Failed to prepare commit of transaction: DRS linked attribute for GUID

Andrej Gessel andrej.gessel at janztec.com
Thu Feb 8 16:17:07 UTC 2018 

Hello Tim,

sorry, I found my problem. I tried to backport you changes to 4.7.4, but 
it doesn't work well.
Then I tried Version 4.8.0rc2 and after "..drs replicate --full-sync" 
call error was still there.

After i read your mail, i start with Version 4.8.0rc2 again and after 
multiple runs of "..drs replicate --full-sync"
my RODC was synced.

Will these changes(missing parent/missing target) be backported to Samba 
4.7?


Andrej


Am 06.02.2018 um 22:48 schrieb Tim Beale:
> Hi Andrej,
>
> OK, that's unfortunate that Samba 4.8 doesn't help.
>
>  From memory, I think the patches I added take effect slightly earlier,
> before the prepare_commit, i.e. the intention is to detect the problem
> in the following call-chain:
>
> dsdb_replicated_objects_commit --> replmd_extended -->
> replmd_extended_replicated_objects --> replmd_replicated_apply_next -->
> replmd_store_linked_attributes --> replmd_verify_linked_attribute -->
> replmd_extract_la_entry_details. (This should return
> WERR_DS_DRA_MISSING_PARENT and retry with GET_ANC)
>
> So when the DC first receives the replication chunk, it should call
> replmd_extract_la_entry_details() and look-up the source GUID before
> continuing with the rest of the replication. So it's strange that it's
> failing to find the source GUID later on in the prepare_commit. I'm not
> really sure how this would happen. Is there any more debug you could
> provide?
>
> Cheers,
> Tim
>
>
> On 07/02/18 03:07, Andrej Gessel via samba-technical wrote:
>> Hello Tim,
>>
>> I looked a bit deeper into this and you patch do not help here.
>> We have following call tree:
>>
>> ldb_transaction_prepare -> replmd_prepare_commit ->
>> replmd_process_linked_attribute -> replmd_extract_la_entry_details
>>
>> last function returns LDB_ERR_NO_SUCH_OBJECT, this error will be
>> returned to caller (ldb_transaction_prepare), so the status
>> WERR_DS_DRA_MISSING_PARENT will not be set and request will not be
>> repeated with GET_ANC.
>>
>> The problem still exists in Samba 4.8.0rc2.
>>
>> samba-tool drs replicate with --local and with --full-sync ends up
>> with the same error.
>>
>>
>> Andrej
>>
>>
>> Am 05.09.2017 um 00:11 schrieb Tim Beale via samba-technical:
>>> Hi,
>>>
>>> We've seen this problem before when inter-operating with Microsoft. See:
>>> https://lists.samba.org/archive/samba/2017-June/209020.html
>>>
>>> The patch that should fix this has been delivered to master. However,
>>> unless we backport the related patches, it won't be in a Samba release
>>> until 4.8.
>>> https://git.samba.org/?p=samba.git;a=commit;h=f87332eb35638cc38f83c580d4623ab978088601
>>>
>>>
>>> In the meantime you could try running 'samba-tool drs replicate
>>> --local'. This should set the GET_ANC flag in the request, which should
>>> hopefully avoid this problem.
>>>
>>> However, note that when inter-operating between Windows and Samba you
>>> could still potentially get cases where replication succeeds, but linked
>>> attributes are dropped (because Samba doesn't know how about the target
>>> object yet). This should be fixed now in the latest master branch.
>>>
>>> Cheers,
>>> Tim
>>>
>>> On 04/09/17 23:45, denis.shigapov via samba-technical wrote:
>>>> There is a domain controller on windows 2008R2, DC samba Version 4.6.5
>>>> is connected to it. After renaming the user to make mistakes:
>>>>
>>>> [2017/09/04 10:04:54.528818,  2]
>>>> ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271(replmd_process_
>>>> linked_attribute)
>>>>     ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271: WARNING:
>>>> Failed to re-resolve GUID f5d7a9b2-981c-49c9-a262-f3ca4c90272a - using
>>>> CN=Пользовтаель Пользоватеть,OU=Users Shop M,DC=euro,DC=ru
>>>> [2017/09/04 10:04:54.547960,  2]
>>>> ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271(replmd_process_
>>>> linked_attribute)
>>>>     ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271: WARNING:
>>>> Failed to re-resolve GUID bf04e179-4c7c-4cf9-b7a3-d37b287b1f3e - using
>>>> CN=Пользоватеть2 Пользователь2,OU=продажи,OU=магазин,OU=Users
>>>> Office,DC=euro,DC=ru
>>>> [2017/09/04 10:04:54.615598,  2]
>>>> ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271(replmd_process_
>>>> linked_attribute)
>>>>     ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:6271: WARNING:
>>>> Failed to re-resolve GUID bf04e179-4c7c-4cf9-b7a3-d37b287b1f3e - using
>>>> CN=Пользоватеть2 Пользователь2,OU=продажи,OU=магазин,OU=Users
>>>> Office,DC=euro,DC=ru
>>>> [2017/09/04 10:04:54.622398,  0]
>>>> ../source4/dsdb/repl/replicated_objects.c:933(dsdb_replicated_objects_c
>>>> ommit)
>>>>     ../source4/dsdb/repl/replicated_objects.c:933 Failed to prepare
>>>> commit of transaction: DRS linked attribute for GUID bf04e179-4c7c-
>>>> 4cf9-b7a3-d37b287b1f3e - DN not found
>>>> [2017/09/04 10:04:54.629436,  0]
>>>> ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_source_ap
>>>> ply_changes_trigger)
>>>>     Failed to commit objects:
>>>> WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>>>>
>>>>
>>>>
>>>> I tried to start synchronization and got:
>>>>
>>>> samba-tool drs replicate srv-m-dc.euro.ru srv-o.euro.ru OU=Users\ Shop\
>>>> M,DC=euro,DC=ru
>>>> ERROR(<class 'samba.drs_utils.drsException'>):
>>>> DsReplicaSync failed - drsException: DsReplicaSync failed (8440,
>>>> 'WERR_DS_DRA_BAD_NC')
>>>>     File "/usr/lib64/python2.7/site-
>>>> packages/samba/netcmd/drs.py", line 368, in run
>>>>      drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>>>> source_dsa_guid, NC, req_options)
>>>>     File "/usr/lib64/python2.7/site-
>>>> packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
>>>>       raise
>>>> drsException("DsReplicaSync failed %s" % estr)
>>>>
>>

More information about the samba-technical mailing list