[Samba] DomainDnsZone Replication Shows 200,000 Objects

Fri Jan 10 13:56:32 MST 2014

Am 10.01.2014 19:30, schrieb lp101:
> OK.  So things are not going as planned. Searched for deleted records 
> and it returned 391131 entries.  Changed tombstone attribute and 
> restarted Samba. Records are not being deleted and replication 
> according to showrepl has failed. This was in log.samba
>
> [2014/01/10 12:21:48.842660,  0] 
> ../source4/dns_server/dns_utils.c:282(dns_replace_records)
>   Deleting record failed; 50
> [2014/01/10 12:41:55.254616,  0] 
> ../source4/dns_server/dns_utils.c:282(dns_replace_records)
>   Deleting record failed; 50
> [2014/01/10 12:42:02.278754,  0] 
> ../source4/dns_server/dns_utils.c:282(dns_replace_records)
>   Deleting record failed; 50
> [2014/01/10 12:42:07.973631,  0] 
> ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
>   ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - 
> NT_STATUS_IO_TIMEOUT
> [2014/01/10 12:43:46.925354,  0] 
> ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
>   IRPC callback failed for DsExecuteKCC - NT_STATUS_IO_TIMEOUT
>
>     Now it appears replication is working because I can create users 
> and see them replicated on other DC's. If I switch to bind will this 
> delete these entries and allow me to join a new DC with the deleted 
> entries gone? As of now I'm unable to join any new DC's as the server 
> runs out of memory and exits to a command prompt at around 350,000 
> entries being replicated. I know see that updates are turned off.
I tried the tombstoneLifetime attribute modification on an test setup in 
my office which has two ad DC's both running on an debian wheezy vm's, 
one runs sernet 4.1.3 the other one an backported debian samba package 
version 4.0.10. The server i modified the attribute on was the one with 
sernet 4.1.3 and this one also has alle the fsmo roles. Here it did not 
take long till the deleted objects started decreasing after i restarted 
that server. Just checked both servers and they habe no replication 
errors and both show the same number of ~390 deleted records. Before one 
of my windows 7 clients alone had around 800 deleted records.
Are you shure you changed tombstoneLifetime to an small enoght value to 
cache some of your deleted records? I'd also verify that the 
tomstoneLiftime attribute replicated successfull to all your dc's.
>
> schema_fsmo_init: we are master[yes] updates allowed[no]
This means that schema updates are not allowed on that server. It's 
unrelated to Configuration changes or DNS updates.
>
> Replication appears to fail when checking samba-tool with
>
> rpc fault: WERR_EPT_S_CANT_PERFORM_OP
>
>
>
> and I see this when using
>
>
> On 1/2/2014 10:36 PM, Achim Gottinger wrote:
>> ldbsearch -H 
>> /var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=DOMAIN,DC=LOCAL.ldb 
>> 'isDeleted=TRUE' dn 
>