[Samba] Samba fsmo/demote/unjoin trouble after crash

Giedrius giedrius+samba at su.lt
Wed May 15 01:09:20 MDT 2013 

2013.05.14 18:48, Denis Cardon rašė:
> Hi Giedrius,
> 
>>      i've got initial setup on DC1 (4.0.1)... all working good and
>> flawless
>>      Added additional geographically distributed controllers (DC2, DC3,
>> DC4,DC5) with 4.0.5 - no problem.
>>      All PC's can connect to their own site/DC
>>
>>      Transferred all FSMO's to DC2  - transferred successfully (with
>> seize "error" bug)
>>      DC1 crashed badly....  during maintenance, SAMBA was updated to
>> 4.0.5, data restored from backup.
>>
>>      Now, the problem is:
>>          1) DC1 sees itself as owner of all FSMO's, although DC[2,3,4,5]
>> sees DC2 as owner of FSMO's
>>          3) DC1 is missing some users (created between backup and crash),
>> wbinfo for these users return E_DOMAIN_NOT_FOUND
>>          4) Got "decrypt integrity check failed"  errors, fixed with
>> chtdcpass, witch not results to "Failed to find HOST$#DOMAIN(kvno)"
>> (client reboot seems to fix this)
>>          4) any attempt to replicate missing information from DC2/DC3 to
>> DC1  (samba-tool drs replicate) results in errors after it (cannot find
>> own NTDS)
>>          5) impossible to demote / unjoin server and provision from
>> scratch - some DRS errors
>>
>>      Question is:
>>          how can i change FSMO owner (ldbedit ?) on DC1 to be DC2 and
>> then:
>>               a) replicate missing users (and computer trust accounts)
>> to DC1
>>               b) force removing DC1 from domain for good ( reinstall from
>> scratch )
>>
>>      Domain as a whole recreation from scratch is sadly *not* an
>> option :(
> 
> On https://wiki.samba.org/index.php/Backup_and_Recovery#General it is
> clearly stated that you shouldn't restore a DC from backup in a multi DC
> environment.
Ok, my bad.

> 
> Others DC have evolved since you backed up your data, and you cannot
> have synchronisation with the other DCs. It is not a Samba problem, but
> it is by design because the multi master replication between DCs.
> 
> You should just re-install samba4 4.0.5 on your DC1 server, and then
> join it to the domain as a DC, it will synchronise and all will be back
> to normal.
> 
But how do i force remove the old server from domain ? (Windows tools
and samba's net unjoin failed)

> Cheers,
> 
> Denis
> 
> 
> 
>>
> 
>

More information about the samba mailing list