[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET

Marc Muehlfeld mmuehlfeld at samba.org
Wed Aug 20 13:46:56 MDT 2014


Am 20.08.2014 12:32, schrieb Chan Min Wai:
> I'm not too sure what to do now to fix that.
> 1. Should I restoree DC1 since DC2 is already offline.

What size is your domain? On a small installation it's sometimes worth
starting from scratch instead of trying to fix the databases and
overlook something that gets later worse.

You have currently only DC1 online, but it's broken. And DC2 is also
broken and offline. Right? So if it's already in that worse state, you
can try the following:

Setup a separated test environment. Restore the snapshots of both DCs.
Check if the replicate. Run

# samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix

on both hosts. And then try to demote DC2.

Which of the two hosts had which FSMO role? If they were all on DC1,
then you should be able to demote DC2. At least bug #10734 seems only to
happen if the host, that should be demoted, had roles before.

> 2. Can we do any backup the DC in any other way?

What I do in production is to run the backup script (a modified version)
on all DCs. Even if you must not restore a single DC, if others are
still working, this may be some day a help, if the total desaster
happens :-)

> 3. Do we have a way to backup Dc user and group or the updated computer
> password :)

The user/group stuff you can export via ldap (at least the most
attributes). And you can write a script that creates the users via
samba-tool again. But you can't restore the SID on this way. Also you
don't get the passwords out of your DC.

> 4. If I join another AD DC and replicate it and also demote DC1 (Can we do
> that as I see the bugs report) would DC2 now be better???

I didn't understand that.


More information about the samba mailing list