[Samba] Trouble demoting DC with broken replication

Andreas Oster aoster at novanetwork.de
Thu May 8 11:55:03 MDT 2014


Am 08.05.2014 16:12, schrieb Andy Durant:
> I struggled with this issue for a few weeks in my lab.
> 
> Use this as a guide for cleaning up metadata and using adsiedit to clean
> up the directory.
> 
> http://support.microsoft.com/kb/216498
> 
> Ensure that all dns entries are cleaned up as well. Both in the DNS
> section of RSAT and using adsiedit.  You can load the dns partitions as
> well.
> 
> Once you are are all that is cleaned up run:
> 
> ldbsearch --cross-ncs --show-deleted -H /usr/local/samba/private/sam.ldb
> | grep "failed dc"
> 
> You'll likely see a few entries all with the OADEL.
> 
> From what I can tell, anything listed there is tombstoned and you simply
> need to wait for the tombstone period to expire and the objects will be
> removed.  I'm not sure why replication still picks up on them and shows
> as failure, but I can confirm that in my lab - and I tested it 3 times
> to be sure, that after the tombstone period expired and the objects were
> permanently removed, the replication error went away for me.
> 
> 
> Andy
> 
> 
> On 5/8/2014 9:58 AM, Andreas Oster wrote:
>> Am 08.05.2014 15:30, schrieb lp101:
>>>      Hello,
>>>
>>>      Remove all traces of the demoted DC from your DNS. Use Windows
>>> ADUC module to remove the DC from the Domain Controllers OU. Use ADSI
>>> to remove all traces of the NTDS files and demoted server. Be careful
>>> using ADSI. Give it a few moments to allow the changes to replicate
>>> across all your existing DC's.
>>>
>>> On 5/8/2014 9:06 AM, Andreas Oster wrote:
>>>> Am 08.05.2014 15:03, schrieb Andreas Oster:
>>>>> Hi all,
>>>>>
>>>>> I am currently struggling to remove one of our Samba4 DC from the
>>>>> domain. Some time ago, adding a new Samba DC to our AD did not succeed
>>>>> and I had to demote the new server again. After removal,
>>>>> replication on
>>>>> one of the old/existing DCs got weird.
>>>>>
>>>>> /usr/local/samba/bin/samba-tool drs showrepl   gives the following:
>>>>>
>>>>> Standardname-des-ersten-Standorts\dc02
>>>>> DSA Options: 0x00000001
>>>>> DSA object GUID: ef37f4de-a03c-493c-96f6-e521a5415d81
>>>>> DSA invocationId: b0bc10b9-a67f-4550-8fbf-3dc9fbe6fecc
>>>>>
>>>>> ==== INBOUND NEIGHBORS ====
>>>>>
>>>>> DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>                   DSA object GUID:
>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>                   Last attempt @ Thu May  8 14:49:28 2014 CEST was
>>>>> successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ Thu May  8 14:49:28 2014 CEST
>>>>>
>>>>> DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>                   DSA object GUID:
>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>                   Last attempt @ Thu May  8 14:49:24 2014 CEST was
>>>>> successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ Thu May  8 14:49:24 2014 CEST
>>>>>
>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>                   DSA object GUID:
>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>                   Last attempt @ Thu May  8 14:48:50 2014 CEST was
>>>>> successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ Thu May  8 14:48:50 2014 CEST
>>>>>
>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>                   DSA object GUID:
>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>                   Last attempt @ Thu May  8 14:48:51 2014 CEST was
>>>>> successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ Thu May  8 14:48:51 2014 CEST
>>>>>
>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>                   DSA object GUID:
>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>                   Last attempt @ Thu May  8 14:48:54 2014 CEST was
>>>>> successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ Thu May  8 14:48:54 2014 CEST
>>>>>
>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>                   DSA object GUID:
>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>                   Last attempt @ Thu May  8 14:48:55 2014 CEST was
>>>>> successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ Thu May  8 14:48:55 2014 CEST
>>>>>
>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>                   DSA object GUID:
>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>                   Last attempt @ Thu May  8 14:50:01 2014 CEST was
>>>>> successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ Thu May  8 14:50:01 2014 CEST
>>>>>
>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>                   DSA object GUID:
>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>                   Last attempt @ Thu May  8 14:50:02 2014 CEST was
>>>>> successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ Thu May  8 14:50:02 2014 CEST
>>>>>
>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>                   DSA object GUID:
>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>                   Last attempt @ Thu May  8 14:48:56 2014 CEST was
>>>>> successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ Thu May  8 14:48:56 2014 CEST
>>>>>
>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>                   DSA object GUID:
>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>                   Last attempt @ Thu May  8 14:48:56 2014 CEST was
>>>>> successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ Thu May  8 14:48:56 2014 CEST
>>>>>
>>>>> ==== OUTBOUND NEIGHBORS ====
>>>>>
>>>>> DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>                   Last attempt @ Thu May  8 14:51:59 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   1042908 consecutive failure(s).
>>>>>                   Last success @ Tue Feb 11 10:00:38 2014 CET
>>>>>
>>>>> DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>                   Last attempt @ Thu May  8 14:51:59 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   1005465 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>                   Last attempt @ Thu May  8 14:51:59 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   958484 consecutive failure(s).
>>>>>                   Last success @ Sat Feb 15 12:56:47 2014 CET
>>>>>
>>>>> DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>                   DSA object GUID:
>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>                   Last attempt @ NTTIME(0) was successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>                   DSA object GUID:
>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>                   Last attempt @ NTTIME(0) was successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>                   Last attempt @ Thu May  8 14:51:58 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   1049436 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>                   Last attempt @ Thu May  8 14:51:58 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   1012985 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>                   Last attempt @ Thu May  8 14:51:58 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   976997 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>                   DSA object GUID:
>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>                   Last attempt @ NTTIME(0) was successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>                   DSA object GUID:
>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>                   Last attempt @ NTTIME(0) was successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>                   Last attempt @ Thu May  8 14:52:00 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   999198 consecutive failure(s).
>>>>>                   Last success @ Tue Feb 11 10:00:39 2014 CET
>>>>>
>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>                   Last attempt @ Thu May  8 14:52:00 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   994163 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>                   Last attempt @ Thu May  8 14:52:00 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   952835 consecutive failure(s).
>>>>>                   Last success @ Sat Feb 15 12:56:42 2014 CET
>>>>>
>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>                   DSA object GUID:
>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>                   Last attempt @ NTTIME(0) was successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>                   DSA object GUID:
>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>                   Last attempt @ NTTIME(0) was successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>                   Last attempt @ Thu May  8 14:51:58 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   1009552 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>                   Last attempt @ Thu May  8 14:51:58 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   1010074 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>                   Last attempt @ Thu May  8 14:51:59 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   958577 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>                   DSA object GUID:
>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>                   Last attempt @ NTTIME(0) was successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>                   DSA object GUID:
>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>                   Last attempt @ NTTIME(0) was successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>                   Last attempt @ Thu May  8 14:52:00 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   975813 consecutive failure(s).
>>>>>                   Last success @ Tue Feb 11 10:00:39 2014 CET
>>>>>
>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>                   Last attempt @ Thu May  8 14:52:00 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   955526 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>           NTDS DN: CN=NTDS
>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   DSA object GUID:
>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>                   Last attempt @ Thu May  8 14:52:01 2014 CEST failed,
>>>>> result 2 (WERR_BADFILE)
>>>>>                   892435 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>                   DSA object GUID:
>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>                   Last attempt @ NTTIME(0) was successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>           Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>                   DSA object GUID:
>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>                   Last attempt @ NTTIME(0) was successful
>>>>>                   0 consecutive failure(s).
>>>>>                   Last success @ NTTIME(0)
>>>>>
>>>>> ==== KCC CONNECTION OBJECTS ====
>>>>>
>>>>> Connection --
>>>>>           Connection name: 7027ea76-3617-488d-90f6-93f73de15c79
>>>>>           Enabled        : TRUE
>>>>>           Server DNS name : dc01.samdom.loc
>>>>>           Server DN name  : CN=NTDS
>>>>> Settings,CN=dc01,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   TransportType: RPC
>>>>>                   options: 0x00000001
>>>>> Warning: No NC replicated for Connection!
>>>>> Connection --
>>>>>           Connection name: dc03
>>>>>           Enabled        : TRUE
>>>>>           Server DNS name : dc03.samdom.loc
>>>>>           Server DN name  : CN=NTDS
>>>>> Settings,CN=dc03,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>
>>>>>
>>>>>                   TransportType: RPC
>>>>>                   options: 0x00000000
>>>>> Warning: No NC replicated for Connection!
>>>>>
>>>>>
>>>>> The \0ADEL:  entries are the remains of the initial failed join of
>>>>> dc03.
>>>>> I searched the net for a solution to get rid of those entries but did
>>>>> not find any useful information. My next idea was to also demote dc02.
>>>>> Unfortunately after demoting dc02 those \0ADEL: entries showed up on
>>>>> dc01, but only for dc02. I took VM snapshots before demoting dc02 so
>>>>> could easily switch back.
>>>>>
>>>>> Does anyone have an idea how to resolve this issue ?
>>>>>
>>>>> Thank you very much for your kind help
>>>>>
>>>>> best regards
>>>>>
>>>>> Andreas
>>>>>
>>>> Hi all,
>>>>
>>>> by the way Samba version is: Version 4.2.0pre1-GIT-d7c22d5
>>>>
>>>> Thanks
>>>>
>>>> best regards
>>>>
>>>> Andreas
>>>>
>> Hello lp101,
>>
>> I have no traces of :
>>
>> bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3
>> 60bb6abe-2d08-4f5f-81db-787f6e23706b
>> 619df70c-abc9-4644-bff6-35809664bbd9
>>
>> in DNS. As dc03 is actually successfully joined and working, I cannot
>> remove it via ADUC.
>> Can you tell me where I can find those NTDS entries via ADSI ?
>>
>> Thanks
>>
>> best regards
>>
>> Andreas
>>
>>
>>
Hi Andy,

I searched via ldbsearch for deleted objects and found the entries. I
then changed the tombstone timeout to a smaller value (10days)= and did
restart samba. After some minutes I searched again and now the entries for :
bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3
60bb6abe-2d08-4f5f-81db-787f6e23706b
619df70c-abc9-4644-bff6-35809664bbd9

have disappeared from the deleted objects. Unfortunately this seems to
have made things worse as I do now get the following failure:


==== OUTBOUND NEIGHBORS ====

ERROR(runtime): DsReplicaGetInfo of type -2 failed - (8442,
'WERR_DS_DRA_INTERNAL_ERROR')
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line
116, in drsuapi_ReplicaInfo
    (info_type, info) = ctx.drsuapi.DsReplicaGetInfo(ctx.drsuapi_handle,
1, req1)


in log.samba I can see the following error:

[2014/05/08 19:34:49.159705,  0]
../source4/dsdb/kcc/kcc_drs_replica_info.c:680(fill_neighbor_from_repsTo)
  ../source4/dsdb/kcc/kcc_drs_replica_info.c:680: Failed to find DN for
neighbor GUID 23db6774-c155-4e5f-a793-07e9c772ddc4

Does anybody have an idea how to get rid of the orphaned neighbour
GUIDs. Where can I find those entries ?

Thank you for your kind help

best regards

Andreas


More information about the samba mailing list