[Samba] Replication issue

dahopkins at comcast.net dahopkins at comcast.net
Mon Aug 26 19:37:19 MDT 2013 

I have a server that is not replicating correctly, but passes all the tests listed here: https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

In particular running 

# host -t CNAME 976c9c86-288d-483e-baec-7043a9c4a6cd._msdcs.ncs.k12.de.us
976c9c86-288d-483e-baec-7043a9c4a6cd._msdcs.ncs.k12.de.us is an alias for ncssamba2.ncs.k12.de.us.

returns correct information on all DCs.

However, the command samba-tool drs showrepl shows that for the above server, replication fails when run on ncssamba1.

e.g. 

CN=Schema,CN=Configuration,DC=ncs,DC=k12,DC=de,DC=us
        Default-First-Site-Name\NCSSAMBA2 via RPC
                DSA object GUID: 976c9c86-288d-483e-baec-7043a9c4a6cd
                Last attempt @ Mon Aug 26 21:23:29 2013 EDT failed, result 87 (WERR_INVALID_PARAM)
                386 consecutive failure(s).
                Last success @ NTTIME(0)


but running the same command on ncssamba2 (the server in question)

CN=Schema,CN=Configuration,DC=ncs,DC=k12,DC=de,DC=us
        Default-First-Site-Name\NCSSAMBA1 via RPC
                DSA object GUID: 0bd99af6-a59f-4143-a56d-dae3dd6c2fd5
                Last attempt @ Mon Aug 26 21:05:11 2013 EDT was successful
                0 consecutive failure(s).
                Last success @ Mon Aug 26 21:05:11 2013 EDT

So, ncssamba2 can initiate replication with ncssamba 1 and succeeds, but ncssamba1 cannot initiate replication with ncssamba2?  

Decided to try and demote the server: 

# samba-tool domain demote -UAdministrator
Using ncssamba1.ncs.k12.de.us as partner server for the demotion
Password for [NEWARKCHARTER\Administrator]:
Desactivating inbound replication
Asking partner server ncssamba1.ncs.k12.de.us to synchronize from us
Error while demoting, re-enabling inbound replication
ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a DsReplicaSync for partion CN=Schema,CN=Configuration,DC=ncs,DC=k12,DC=de,DC=us - drsException: DsReplicaSync failed (87, 'WERR_INVALID_PARAM')
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 647, in run
    sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part), drsuapi.DRSUAPI_DRS_WRIT_REP)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)

I also tried deleting through ADUC which does not work either.  I get the error about an invalid module. I've searched the mailing and haven't found an answer.

How can I fix this? I need to either get replication working for all servers with this server, or delete this server from the domain and start over.   

Sincerely,
Dave Hopkins

More information about the samba mailing list