[Samba] DomainDnsZone Replication Shows 200,000 Objects

lp101 lingpanda101 at gmail.com
Fri Jan 10 15:15:02 MST 2014 

Thanks for the reply. Yes I did check to make sure the attribute 
replicated to the other DC's. It did. I changed the value to 30 from 
180. All 3 DC's show different values for deleted records so I know 
replication is broken.

On 1/10/2014 3:56 PM, Achim Gottinger wrote:
> Am 10.01.2014 19:30, schrieb lp101:
>> OK.  So things are not going as planned. Searched for deleted records 
>> and it returned 391131 entries. Changed tombstone attribute and 
>> restarted Samba. Records are not being deleted and replication 
>> according to showrepl has failed. This was in log.samba
>>
>> [2014/01/10 12:21:48.842660,  0] 
>> ../source4/dns_server/dns_utils.c:282(dns_replace_records)
>>   Deleting record failed; 50
>> [2014/01/10 12:41:55.254616,  0] 
>> ../source4/dns_server/dns_utils.c:282(dns_replace_records)
>>   Deleting record failed; 50
>> [2014/01/10 12:42:02.278754,  0] 
>> ../source4/dns_server/dns_utils.c:282(dns_replace_records)
>>   Deleting record failed; 50
>> [2014/01/10 12:42:07.973631,  0] 
>> ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
>>   ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - 
>> NT_STATUS_IO_TIMEOUT
>> [2014/01/10 12:43:46.925354,  0] 
>> ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
>>   IRPC callback failed for DsExecuteKCC - NT_STATUS_IO_TIMEOUT
>>
>>     Now it appears replication is working because I can create users 
>> and see them replicated on other DC's. If I switch to bind will this 
>> delete these entries and allow me to join a new DC with the deleted 
>> entries gone? As of now I'm unable to join any new DC's as the server 
>> runs out of memory and exits to a command prompt at around 350,000 
>> entries being replicated. I know see that updates are turned off.
> I tried the tombstoneLifetime attribute modification on an test setup 
> in my office which has two ad DC's both running on an debian wheezy 
> vm's, one runs sernet 4.1.3 the other one an backported debian samba 
> package version 4.0.10. The server i modified the attribute on was the 
> one with sernet 4.1.3 and this one also has alle the fsmo roles. Here 
> it did not take long till the deleted objects started decreasing after 
> i restarted that server. Just checked both servers and they habe no 
> replication errors and both show the same number of ~390 deleted 
> records. Before one of my windows 7 clients alone had around 800 
> deleted records.
> Are you shure you changed tombstoneLifetime to an small enoght value 
> to cache some of your deleted records? I'd also verify that the 
> tomstoneLiftime attribute replicated successfull to all your dc's.
>>
>> schema_fsmo_init: we are master[yes] updates allowed[no]
> This means that schema updates are not allowed on that server. It's 
> unrelated to Configuration changes or DNS updates.
>>
>> Replication appears to fail when checking samba-tool with
>>
>> rpc fault: WERR_EPT_S_CANT_PERFORM_OP
>>
>>
>>
>> and I see this when using
>>
>>
>> On 1/2/2014 10:36 PM, Achim Gottinger wrote:
>>> ldbsearch -H 
>>> /var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=DOMAIN,DC=LOCAL.ldb 
>>> 'isDeleted=TRUE' dn 
>>
>

More information about the samba mailing list