Error demoting active DC
bogdan_bartos
admin at blackpenguin.org
Sat Oct 31 17:43:24 UTC 2015
Basically I have 2 DCs - FILESERVER (holds the FSMO roles) and backupdc. I am
trying to demote backupdc and I am encountering errors. I do not know why it
is not possible to demote it. All the commands bellow are issued on the
backupdc. Any suggestions? I have the same issue on a similar setup with 2
other DCs... Same errors. I am running samba 4.3.1 on fedora 22 x64.
[root at backupdc ~]# host -t A BACKUPDC.specified.ca
backupdc.specified.ca has address 192.168.100.242
[root at backupdc ~]# host -t A FILESERVER.specified.ca
FILESERVER.specified.ca has address 192.168.100.253
FILESERVER.specified.ca has address 192.168.100.242
[root at backupdc bin]# ./samba-tool drs showrepl
Default-First-Site-Name\BACKUPDC
DSA Options: 0x00000001
DSA object GUID: 017ef46f-0816-45b2-ad23-1f0c2402eed0
DSA invocationId: 32ca2181-3f66-4ba1-b2e5-d8145ee917a4
==== INBOUND NEIGHBORS ====
CN=Configuration,DC=fileserver,DC=specified,DC=ca
Default-First-Site-Name\FILESERVER via RPC
DSA object GUID: 421159ba-6d2a-4300-84f3-3a342df42710
Last attempt @ Sat Oct 31 11:47:50 2015 MDT was successful
0 consecutive failure(s).
Last success @ Sat Oct 31 11:47:50 2015 MDT
DC=ForestDnsZones,DC=fileserver,DC=specified,DC=ca
Default-First-Site-Name\FILESERVER via RPC
DSA object GUID: 421159ba-6d2a-4300-84f3-3a342df42710
Last attempt @ Sat Oct 31 11:47:50 2015 MDT was successful
0 consecutive failure(s).
Last success @ Sat Oct 31 11:47:50 2015 MDT
DC=fileserver,DC=specified,DC=ca
Default-First-Site-Name\FILESERVER via RPC
DSA object GUID: 421159ba-6d2a-4300-84f3-3a342df42710
Last attempt @ Sat Oct 31 11:47:50 2015 MDT was successful
0 consecutive failure(s).
Last success @ Sat Oct 31 11:47:50 2015 MDT
DC=DomainDnsZones,DC=fileserver,DC=specified,DC=ca
Default-First-Site-Name\FILESERVER via RPC
DSA object GUID: 421159ba-6d2a-4300-84f3-3a342df42710
Last attempt @ Sat Oct 31 11:47:50 2015 MDT was successful
0 consecutive failure(s).
Last success @ Sat Oct 31 11:47:50 2015 MDT
CN=Schema,CN=Configuration,DC=fileserver,DC=specified,DC=ca
Default-First-Site-Name\FILESERVER via RPC
DSA object GUID: 421159ba-6d2a-4300-84f3-3a342df42710
Last attempt @ Sat Oct 31 11:47:51 2015 MDT was successful
0 consecutive failure(s).
Last success @ Sat Oct 31 11:47:51 2015 MDT
==== OUTBOUND NEIGHBORS ====
CN=Configuration,DC=fileserver,DC=specified,DC=ca
Default-First-Site-Name\FILESERVER via RPC
DSA object GUID: 421159ba-6d2a-4300-84f3-3a342df42710
Last attempt @ Sat Oct 31 11:47:15 2015 MDT was successful
0 consecutive failure(s).
Last success @ Sat Oct 31 11:47:15 2015 MDT
DC=ForestDnsZones,DC=fileserver,DC=specified,DC=ca
Default-First-Site-Name\FILESERVER via RPC
DSA object GUID: 421159ba-6d2a-4300-84f3-3a342df42710
Last attempt @ Sat Oct 31 11:07:40 2015 MDT was successful
0 consecutive failure(s).
Last success @ Sat Oct 31 11:07:40 2015 MDT
DC=fileserver,DC=specified,DC=ca
Default-First-Site-Name\FILESERVER via RPC
DSA object GUID: 421159ba-6d2a-4300-84f3-3a342df42710
Last attempt @ Sat Oct 31 11:07:40 2015 MDT was successful
0 consecutive failure(s).
Last success @ Sat Oct 31 11:07:40 2015 MDT
DC=DomainDnsZones,DC=fileserver,DC=specified,DC=ca
Default-First-Site-Name\FILESERVER via RPC
DSA object GUID: 421159ba-6d2a-4300-84f3-3a342df42710
Last attempt @ Sat Oct 31 11:46:20 2015 MDT was successful
0 consecutive failure(s).
Last success @ Sat Oct 31 11:46:20 2015 MDT
CN=Schema,CN=Configuration,DC=fileserver,DC=specified,DC=ca
Default-First-Site-Name\FILESERVER via RPC
DSA object GUID: 421159ba-6d2a-4300-84f3-3a342df42710
Last attempt @ Sat Oct 31 11:07:41 2015 MDT was successful
0 consecutive failure(s).
Last success @ Sat Oct 31 11:07:41 2015 MDT
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 7ab4e3b9-3d81-40dc-8e95-fdfc545f67c1
Enabled : TRUE
Server DNS name : fileserver.fileserver.specified.ca
Server DN name : CN=NTDS
Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fileserver,DC=specified,DC=ca
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[root at backupdc bin]# host -t A backupdc.fileserver.specified.ca localhost
Using domain server:
Name: localhost
Address: ::1#53
Aliases:
backupdc.fileserver.specified.ca has address 192.168.100.242
[root at backupdc bin]# ./samba-tool domain demote -Uadministrator
Using fileserver.fileserver.specified.ca as partner server for the demotion
Password for [STSDNET\administrator]:
Deactivating inbound replication
Asking partner server fileserver.fileserver.specified.ca to synchronize from
us
Error while demoting, re-enabling inbound replication
ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a
DsReplicaSync for partion
CN=Schema,CN=Configuration,DC=fileserver,DC=specified,DC=ca - drsException:
DsReplicaSync failed (2, 'WERR_BADFILE')
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 720, in run
sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part),
drsuapi.DRSUAPI_DRS_WRIT_REP)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py",
line 83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
--
View this message in context: http://samba.2283325.n4.nabble.com/Error-demoting-active-DC-tp4693725.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.
More information about the samba-technical
mailing list