[Samba] samba4 replication issues | sam.ldb inconsistency
Achim Gottinger
achim at ag-web.biz
Wed Jul 9 06:46:35 MDT 2014
Am 09.07.2014 14:31, schrieb mourik jan heupink - merit:
> Hi achim, list
>
>> If one of your two DC's is still working flawless you can try to move
>> all fsmo roles to that server and rejoin the other one.
> But I'm not *sure* that one of my dc's is in perfect shape. I *know*
> that the DC=DOMAINDNSZONES on dc1 is corrupt.
>
> DC2 seems to be fine, however, samba-tool dbcheck cross-ncs never
> stops checking, and has been running for 18 hours now. So perhaps dc2
> is not healthy too?
>
> samba-tool fsmo show tells me that all roles are currently on the DC1.
>
> I'm a bit hesitant to start messing with my AD (transferring roles,
> etc), because of the uncertain state it seems to be in. I'm not sure
> if I'll be able to reverse it, if this goes terribly wrong.
>
> If I *knew* that DC2 is healthy, I could transfer all roles there,
> etc. But as Daniel said: he had to reinstall a DC because of
> "samba-tool dbcheck cross-ncs" that never ended. (like the situation
> on my DC2)
>
>> Seems tdbbackup works on dc1 for
>> DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=COM.ldb maybe using the backup
>> fixes your issues.
> So, is it possible to use take the
> DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=COM.ldb from the working dc,
> and copy it to the problem dc? Can I overwrite the corrupt file with
> another dc's file?
>
> Or is my best bet now to install a DC3, and see what gets replicated
> to that new dc?
>
> MJ
>
>>
>> achim~
>>
>>
>>
It sounded like tdbbackup
DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=COM.ldb works on your dc1. So
i'd try the result of that backup operation first.
As far as i unterstand fsmo roles from following that list there is
nothing to transfer it's just an setting so it can be changed even after
the server holding all the roles was removed from the network. Someone
please correct me if i'm wron on this one.
Id expect you need an server with working fsmo roles to join an new dc
to your domain, be it dc3 as an new one or dc1 denotet and rejoined.
Best is to do an backup like it's mentioned in the wiki from your
working server dc2 before proceding.
achim~
More information about the samba
mailing list