[Samba] Fwd: dnsdomainzone replication failure
Achim Gottinger
achim at ag-web.biz
Fri Jul 25 04:22:42 MDT 2014
Am 25.07.2014 08:56, schrieb C.Kindler:
> finally could delete this strange entry with:
>
> ldbsearch -H /var/lib/samba/private/dns/sam.ldb -b "CN=Deleted
> Objects,DC=DomainDnsZones,DC=...." --show-deleted --show-binary
> --extended-dn
> ldbdel -H /var/lib/samba/private/dns/sam.ldb "<GUID=51220e6c...>"
>
> The "--extended-dn" was the clue!
>
> Thanks again for your help!
> Best regards
>
That was an interesting task. Does the replication work without errors
and does dbcheck --cross-nsc pass?
>
> 2014-07-24 18:07 GMT+02:00 C.Kindler <kindc1 at gmail.com
> <mailto:kindc1 at gmail.com>>:
>
> Thanks again,
>
> I tried already these ones - without success! I've tried with the
> windows tool (ldp.exe) as well, but without success. I'm almost
> lost....
> 1) what can I do knocking this supid entry out?
> 2) is this deleted entry infect the other dnsrepl?
> 3) Do I have to demote and make a proper new installation and then
> sync from the clean dc3
>
>
>
>
> 2014-07-24 17:32 GMT+02:00 Achim Gottinger <achim at ag-web.biz
> <mailto:achim at ag-web.biz>>:
>
> Am 24.07.2014 15 <tel:24.07.2014%2015>:19, schrieb C.Kindler:
>>
>> ok, with ldbsearch I found the entry:
>>
> Good so one of these should work
>
> *ldbsearch -Hldap://localhost -U administrator --show-deleted cn=**2\\3B\\00\\001\\00\\00!\\00\\00\\00\\00\\00\\00\\0ADEL\\0ADEL:**
>
> *ldbsearch -Hldap://localhost -U administrator --show-deleted cn=**2\3B\00\001\00\00!\00\00\00\00\00\00\\0ADEL:**
>
> Once you figured out how to escape the cn correct you can follow the docs, move the object back to it's original place, edit the renamed entry and remove the 3 lines*.
> *Then rename it with MS DNS Admin Tools. Maybe you can find at your working DC what string got messed up. Can be you have to do it at both faulty dc's.*
>
> *
>
>>
>> # record 27
>> dn:
>> DC=2\3B\00\001\00\00!\00\00\00\00\00\00\0ADEL:51220e6c-5b94-42e7-b595-95dfed68e408,CN=Deleted
>> Objects,DC=DomainDnsZones,DC=ad,DC=wuestenrot,DC=at
>> objectClass: top
>> objectClass: dnsNode
>> instanceType: 4
>> whenCreated: 20140724062353.0Z
>> uSNCreated: 876200
>> objectGUID: 51220e6c-5b94-42e7-b595-95dfed68e408
>> isDeleted: TRUE
>> lastKnownParent: DC=ad.wuestenrot.at
>> <http://ad.wuestenrot.at>,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,D
>> C=wuestenrot,DC=at
>> isRecycled: TRUE
>> dc::
>> GTI7AElEAAAhAAAAAAAAACALP193fwAA8AQzX3d/AAAgAAAAAAAAAHAAAAAAAAAAYP8NX3d/A
>> AA=
>> name::
>> GTI7AElEAAAhAAAAAAAAACALP193fwAA8AQzX3d/AAAgAAAAAAAAAHAAAAAAAAAAYP8NX3d
>> /AAA=
>> whenChanged: 20140724104134.0Z
>> uSNChanged: 879249
>> distinguishedName::
>> REM9GTJcM0JcMDBcMDAxXDAwXDAwIVwwMFwwMFwwMFwwMFwwMFwwMFwwQU
>> RFTDo1MTIyMGU2Yy01Yjk0LTQyZTctYjU5NS05NWRmZWQ2OGU0MDgsQ049RGVsZXRlZCBPYmplY3R
>> zLERDPURvbWFpbkRuc1pvbmVzLERDPWFkLERDPXd1ZXN0ZW5yb3QsREM9YXQ=
>>
>>
>> this record exists on DC1 and DC2.
>>
>> therefore as you mentioned the wiki.samba.org
>> <http://wiki.samba.org> site:
>> just for clarifcation: ldbedit...
>> and then: objectCategory?
>> the following lines to delete:
>>
>> isDeleted: TRUE
>> isRecycled: TRUE
>> isDeleted: TRUE
>>
>> is this true?
>>
>> BTW: what does it mean?
>>
>> DC=DomainDnsZones,DC=ad,DC=wuestenrot,DC=at
>> Default-First-Site-Name\DC2 via RPC
>> DSA object GUID:
>> 41153b09-2116-4567-aea2-584f9b159b6d
>> Last attempt @ Thu Jul 24 15:15:45 2014 CEST
>> failed, result 31 (WERR_GENERAL_FAILURE)
>> 549 consecutive failure(s).
>> Last success @ Thu Jul 24 15:15:06 2014 CEST
>>
>>
>> is this WERR_GENERAL_FAIILURE the false entry in the deleted
>> Objects?
>>
>> how about sync from dc3? there is no rubbish deleted object?
>>
>>
>>
>> 2014-07-24 14:17 GMT+02:00 Achim Gottinger <achim at ag-web.biz
>> <mailto:achim at ag-web.biz>>:
>>
>> Am 24.07.2014 13 <tel:24.07.2014%2013>:40, schrieb C.Kindler:
>>> I already deleted the entry - hmmm, how to rename the entry?
>> It's mentioned here.
>>
>> https://wiki.samba.org/index.php/Restoring_deleted_AD_objects#Reanimating_deleted_objects
>>
>> maybe you can use objectGUID instead of cn
>>
>> Does this find your record?
>>
>> ldbsearch -H
>> /var/lib/samba/private/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=WUESTENROT\,DC\=AT.ldb
>> 'objectGUID=da87670c-b794-4c0c-86c3-dd54357ecf71'
>>
>>
>>>
>>>
>>> 2014-07-24 13:08 GMT+02:00 Achim Gottinger
>>> <achim at ag-web.biz <mailto:achim at ag-web.biz>>:
>>>
>>> Am 24.07.2014 12 <tel:24.07.2014%2012>:46, schrieb
>>> Achim Gottinger:
>>>
>>> Am 24.07.2014 12 <tel:24.07.2014%2012>:38,
>>> schrieb C.Kindler:
>>>
>>> Hello Achim,
>>>
>>> thanks a lot for your kindly reply.
>>>
>>> On DC3 there is no error on dc3. Sorry, I
>>> forgot to mention this.
>>>
>>>
>>>
>>> I found a terrible dns-entry on dc1 & dc2.
>>> (<C0>;#004#001#004<FF><FF><FF>.ad.example.com <http://ad.example.com>
>>> <http://ad.example.com>)
>>>
>>>
>>>
>>> with samba-tool dns query there is the
>>> following entry:
>>>
>>> Name=^Y2;, Records=1, Children=0
>>> A: 172.21.21.171 (flags=f0,
>>> serial=13441, ttl=900)
>>>
>>>
>>> on dc1 und &dc2.
>>>
>>> how can I delete such a strange entry? What
>>> is the easiest and best way to clean up?
>>>
>>> If you have Microsoft Admin Tools running using
>>> DNS Management there would be easiest.
>>> samba-tool dns delete sould be tricky with that
>>> name. :-)
>>>
>>> I'd try to rename the entry otherwise you might end
>>> up with and deleted entry with that faulty multibyte
>>> character which will cause replication errors till
>>> purged in 180 days (default).
>>>
>>>
>>
>>
>
>
>
More information about the samba
mailing list