[Samba] Replication and DNS issue

Donaldson Jeff Jeff.Donaldson at ncs.k12.de.us
Wed Jul 16 12:21:23 MDT 2014 

Steve,

Thank you for the link. I manually added the failover DNS entries and all of the DNS checks return successfully on each server now. I am still having an issue with replication however. When I force the new DC to replicate to existing DCs using the following, samba-tool drs replicate ncssamba1 ncsauth2 DC=ncs,DC=k12,DC=de,DC=us or samba-tool drs replicate ncssamba1 ncsauth2 CN=Configuration,DC=ncs,DC=k12,DC=de,DC=us, I get the following error

ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (-1073610723, 'NT_STATUS_RPC_PROTOCOL_ERROR')
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line 345, in run
    drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, source_dsa_guid, NC, req_options)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)

Oddly, when I run the samba-tool drs showrepl command on the new DC, it no longer shows any outbound errors. It does however show an inbound error from my other DC specifically during replication of CN=Configuration,DC=ncs,DC=k12,DC=de,DC=us. The error is result 58 (WERR_BAD_NET_RESP). 

I'm not sure why running samba-tool drs showrepl shows no issues with outbound replication to my two other DCs now, but if I manually tell it to replicate to either of them I get the first error above. 

Any ideas? Thanks for your help!

Regards,
Jeff

Jeff Donaldson
Technology Director
Newark Charter School
jeff.donaldson at ncs.k12.de.us
(302) 369-2001 ext: 425

________________________________________
From: samba-bounces at lists.samba.org <samba-bounces at lists.samba.org> on behalf of steve <steve at steve-ss.com>
Sent: Wednesday, July 16, 2014 6:14 AM
To: samba at lists.samba.org
Subject: Re: [Samba] Replication and DNS issue

On Tue, 2014-07-15 at 19:20 +0000, Donaldson Jeff wrote:
> Greetings,
>
>
> I recently setup a new server to join an existing domain as a DC.

Hi
After the join there are various DNS entries you need to kick start the
replication, not only the CNAMEs. There are some krb SRV entries that
are needed too. You haven't given much information, so I don't know what
stage you're at. Full story:
http://linuxcostablanca.blogspot.com.es/2014/06/samba4-dc-replication-on-ubuntu.html
HTH
Steve


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list