[Samba] samba4 replication issues | sam.ldb inconsistency

mourik jan heupink - merit heupink at merit.unu.edu
Tue Jul 15 10:00:33 MDT 2014


Hi all,

Despite my first optimism, it seems we're not out of the woods just yet...

> It certainly is. you can join to any DC regardless of roles.  You should
> be able to point it to DC2 with --server=DC2
>

I managed to install a new DC3, with --server=DC2:

samba-tool domain join samba.company.com DC -Uadministrator 
--realm=samba.company.com --server=DC2

This completes successfully, no errors. However, when I start my DC3, I 
receive:
[2014/07/15 17:35:44.891271,  0] 
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
   /usr/sbin/samba_dnsupdate: update failed: SERVFAIL
and
[2014/07/15 17:41:08.790679,  0] 
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com 
CN=Schema,CN=Configuration,DC=samba,DC=company,DC=com
[2014/07/15 17:41:08.815799,  0] 
../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback)
   ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID 
allocation - WERR_DS_DRA_INTERNAL_ERROR - extended_ret[0x0]

Checking dns on my DC2 I learned that dc3.samba.company.com did not 
resolve correctly, so I did on DC2:

samba-tool dns add ip.address.dc2 samba.company.com DC3 A ip.address.dc3 
-Uadministrator

and now dc3.samba.company.com does resolve correctly. However: 
restarting samba things still don't work:

[2014/07/15 17:42:35.027090,  0] 
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
   /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
[2014/07/15 17:42:35.027250,  0] 
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
   /usr/sbin/samba_dnsupdate: update failed: SERVFAIL
[2014/07/15 17:42:38.642366,  0] 
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com 
DC=ForestDnsZones,DC=samba,DC=company,DC=com
[2014/07/15 17:42:38.816639,  0] 
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com 
DC=samba,DC=company,DC=com
[2014/07/15 17:42:38.960894,  0] 
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com 
CN=Schema,CN=Configuration,DC=samba,DC=company,DC=com
[2014/07/15 17:42:39.068958,  0] 
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com 
CN=Configuration,DC=samba,DC=company,DC=com
[2014/07/15 17:43:06.580263,  0] 
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com 
DC=ForestDnsZones,DC=samba,DC=company,DC=com
[2014/07/15 17:43:06.798779,  0] 
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com 
CN=Configuration,DC=samba,DC=company,DC=com
[2014/07/15 17:43:07.113991,  0] 
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com 
DC=samba,DC=company,DC=com
[2014/07/15 17:43:07.372502,  0] 
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com 
CN=Schema,CN=Configuration,DC=samba,DC=company,DC=com
[2014/07/15 17:43:07.390439,  0] 
../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback)
   ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID 
allocation - WERR_DS_DRA_INTERNAL_ERROR - extended_ret[0x0]

So... a lot of access denied, plus an internal error to top things of.

Getting more and more nervous. Any tips how to proceed are again very 
welcome..?



More information about the samba mailing list