Last attempt @ Thu May 8 14:48:55 2014 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Thu May 8 14:48:55 2014 CEST
>>
>> DC=DomainDnsZones,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc01 via RPC
>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>> Last attempt @ Thu May 8 14:50:01 2014 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Thu May 8 14:50:01 2014 CEST
>>
>> DC=DomainDnsZones,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc03 via RPC
>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>> Last attempt @ Thu May 8 14:50:02 2014 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Thu May 8 14:50:02 2014 CEST
>>
>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc01 via RPC
>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>> Last attempt @ Thu May 8 14:48:56 2014 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Thu May 8 14:48:56 2014 CEST
>>
>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc03 via RPC
>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>> Last attempt @ Thu May 8 14:48:56 2014 CEST was successful
>> 0 consecutive failure(s).
>> Last success @ Thu May 8 14:48:56 2014 CEST
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
>> Last attempt @ Thu May 8 14:51:59 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 1042908 consecutive failure(s).
>> Last success @ Tue Feb 11 10:00:38 2014 CET
>>
>> DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
>> Last attempt @ Thu May 8 14:51:59 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 1005465 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
>> Last attempt @ Thu May 8 14:51:59 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 958484 consecutive failure(s).
>> Last success @ Sat Feb 15 12:56:47 2014 CET
>>
>> DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc03 via RPC
>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc01 via RPC
>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
>> Last attempt @ Thu May 8 14:51:58 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 1049436 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
>> Last attempt @ Thu May 8 14:51:58 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 1012985 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
>> Last attempt @ Thu May 8 14:51:58 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 976997 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc01 via RPC
>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc03 via RPC
>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
>> Last attempt @ Thu May 8 14:52:00 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 999198 consecutive failure(s).
>> Last success @ Tue Feb 11 10:00:39 2014 CET
>>
>> CN=Configuration,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
>> Last attempt @ Thu May 8 14:52:00 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 994163 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
>> Last attempt @ Thu May 8 14:52:00 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 952835 consecutive failure(s).
>> Last success @ Sat Feb 15 12:56:42 2014 CET
>>
>> CN=Configuration,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc01 via RPC
>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc03 via RPC
>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=DomainDnsZones,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
>> Last attempt @ Thu May 8 14:51:58 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 1009552 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=DomainDnsZones,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
>> Last attempt @ Thu May 8 14:51:58 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 1010074 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=DomainDnsZones,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
>> Last attempt @ Thu May 8 14:51:59 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 958577 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=DomainDnsZones,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc01 via RPC
>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=DomainDnsZones,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc03 via RPC
>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
>> Last attempt @ Thu May 8 14:52:00 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 975813 consecutive failure(s).
>> Last success @ Tue Feb 11 10:00:39 2014 CET
>>
>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
>> Last attempt @ Thu May 8 14:52:00 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 955526 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>> NTDS DN: CN=NTDS
>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
>> Last attempt @ Thu May 8 14:52:01 2014 CEST failed,
>> result 2 (WERR_BADFILE)
>> 892435 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc03 via RPC
>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>> Standardname-des-ersten-Standorts\dc01 via RPC
>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> ==== KCC CONNECTION OBJECTS ====
>>
>> Connection --
>> Connection name: 7027ea76-3617-488d-90f6-93f73de15c79
>> Enabled : TRUE
>> Server DNS name : dc01.samdom.loc
>> Server DN name : CN=NTDS
>> Settings,CN=dc01,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> TransportType: RPC
>> options: 0x00000001
>> Warning: No NC replicated for Connection!
>> Connection --
>> Connection name: dc03
>> Enabled : TRUE
>> Server DNS name : dc03.samdom.loc
>> Server DN name : CN=NTDS
>> Settings,CN=dc03,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>> TransportType: RPC
>> options: 0x00000000
>> Warning: No NC replicated for Connection!
>>
>>
>> The \0ADEL: entries are the remains of the initial failed join of dc03.
>> I searched the net for a solution to get rid of those entries but did
>> not find any useful information. My next idea was to also demote dc02.
>> Unfortunately after demoting dc02 those \0ADEL: entries showed up on
>> dc01, but only for dc02. I took VM snapshots before demoting dc02 so
>> could easily switch back.
>>
>> Does anyone have an idea how to resolve this issue ?
>>
>> Thank you very much for your kind help
>>
>> best regards
>>
>> Andreas
>>
> Hi all,
>
> by the way Samba version is: Version 4.2.0pre1-GIT-d7c22d5
>
> Thanks
>
> best regards
>
> Andreas
>
--
-James
More information about the samba-technical
mailing list