[Samba] DomainDnsZone Replication Shows 200,000 Objects

lp101 lingpanda101 at gmail.com
Fri Jan 10 18:05:34 MST 2014 

     Just an FYI. I reverted the tombstone back to 180 and replication 
sprang back to life. This was on the DC that held all the FSMO roles. 
While things are working again I'm still back to square one with all the 
deleted domain entries.

On 1/10/2014 3:56 PM, Achim Gottinger wrote:
> Am 10.01.2014 19:30, schrieb lp101:
>> OK.  So things are not going as planned. Searched for deleted records 
>> and it returned 391131 entries. Changed tombstone attribute and 
>> restarted Samba. Records are not being deleted and replication 
>> according to showrepl has failed. This was in log.samba
>>
>> [2014/01/10 12:21:48.842660,  0] 
>> ../source4/dns_server/dns_utils.c:282(dns_replace_records)
>>   Deleting record failed; 50
>> [2014/01/10 12:41:55.254616,  0] 
>> ../source4/dns_server/dns_utils.c:282(dns_replace_records)
>>   Deleting record failed; 50
>> [2014/01/10 12:42:02.278754,  0] 
>> ../source4/dns_server/dns_utils.c:282(dns_replace_records)
>>   Deleting record failed; 50
>> [2014/01/10 12:42:07.973631,  0] 
>> ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
>>   ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - 
>> NT_STATUS_IO_TIMEOUT
>> [2014/01/10 12:43:46.925354,  0] 
>> ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
>>   IRPC callback failed for DsExecuteKCC - NT_STATUS_IO_TIMEOUT
>>
>>     Now it appears replication is working because I can create users 
>> and see them replicated on other DC's. If I switch to bind will this 
>> delete these entries and allow me to join a new DC with the deleted 
>> entries gone? As of now I'm unable to join any new DC's as the server 
>> runs out of memory and exits to a command prompt at around 350,000 
>> entries being replicated. I know see that updates are turned off.
> I tried the tombstoneLifetime attribute modification on an test setup 
> in my office which has two ad DC's both running on an debian wheezy 
> vm's, one runs sernet 4.1.3 the other one an backported debian samba 
> package version 4.0.10. The server i modified the attribute on was the 
> one with sernet 4.1.3 and this one also has alle the fsmo roles. Here 
> it did not take long till the deleted objects started decreasing after 
> i restarted that server. Just checked both servers and they habe no 
> replication errors and both show the same number of ~390 deleted 
> records. Before one of my windows 7 clients alone had around 800 
> deleted records.
> Are you shure you changed tombstoneLifetime to an small enoght value 
> to cache some of your deleted records? I'd also verify that the 
> tomstoneLiftime attribute replicated successfull to all your dc's.
>>
>> schema_fsmo_init: we are master[yes] updates allowed[no]
> This means that schema updates are not allowed on that server. It's 
> unrelated to Configuration changes or DNS updates.
>>
>> Replication appears to fail when checking samba-tool with
>>
>> rpc fault: WERR_EPT_S_CANT_PERFORM_OP
>>
>>
>>
>> and I see this when using
>>
>>
>> On 1/2/2014 10:36 PM, Achim Gottinger wrote:
>>> ldbsearch -H 
>>> /var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=DOMAIN,DC=LOCAL.ldb 
>>> 'isDeleted=TRUE' dn 
>>
>

More information about the samba mailing list