[Samba] samba4 replication issues | sam.ldb inconsistency

mourik jan heupink - merit heupink at merit.unu.edu
Wed Jul 9 07:56:52 MDT 2014 

Hi Louis,

Thanks for your reply.

I just installed a new dc3, and tried to join it to the AD:

- it finds my writeble DC1
- the join succeeds
- replication starts, but then it bails out on:
Replicating DC=DomainDnsZones,DC=samba,DC=company,DC=com
Join failed - cleaning up

And for the record: DC=DomainDnsZones is the corrupted ldb file on my 
dc1. So this sounds logical to me.

How dangerous is it, at this point, to transfer all (or perhaps some?) 
fsmo roles to dc2, which seems to be in slightly better shape than dc1...?

(however: on dc2 "samba-tool dbcheck cross-ncs" is STILL checking 187479 
objects, and, as indicated by Daniel, it will probably never finish that)

What a mess...

MJ


On 7/9/2014 15:00, L.P.H. van Belle wrote:
> In you case, i would go for a new install.
>
> Add DC3 to the domain, check the database.
> move the FSMO Roles to this server.
>
> Why a new install, easier to check for errors.
> and ... Dont hurry to much, give the system time to set things.
> sychronizing takes time.. so be patient.
>
> and ( in my case ) takes much less time to fix than solving the problem.
> and 1 importent thing, if you do this on a VM, set DC3 to atleast 8GB Ram.
> with virtual DC's you set setup within 15 min. ( 5 min for an extra dc for me with my scripts ;-) )
> This is also why i dont use a DC for other things the being a DC.
> Very fast recovering and new installs.
>
> Louis
>
>> -----Oorspronkelijk bericht-----
>> Van: heupink at merit.unu.edu
>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>> heupink - merit
>> Verzonden: woensdag 9 juli 2014 14:31
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] samba4 replication issues | sam.ldb
>> inconsistency
>>
>> Hi achim, list
>>
>>> If one of your two DC's is still working flawless you can try to move
>>> all fsmo roles to that server and rejoin the other one.
>> But I'm not *sure* that one of my dc's is in perfect shape. I *know*
>> that the DC=DOMAINDNSZONES on dc1 is corrupt.
>>
>> DC2 seems to be fine, however, samba-tool dbcheck cross-ncs
>> never stops
>> checking, and has been running for 18 hours now. So perhaps dc2 is not
>> healthy too?
>>
>> samba-tool fsmo show tells me that all roles are currently on the DC1.
>>
>> I'm a bit hesitant to start messing with my AD (transferring roles,
>> etc), because of the uncertain state it seems to be in. I'm
>> not sure if
>> I'll be able to reverse it, if this goes terribly wrong.
>>
>> If I *knew* that DC2 is healthy, I could transfer all roles
>> there, etc.
>> But as Daniel said: he had to reinstall a DC because of "samba-tool
>> dbcheck cross-ncs" that never ended. (like the situation on my DC2)
>>
>>> Seems tdbbackup works on dc1 for
>>> DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=COM.ldb maybe using
>> the backup
>>> fixes your issues.
>> So, is it possible to use take the
>> DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=COM.ldb from the working dc,
>> and copy it to the problem dc? Can I overwrite the corrupt file with
>> another dc's file?
>>
>> Or is my best bet now to install a DC3, and see what gets
>> replicated to
>> that new dc?
>>
>> MJ
>>
>>>
>>> achim~
>>>
>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

More information about the samba mailing list