[Samba] Trouble demoting DC with broken replication
Andreas Oster
aoster at novanetwork.de
Thu May 8 07:58:28 MDT 2014
Am 08.05.2014 15:30, schrieb lp101:
> Hello,
>
> Remove all traces of the demoted DC from your DNS. Use Windows
> ADUC module to remove the DC from the Domain Controllers OU. Use ADSI
> to remove all traces of the NTDS files and demoted server. Be careful
> using ADSI. Give it a few moments to allow the changes to replicate
> across all your existing DC's.
>
> On 5/8/2014 9:06 AM, Andreas Oster wrote:
>> Am 08.05.2014 15:03, schrieb Andreas Oster:
>>> Hi all,
>>>
>>> I am currently struggling to remove one of our Samba4 DC from the
>>> domain. Some time ago, adding a new Samba DC to our AD did not succeed
>>> and I had to demote the new server again. After removal, replication on
>>> one of the old/existing DCs got weird.
>>>
>>> /usr/local/samba/bin/samba-tool drs showrepl gives the following:
>>>
>>> Standardname-des-ersten-Standorts\dc02
>>> DSA Options: 0x00000001
>>> DSA object GUID: ef37f4de-a03c-493c-96f6-e521a5415d81
>>> DSA invocationId: b0bc10b9-a67f-4550-8fbf-3dc9fbe6fecc
>>>
>>> ==== INBOUND NEIGHBORS ====
>>>
>>> DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>>> Last attempt @ Thu May 8 14:49:28 2014 CEST was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Thu May 8 14:49:28 2014 CEST
>>>
>>> DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>>> Last attempt @ Thu May 8 14:49:24 2014 CEST was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Thu May 8 14:49:24 2014 CEST
>>>
>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>>> Last attempt @ Thu May 8 14:48:50 2014 CEST was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Thu May 8 14:48:50 2014 CEST
>>>
>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>>> Last attempt @ Thu May 8 14:48:51 2014 CEST was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Thu May 8 14:48:51 2014 CEST
>>>
>>> CN=Configuration,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>>> Last attempt @ Thu May 8 14:48:54 2014 CEST was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Thu May 8 14:48:54 2014 CEST
>>>
>>> CN=Configuration,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>>> Last attempt @ Thu May 8 14:48:55 2014 CEST was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Thu May 8 14:48:55 2014 CEST
>>>
>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>>> Last attempt @ Thu May 8 14:50:01 2014 CEST was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Thu May 8 14:50:01 2014 CEST
>>>
>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>>> Last attempt @ Thu May 8 14:50:02 2014 CEST was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Thu May 8 14:50:02 2014 CEST
>>>
>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>>> Last attempt @ Thu May 8 14:48:56 2014 CEST was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Thu May 8 14:48:56 2014 CEST
>>>
>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>>> Last attempt @ Thu May 8 14:48:56 2014 CEST was
>>> successful
>>> 0 consecutive failure(s).
>>> Last success @ Thu May 8 14:48:56 2014 CEST
>>>
>>> ==== OUTBOUND NEIGHBORS ====
>>>
>>> DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
>>> Last attempt @ Thu May 8 14:51:59 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 1042908 consecutive failure(s).
>>> Last success @ Tue Feb 11 10:00:38 2014 CET
>>>
>>> DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
>>> Last attempt @ Thu May 8 14:51:59 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 1005465 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
>>> Last attempt @ Thu May 8 14:51:59 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 958484 consecutive failure(s).
>>> Last success @ Sat Feb 15 12:56:47 2014 CET
>>>
>>> DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
>>> Last attempt @ Thu May 8 14:51:58 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 1049436 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
>>> Last attempt @ Thu May 8 14:51:58 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 1012985 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
>>> Last attempt @ Thu May 8 14:51:58 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 976997 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Configuration,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
>>> Last attempt @ Thu May 8 14:52:00 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 999198 consecutive failure(s).
>>> Last success @ Tue Feb 11 10:00:39 2014 CET
>>>
>>> CN=Configuration,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
>>> Last attempt @ Thu May 8 14:52:00 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 994163 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Configuration,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
>>> Last attempt @ Thu May 8 14:52:00 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 952835 consecutive failure(s).
>>> Last success @ Sat Feb 15 12:56:42 2014 CET
>>>
>>> CN=Configuration,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Configuration,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
>>> Last attempt @ Thu May 8 14:51:58 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 1009552 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
>>> Last attempt @ Thu May 8 14:51:58 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 1010074 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
>>> Last attempt @ Thu May 8 14:51:59 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 958577 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 23db6774-c155-4e5f-a793-07e9c772ddc4
>>> Last attempt @ Thu May 8 14:52:00 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 975813 consecutive failure(s).
>>> Last success @ Tue Feb 11 10:00:39 2014 CET
>>>
>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 1a890c41-4326-47c1-90c0-28f8e70801a7
>>> Last attempt @ Thu May 8 14:52:00 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 955526 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>> NTDS DN: CN=NTDS
>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> DSA object GUID: 8c0461e2-6f72-42be-98ab-ce175fc84653
>>> Last attempt @ Thu May 8 14:52:01 2014 CEST failed,
>>> result 2 (WERR_BADFILE)
>>> 892435 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>> DSA object GUID: 94534f65-5d06-41f5-844d-a58a0bc03c93
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>> DSA object GUID: c60bca82-df6e-409e-85c5-e2cc733691da
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> ==== KCC CONNECTION OBJECTS ====
>>>
>>> Connection --
>>> Connection name: 7027ea76-3617-488d-90f6-93f73de15c79
>>> Enabled : TRUE
>>> Server DNS name : dc01.samdom.loc
>>> Server DN name : CN=NTDS
>>> Settings,CN=dc01,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> TransportType: RPC
>>> options: 0x00000001
>>> Warning: No NC replicated for Connection!
>>> Connection --
>>> Connection name: dc03
>>> Enabled : TRUE
>>> Server DNS name : dc03.samdom.loc
>>> Server DN name : CN=NTDS
>>> Settings,CN=dc03,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>
>>> TransportType: RPC
>>> options: 0x00000000
>>> Warning: No NC replicated for Connection!
>>>
>>>
>>> The \0ADEL: entries are the remains of the initial failed join of
>>> dc03.
>>> I searched the net for a solution to get rid of those entries but did
>>> not find any useful information. My next idea was to also demote dc02.
>>> Unfortunately after demoting dc02 those \0ADEL: entries showed up on
>>> dc01, but only for dc02. I took VM snapshots before demoting dc02 so
>>> could easily switch back.
>>>
>>> Does anyone have an idea how to resolve this issue ?
>>>
>>> Thank you very much for your kind help
>>>
>>> best regards
>>>
>>> Andreas
>>>
>> Hi all,
>>
>> by the way Samba version is: Version 4.2.0pre1-GIT-d7c22d5
>>
>> Thanks
>>
>> best regards
>>
>> Andreas
>>
>
Hello lp101,
I have no traces of :
bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3
60bb6abe-2d08-4f5f-81db-787f6e23706b
619df70c-abc9-4644-bff6-35809664bbd9
in DNS. As dc03 is actually successfully joined and working, I cannot
remove it via ADUC.
Can you tell me where I can find those NTDS entries via ADSI ?
Thanks
best regards
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140508/7baf785d/attachment-0001.pgp>
More information about the samba
mailing list