Error 8418: The replication operation failed because of a schema mismatch between the servers involved

Sinelnikov Evgeniy Sinelnikov.E at digdes.com
Mon Feb 15 13:31:45 UTC 2016 

Hello,

> -----Original Message-----
> From: samba-technical [mailto:samba-technical-bounces at lists.samba.org]
> On Behalf Of Matthieu Patou
> Sent: Monday, February 15, 2016 9:57 AM
> To: Stefan Metzmacher <metze at samba.org>; samba-
> technical at lists.samba.org
> Subject: Re: Error 8418: The replication operation failed because of a schema
> mismatch between the servers involved
> 
> On 02/13/2016 12:21 AM, Stefan Metzmacher wrote:
> > Hi Matthieu,
> >
> >>> Main strange in decrypted response is:
> >>> attid: UNKNOWN_ENUM_VALUE (0x200F4)
> >> My script showattid for a 2010 exchange schema seems to indicate that
> >> it's homeMDB attribute:
> >>
> >> scripts/showattid.py -s ~/workspace/samba/exchange2010/etc/smb.conf
> >> 0x200F4 Unknown parameter encountered: "dns recursive queries"
> >> Ignoring unknown parameter "dns recursive queries"
> >> CN=MSMQ-NT4-
> FLAGS,CN=SCHEMA,CN=CONFIGURATION,DC=EXCHANGE,DC=HOME,DC=M
> >> ATWS,DC=NET
> >>
> >> 1.2.840.113556.1.2.244
> >> Attid 0x200F4(131316) is attribute homeMDB
> >>
> >> Can you check the definition of this attribute in the schema NC for
> >> Windows and Samba DC ?
> > Does this have the msDS-IntID attribute set?
> Yes:
> dn:
> CN=ms-Exch-Home-
> MDB,CN=Schema,CN=Configuration,DC=exchange,DC=home,DC=matws,DC
> =net
> cn: ms-Exch-Home-MDB
> attributeID: 1.2.840.113556.1.2.244
> msDS-IntId: -2096876625
> 

In my example:
[root at dc02 samba.git]# ldbsearch --paged -S -k yes -H ldap://dc02.company3.dd -b CN=ms-Exch-Home-MDB,CN=Schema,CN=Configuration,DC=company3,DC=dd '(objectclass=*)'
# record 1
dn: CN=ms-Exch-Home-MDB,CN=Schema,CN=Configuration,DC=company3,DC=dd
adminDescription: ms-Exch-Home-MDB
adminDisplayName: ms-Exch-Home-MDB
attributeID: 1.2.840.113556.1.2.244
attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050
attributeSyntax: 2.5.5.1
cn: ms-Exch-Home-MDB
distinguishedName: CN=ms-Exch-Home-MDB,CN=Schema,CN=Configuration,DC=company3,
 DC=dd
instanceType: 4
isMemberOfPartialAttributeSet: TRUE
isSingleValued: TRUE
lDAPDisplayName: homeMDB
linkID: 32
mAPIID: 32774
msDS-IntId: -1997764425
name: ms-Exch-Home-MDB
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=company3,DC=
 dd
objectClass: top
objectClass: attributeSchema
objectGUID: 27b5c5c4-1d78-459c-8ec9-fb67fcc5ca14
oMObjectClass:: KwwCh3McAIVK
oMSyntax: 127
schemaIDGUID: bf967987-0de6-11d0-a285-00aa003049e2
searchFlags: 0
showInAdvancedViewOnly: TRUE
uSNChanged: 1843
uSNCreated: 1843
whenChanged: 20160127130947.0Z
whenCreated: 20160127130818.0Z

# returned 1 records
# 1 entries
# 0 referrals


> >
> > If so it could be related to Andrew's fixes here:
> > http://git.catalyst.net.nz/gw?p=samba.git;a=commitdiff;h=8007f1df75cfb
> > cc44815a368f661317d8dbc0f3e
> > http://git.catalyst.net.nz/gw?p=samba.git;a=commitdiff;h=5ae622c076c56
> > f7adaf8eeed0cfdaf657cb91beb
> > in
> > http://git.catalyst.net.nz/gw?p=samba.git;a=shortlog;h=refs/heads/repl
> > MetaData-attid
> >
> > An older version is available here:
> > https://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=ef3a56
> > 5a47d2dbc07208ca5239d83d367eb133b2
> > https://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=9fc9a3
> > 123101977435b90d6778c7033c5d907d99
> > in
> > https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/hea
> > ds/replMetaData-attid
> I think it's worth a try, obviously it should be tested on some non critical
> environment to avoid any suprises !

Applied it with git cherry-pick to samba-4.3.4 at the same environment.
Got the same result.

Right after join DC:
[root at dc02 ~]# samba-tool drs replicate dc01 dc02 cn=Schema,cn=Configuration,dc=company3,dc=dd
Start replicating for source GUID fb318022-840a-4ffb-ba48-3e548aee50b5.
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (8452, 'WERR_DS_DRA_NO_REPLICA')
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line 349, in run
    drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, source_dsa_guid, NC, req_options)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)

Got only:
[2016/02/15 13:05:00.365816,  0] ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:1013(replmd_add)
  ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:1013: replmd_add CN=367b8c43-9a7b-435e-ac81-bbc2738d7d3f,CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=company3,DC=dd (module CN=Schema,CN=Configuration,DC=company3,DC=dd) (is_nc=0)

With additional debug output:
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 989c8d7..0685a64 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -1010,6 +1010,8 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)

        is_schema_nc = ldb_dn_compare_base(replmd_private->schema_dn, msg->dn) == 0;

+       DEBUG(0,(__location__ ": replmd_add %s (module %s) (is_nc=%d)\n", ldb_dn_get_linearized(msg->dn), ldb_dn_get_linearized(replmd_private->schema_dn), is_schema_nc));
+
        for (i=0; i < msg->num_elements; i++) {
                struct ldb_message_element *e = &msg->elements[i];
                struct replPropertyMetaData1 *m = &nmd.ctr.ctr1.array[ni];

And got main error after time:
[root at dc02 dsdb]# samba-tool drs replicate dc01 dc02 dc=company3,dc=dd
Start replicating for source GUID fb318022-840a-4ffb-ba48-3e548aee50b5.
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH')
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line 349, in run
    drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, source_dsa_guid, NC, req_options)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)

Attach log.samba file for this running.


> > See
> > https://lists.samba.org/archive/samba-technical/2016-January/thread.ht
> > ml#111361
> > for the discussion.
> I'll have a closer look

I'll continue to deal with "incorrect msDS-IntID handling" as next step.


> >
> > Checking the prefixMap attribute is good, but note that this is not a
> > replicated attribute and the content may not have the same format on
> > Windows vs. Samba.
> Yes I agree, still despite a different representation we should insure that we
> have the same data.
> > It would be interesting to see the struct drsuapi_DsGetNCChanges
> > messages in the other direction too, where we replicate from Windows.
> > We need to compare the drsuapi_DsReplicaOIDMapping_Ctr arrays.
> Would be much easier if my PIDL patches were accepted at the moment
> where I was active at doing them :-)

Replication packets from Samba and to Samba are not the same.
But I tried to get it:
* https://goo.gl/bpTMKv (Error of replication WindowsDC from SambaDC)
* https://goo.gl/nVDth9 (Success of replication SambaDC from WindowsDC)

Is it suitable?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.samba
Type: application/octet-stream
Size: 50659 bytes
Desc: log.samba
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160215/b8858d04/log-0001.obj>

More information about the samba-technical mailing list