Error 8418: The replication operation failed because of a schema mismatch between the servers involved

Andrew Bartlett abartlet at samba.org
Thu Mar 31 07:18:24 UTC 2016 

On Tue, 2016-03-29 at 16:06 +0000, Sinelnikov Evgeniy wrote:
> Hello,
> 
> I found solution for this problem.
> 
> I it is not due DCERPC interconnection, like I think (
> https://bugzilla.samba.org/show_bug.cgi?id=11758).
> But it is really due wrong attid in DsGetNCChanges response from
> Samba.
> To localize this problem I logged all DCERPC packets into files (see
> DEBUG patches).
> 
> At next step I filtered all replicated objects expected one only. And
> found that is User or Computer with additional linked attributes from
> Microsoft Exchange extension like homeMDB, for example.
> 
> I got as result two GetNCChanges responses from Samba DC and Windows
> DC and compare them.
> ...
>                                          guid                     :
> eb8f5dd6-417a-45ec-8d9d-c52a60285aaf
> -                                        sid                      : S
> -1-5-21-8659820-343394492-589173015-1126
> -                                        __ndr_size_dn            :
> 0x00000024 (36)
> -                                        dn                       :
> 'CN=User11,CN=Users,DC=company3,DC=dd'
> -                                attid                    :
> UNKNOWN_ENUM_VALUE (0x200F4)
> +                                        sid                      : S
> -0-0
> +                                        __ndr_size_dn            :
> 0x00000000 (0)
> +                                        dn                       :
> ''
> +                                attid                    :
> UNKNOWN_ENUM_VALUE (0x88EC88B7)
>                                  value: struct
> drsuapi_DsAttributeValue
> ...
> 
> At next part I found simple solution, which works for me.
> 
> --- a/source4/rpc_server/drsuapi/getncchanges.c
> +++ b/source4/rpc_server/drsuapi/getncchanges.c
> @@ -477,7 +477,7 @@ static WERROR get_nc_changes_add_la(TALLOC_CTX
> *mem_ctx,
>                         return WERR_OK;
>                 }
>         }
> -       la->attid = sa->attributeID_id;
> +       la->attid = sa->msDS_IntId == 0 ? sa->attributeID_id : sa
> ->msDS_IntId;
>         la->flags = active?DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE:0;
>  
>         status = dsdb_get_extended_dn_uint32(dsdb_dn->dn, &la
> ->meta_data.version, "RMD_VERSION");
> 
> 
> Please, review my patch for rpc_server/drsuapi.

Thanks so much for isolating it down.  Please re-work it to use 

dsdb_attribute_get_attid(sa, is_schema_nc);

And re-submit as a git commit using 'git format-patch -1 -s'

Then, finally, we need a test, if at all possible.  I'm about to write
one for normal attributes from custom schema, inspecting
replPropertMetaData.  We need to work out if we can do the same for
this.

Thanks!

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list