[Samba] Trouble demoting DC with broken replication

[Andreas Oster]

Hi all,

I am currently struggling to remove one of our Samba4 DC from the
domain. Some time ago, adding a new Samba DC to our AD did not succeed
and I had to demote the new server again. After removal, replication on
one of the old/existing DCs got weird.

/usr/local/samba/bin/samba-tool drs showrepl   gives the following:

Standardname-des-ersten-Standorts\dc02
DSA Options: 0x00000001
DSA object GUID: ef37f4de-a03c-493c-96f6-e521a5415d81
DSA invocationId: b0bc10b9-a67f-4550-8fbf-3dc9fbe6fecc

==== INBOUND NEIGHBORS ====

DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc01 via RPC
                DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
                Last attempt @ Thu May  8 14:49:28 2014 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu May  8 14:49:28 2014 CEST

DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc03 via RPC
                DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
                Last attempt @ Thu May  8 14:49:24 2014 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu May  8 14:49:24 2014 CEST

DC=ForestDnsZones,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc01 via RPC
                DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
                Last attempt @ Thu May  8 14:48:50 2014 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu May  8 14:48:50 2014 CEST

DC=ForestDnsZones,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc03 via RPC
                DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
                Last attempt @ Thu May  8 14:48:51 2014 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu May  8 14:48:51 2014 CEST

CN=Configuration,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc01 via RPC
                DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
                Last attempt @ Thu May  8 14:48:54 2014 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu May  8 14:48:54 2014 CEST

CN=Configuration,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc03 via RPC
                DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
                Last attempt @ Thu May  8 14:48:55 2014 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu May  8 14:48:55 2014 CEST

DC=DomainDnsZones,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc01 via RPC
                DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
                Last attempt @ Thu May  8 14:50:01 2014 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu May  8 14:50:01 2014 CEST

DC=DomainDnsZones,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc03 via RPC
                DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
                Last attempt @ Thu May  8 14:50:02 2014 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu May  8 14:50:02 2014 CEST

CN=Schema,CN=Configuration,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc01 via RPC
                DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
                Last attempt @ Thu May  8 14:48:56 2014 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu May  8 14:48:56 2014 CEST

CN=Schema,CN=Configuration,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc03 via RPC
                DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
                Last attempt @ Thu May  8 14:48:56 2014 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu May  8 14:48:56 2014 CEST

==== OUTBOUND NEIGHBORS ====

DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
                Last attempt @ Thu May  8 14:51:59 2014 CEST failed,
result 2 (WERR_BADFILE)
                1042908 consecutive failure(s).
                Last success @ Tue Feb 11 10:00:38 2014 CET

DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
                Last attempt @ Thu May  8 14:51:59 2014 CEST failed,
result 2 (WERR_BADFILE)
                1005465 consecutive failure(s).
                Last success @ NTTIME(0)

DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
                Last attempt @ Thu May  8 14:51:59 2014 CEST failed,
result 2 (WERR_BADFILE)
                958484 consecutive failure(s).
                Last success @ Sat Feb 15 12:56:47 2014 CET

DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc03 via RPC
                DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc01 via RPC
                DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
                Last attempt @ Thu May  8 14:51:58 2014 CEST failed,
result 2 (WERR_BADFILE)
                1049436 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
                Last attempt @ Thu May  8 14:51:58 2014 CEST failed,
result 2 (WERR_BADFILE)
                1012985 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
                Last attempt @ Thu May  8 14:51:58 2014 CEST failed,
result 2 (WERR_BADFILE)
                976997 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc01 via RPC
                DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc03 via RPC
                DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
                Last attempt @ Thu May  8 14:52:00 2014 CEST failed,
result 2 (WERR_BADFILE)
                999198 consecutive failure(s).
                Last success @ Tue Feb 11 10:00:39 2014 CET

CN=Configuration,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
                Last attempt @ Thu May  8 14:52:00 2014 CEST failed,
result 2 (WERR_BADFILE)
                994163 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
                Last attempt @ Thu May  8 14:52:00 2014 CEST failed,
result 2 (WERR_BADFILE)
                952835 consecutive failure(s).
                Last success @ Sat Feb 15 12:56:42 2014 CET

CN=Configuration,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc01 via RPC
                DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc03 via RPC
                DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
                Last attempt @ Thu May  8 14:51:58 2014 CEST failed,
result 2 (WERR_BADFILE)
                1009552 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
                Last attempt @ Thu May  8 14:51:58 2014 CEST failed,
result 2 (WERR_BADFILE)
                1010074 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
                Last attempt @ Thu May  8 14:51:59 2014 CEST failed,
result 2 (WERR_BADFILE)
                958577 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc01 via RPC
                DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc03 via RPC
                DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
                Last attempt @ Thu May  8 14:52:00 2014 CEST failed,
result 2 (WERR_BADFILE)
                975813 consecutive failure(s).
                Last success @ Tue Feb 11 10:00:39 2014 CET

CN=Schema,CN=Configuration,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
                Last attempt @ Thu May  8 14:52:00 2014 CEST failed,
result 2 (WERR_BADFILE)
                955526 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=samdom,DC=loc
        NTDS DN: CN=NTDS
Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
                Last attempt @ Thu May  8 14:52:01 2014 CEST failed,
result 2 (WERR_BADFILE)
                892435 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc03 via RPC
                DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=samdom,DC=loc
        Standardname-des-ersten-Standorts\dc01 via RPC
                DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 7027ea76-3617-488d-90f6-93f73de15c79
        Enabled        : TRUE
        Server DNS name : dc01.samdom.loc
        Server DN name  : CN=NTDS
Settings,CN=dc01,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
        Connection name: dc03
        Enabled        : TRUE
        Server DNS name : dc03.samdom.loc
        Server DN name  : CN=NTDS
Settings,CN=dc03,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
                TransportType: RPC
                options: 0x00000000
Warning: No NC replicated for Connection!


The \0ADEL:  entries are the remains of the initial failed join of dc03.
I searched the net for a solution to get rid of those entries but did
not find any useful information. My next idea was to also demote dc02.
Unfortunately after demoting dc02 those \0ADEL: entries showed up on
dc01, but only for dc02. I took VM snapshots before demoting dc02 so
could easily switch back.

Does anyone have an idea how to resolve this issue ?

Thank you very much for your kind help

best regards

Andreas