[Samba] Four DCs, No Replication [Fixed] - but logon scripts do not run

[Adam Tauno Williams]

On Tue, 2014-08-12 at 16:02 -0400, Adam Tauno Williams wrote: 
> On Tue, 2014-08-12 at 15:08 -0400, Adam Tauno Williams wrote: 
> > I added three DCs to a single DC Samba4 AD domain.
> > They initially replicated and came up - but replication does not appear
> > to be ongoing.  A change made to a user via MMC connected to one DC does
> > not appear on another DC.
> > It the logs I see bursts of the following message:
> > [2014/08/12 15:08:08.026270,
> > 0] ../source4/librpc/rpc/dcerpc_util.c:660(dcerpc_pipe_auth_recv)
> >   Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
> > e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:3a74ac28-1613-471f-ac3d-1b8932eeb167._msdcs.example.com[1024,seal,krb5] NT_STATUS_INVALID_PARAMETER
> > Could these be the cause to the lack of replication?  I've search about
> > and cannot ping down a meaning for this message.
> So I have tried to demote one of the new DCs, as it is not actually
> working.  Only I cannot demote -

I debuged and traced and found that one of the DCs had duplicate
servivePrinicpalName attributes from another DC.   With ADSIEdit I
removed the duplicates and immediately replication started working.  I
can make a change to a user object on any DC and see that change by
performing an LDAP query to any of the other DCs.  Yes!

Now the only issue I have is that user logon scripts do not run.

\\DC\netlogon is accessible.... logon scripts do appear to run for XP,
but not for windows 7.  The logon script is set in the user's AD object.
If I navigate to \\DC\netlogon and run the script manually it works;  it
simply does not run when the user logs on.


-- 
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA