[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET

Rowland Penny rowlandpenny at googlemail.com
Wed Aug 20 13:59:42 MDT 2014


On 20/08/14 20:46, Marc Muehlfeld wrote:
> Hello,
>
> Am 20.08.2014 12:32, schrieb Chan Min Wai:
>> I'm not too sure what to do now to fix that.
>>
>> 1. Should I restoree DC1 since DC2 is already offline.
> What size is your domain? On a small installation it's sometimes worth
> starting from scratch instead of trying to fix the databases and
> overlook something that gets later worse.
>
>
> You have currently only DC1 online, but it's broken. And DC2 is also
> broken and offline. Right? So if it's already in that worse state, you
> can try the following:
>
> Setup a separated test environment. Restore the snapshots of both DCs.
> Check if the replicate. Run
>
> # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
>
> on both hosts. And then try to demote DC2.
>
> Which of the two hosts had which FSMO role? If they were all on DC1,
> then you should be able to demote DC2. At least bug #10734 seems only to
> happen if the host, that should be demoted, had roles before.
>
>
>
>
>> 2. Can we do any backup the DC in any other way?
> What I do in production is to run the backup script (a modified version)
> on all DCs. Even if you must not restore a single DC, if others are
> still working, this may be some day a help, if the total desaster
> happens :-)
>
>
>
>
>> 3. Do we have a way to backup Dc user and group or the updated computer
>> password :)
> The user/group stuff you can export via ldap (at least the most
> attributes). And you can write a script that creates the users via
> samba-tool again. But you can't restore the SID on this way.
Hi, are you sure about the SID ? I have never used it, but 'samba-tool 
domain provision --help' shows this:

--domain-sid=SID      set domainsid (otherwise random)

Rowland

>   Also you
> don't get the passwords out of your DC.
>
>
>
>
>> 4. If I join another AD DC and replicate it and also demote DC1 (Can we do
>> that as I see the bugs report) would DC2 now be better???
> I didn't understand that.
>
>
>
> Regards,
> Marc



More information about the samba mailing list