[Samba] 8418 WERR_DS_DRA_SCHEMA_MISMATCH + Exchange 2013

danny d.wijsman at stokvis.eu
Mon Aug 4 06:55:28 MDT 2014 

Hello,

I'm testing a Samba 4.1.10 ADC in a 2008 R2 level environment. I 
successfully setup a Win 2008R2 & Samba 4.1.10-sernet controller. But 
after adding Exchange 2013 things stopped working.
I removed the Samba DC from AD, removed all leftovers in AD and re-added 
it as DC. Adding Samba as DC goes ok, no errors.
But running repadmin /showreps gives me a 8418 error complaining about 
schema mismatches.

---
C:\Users\Administrator>repadmin /showreps
Default-First-Site-Name\TEST-WINAD1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 8874e035-2e6e-48bb-a515-5a73c35d7fd4
DSA invocationID: 8874e035-2e6e-48bb-a515-5a73c35d7fd4

==== INBOUND NEIGHBORS ======================================

DC=stokvis-test,DC=eu
     Default-First-Site-Name\LINTEST-AD via RPC
         DSA object GUID: 907e34b2-5f49-4d4d-a520-1daade54cb29
         Last attempt @ 2014-08-04 14:02:32 was delayed for a normal 
reason, result 8418 (0x20e2):
     The replication operation failed because of a schema mismatch 
between the servers involved.
         Last success @ (never).

CN=Configuration,DC=stokvis-test,DC=eu
     Default-First-Site-Name\LINTEST-AD via RPC
         DSA object GUID: 907e34b2-5f49-4d4d-a520-1daade54cb29
         Last attempt @ 2014-08-04 14:09:10 was delayed for a normal 
reason, result 8418 (0x20e2):
     The replication operation failed because of a schema mismatch 
between the servers involved.
         Last success @ (never).

CN=Schema,CN=Configuration,DC=stokvis-test,DC=eu
     Default-First-Site-Name\LINTEST-AD via RPC
         DSA object GUID: 907e34b2-5f49-4d4d-a520-1daade54cb29
         Last attempt @ 2014-08-04 14:09:10 was successful.
---

Strangely enough running samba-tool drs showrepl doesn't print any 
warning, and shows domain and configuration sync without any error. But 
when I run samba-tool drs replicate from the linux box to the windows DC 
it also complains about WERR_DS_DRA_SCHEMA_MISMATCH.

---
root at lintest-ad:/etc/samba# samba-tool ldapcmp ldap://172.18.18.1 
ldap://172.18.18.3 configuration

* Comparing [CONFIGURATION] context...

* Objects to be compared: 2490

Comparing:
'CN=Configuration,DC=stokvis-test,DC=eu' [ldap://172.18.18.1]
'CN=Configuration,DC=stokvis-test,DC=eu' [ldap://172.18.18.3]
     Attributes found only in ldap://172.18.18.1:
         subRefs
         msDS-NcType
     FAILED

* Result for [CONFIGURATION]: FAILURE

SUMMARY
---------

Attributes found only in ldap://172.18.18.1:

     msDS-NcType
     subRefs
ERROR: Compare failed: -1
---

A quick compare on the 2 values within the configuration partition:
test-winad1: msDS-NcType = 0
subRefs = CN=schema,CN=configuration,DC=stokvis-test,DC=eu

lintest-ad: msDS-NcType = <not set>
subRefs = <not set>

Does anyone know if Exchange 2013 should be working in a Samba 4.1.x + 
Win08R2 setup? If yes, how does there ldapcmp should be interpreted? 
Like to which container is this error related, do all these attributes 
has be synced or not? Or is the problem & solution to be found somewhere 
else?

Regards,
Danny

More information about the samba mailing list