[Samba] Fwd: dnsdomainzone replication failure

Achim Gottinger achim at ag-web.biz
Thu Jul 24 10:30:07 MDT 2014 

Am 24.07.2014 18:07, schrieb C.Kindler:
> Thanks again,
>
> I tried already these ones - without success! I've tried with the 
> windows tool (ldp.exe) as well, but without success. I'm almost lost....
> 1) what can I do knocking this supid entry out?
> 2) is this deleted entry infect the other dnsrepl?
> 3) Do I have to demote and make a proper new installation and then 
> sync from the clean dc3
>
Same here the syntax mentioned in the wiki does not work for deleted DNS 
entries with "normal" characters here.
>
>
>
> 2014-07-24 17:32 GMT+02:00 Achim Gottinger <achim at ag-web.biz 
> <mailto:achim at ag-web.biz>>:
>
>     Am 24.07.2014 15 <tel:24.07.2014%2015>:19, schrieb C.Kindler:
>>
>>     ok, with ldbsearch I found the entry:
>>
>     Good so one of these should work
>
>     *ldbsearch -Hldap://localhost  -U administrator --show-deleted cn=**2\\3B\\00\\001\\00\\00!\\00\\00\\00\\00\\00\\00\\0ADEL\\0ADEL:**
>
>     *ldbsearch -Hldap://localhost  -U administrator --show-deleted cn=**2\3B\00\001\00\00!\00\00\00\00\00\00\\0ADEL:**
>
>     Once you figured out how to escape the cn correct you can follow the docs, move the object back to it's original place, edit the renamed entry and remove the 3 lines*.
>     *Then rename it with MS DNS Admin Tools. Maybe you can find at your working DC what string got messed up. Can be you have to do it at both faulty dc's.*
>
>     *
>
>>
>>     # record 27
>>     dn:
>>     DC=2\3B\00\001\00\00!\00\00\00\00\00\00\0ADEL:51220e6c-5b94-42e7-b595-95dfed68e408,CN=Deleted
>>     Objects,DC=DomainDnsZones,DC=ad,DC=wuestenrot,DC=at
>>     objectClass: top
>>     objectClass: dnsNode
>>     instanceType: 4
>>     whenCreated: 20140724062353.0Z
>>     uSNCreated: 876200
>>     objectGUID: 51220e6c-5b94-42e7-b595-95dfed68e408
>>     isDeleted: TRUE
>>     lastKnownParent: DC=ad.wuestenrot.at
>>     <http://ad.wuestenrot.at>,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,D
>>      C=wuestenrot,DC=at
>>     isRecycled: TRUE
>>     dc::
>>     GTI7AElEAAAhAAAAAAAAACALP193fwAA8AQzX3d/AAAgAAAAAAAAAHAAAAAAAAAAYP8NX3d/A
>>      AA=
>>     name::
>>     GTI7AElEAAAhAAAAAAAAACALP193fwAA8AQzX3d/AAAgAAAAAAAAAHAAAAAAAAAAYP8NX3d
>>      /AAA=
>>     whenChanged: 20140724104134.0Z
>>     uSNChanged: 879249
>>     distinguishedName::
>>     REM9GTJcM0JcMDBcMDAxXDAwXDAwIVwwMFwwMFwwMFwwMFwwMFwwMFwwQU
>>      RFTDo1MTIyMGU2Yy01Yjk0LTQyZTctYjU5NS05NWRmZWQ2OGU0MDgsQ049RGVsZXRlZCBPYmplY3R
>>      zLERDPURvbWFpbkRuc1pvbmVzLERDPWFkLERDPXd1ZXN0ZW5yb3QsREM9YXQ=
>>
>>
>>     this record exists on DC1 and DC2.
>>
>>     therefore as you mentioned the wiki.samba.org
>>     <http://wiki.samba.org> site:
>>     just for clarifcation: ldbedit...
>>     and then: objectCategory?
>>     the following lines to delete:
>>
>>     isDeleted: TRUE
>>     isRecycled: TRUE
>>     isDeleted: TRUE
>>
>>     is this true?
>>
>>     BTW: what does it mean?
>>
>>     DC=DomainDnsZones,DC=ad,DC=wuestenrot,DC=at
>>             Default-First-Site-Name\DC2 via RPC
>>                     DSA object GUID: 41153b09-2116-4567-aea2-584f9b159b6d
>>                     Last attempt @ Thu Jul 24 15:15:45 2014 CEST
>>     failed, result 31 (WERR_GENERAL_FAILURE)
>>                     549 consecutive failure(s).
>>                     Last success @ Thu Jul 24 15:15:06 2014 CEST
>>
>>
>>     is this WERR_GENERAL_FAIILURE the false entry in the deleted Objects?
>>
>>     how about sync from dc3? there is no rubbish deleted object?
>>
>>
>>
>>     2014-07-24 14:17 GMT+02:00 Achim Gottinger <achim at ag-web.biz
>>     <mailto:achim at ag-web.biz>>:
>>
>>         Am 24.07.2014 13 <tel:24.07.2014%2013>:40, schrieb C.Kindler:
>>>         I already deleted the entry - hmmm, how to rename the entry?
>>         It's mentioned here.
>>
>>         https://wiki.samba.org/index.php/Restoring_deleted_AD_objects#Reanimating_deleted_objects
>>
>>         maybe you can use objectGUID instead of cn
>>
>>         Does this find your record?
>>
>>         ldbsearch -H
>>         /var/lib/samba/private/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=WUESTENROT\,DC\=AT.ldb
>>         'objectGUID=da87670c-b794-4c0c-86c3-dd54357ecf71'
>>
>>
>>>
>>>
>>>         2014-07-24 13:08 GMT+02:00 Achim Gottinger <achim at ag-web.biz
>>>         <mailto:achim at ag-web.biz>>:
>>>
>>>             Am 24.07.2014 12 <tel:24.07.2014%2012>:46, schrieb Achim
>>>             Gottinger:
>>>
>>>                 Am 24.07.2014 12 <tel:24.07.2014%2012>:38, schrieb
>>>                 C.Kindler:
>>>
>>>                     Hello Achim,
>>>
>>>                     thanks a lot for your kindly reply.
>>>
>>>                     On DC3 there is no error on dc3. Sorry, I forgot
>>>                     to mention this.
>>>
>>>
>>>
>>>                     I found a terrible dns-entry on dc1 & dc2.
>>>                     (<C0>;#004#001#004<FF><FF><FF>.ad.example.com
>>>                     <http://ad.example.com> <http://ad.example.com>)
>>>
>>>
>>>
>>>                     with samba-tool dns query there is the following
>>>                     entry:
>>>
>>>                      Name=^Y2;, Records=1, Children=0
>>>                         A: 172.21.21.171 (flags=f0, serial=13441,
>>>                     ttl=900)
>>>
>>>
>>>                     on dc1 und &dc2.
>>>
>>>                     how can I delete such a strange entry? What is
>>>                     the easiest and best way to clean up?
>>>
>>>                 If you have Microsoft Admin Tools running using DNS
>>>                 Management there would be easiest.
>>>                 samba-tool dns delete sould be tricky with that
>>>                 name. :-)
>>>
>>>             I'd try to rename the entry otherwise you might end up
>>>             with and deleted entry with that faulty multibyte
>>>             character which will cause replication errors till
>>>             purged in 180 days (default).
>>>
>>>
>>
>>
>
>

More information about the samba mailing list