[Samba] Trouble demoting DC with broken replication
Andreas Oster
aoster at novanetwork.de
Fri May 9 02:02:12 MDT 2014
Am 08.05.2014 20:31, schrieb Andy Durant:
> The 10 days you set for tombstone hasn't elapsed yet for that particular
> object, or it hasn't replicated to your remaining DCs. You will have to
> wait for it to expire and be actually deleted.
>
>
>
> Andy
>
>
> On 5/8/2014 1:55 PM, Andreas Oster wrote:
>> Am 08.05.2014 16:12, schrieb Andy Durant:
>>> I struggled with this issue for a few weeks in my lab.
>>>
>>> Use this as a guide for cleaning up metadata and using adsiedit to clean
>>> up the directory.
>>>
>>> http://support.microsoft.com/kb/216498
>>>
>>> Ensure that all dns entries are cleaned up as well. Both in the DNS
>>> section of RSAT and using adsiedit. You can load the dns partitions as
>>> well.
>>>
>>> Once you are are all that is cleaned up run:
>>>
>>> ldbsearch --cross-ncs --show-deleted -H /usr/local/samba/private/sam.ldb
>>> | grep "failed dc"
>>>
>>> You'll likely see a few entries all with the OADEL.
>>>
>>> From what I can tell, anything listed there is tombstoned and you
>>> simply
>>> need to wait for the tombstone period to expire and the objects will be
>>> removed. I'm not sure why replication still picks up on them and shows
>>> as failure, but I can confirm that in my lab - and I tested it 3 times
>>> to be sure, that after the tombstone period expired and the objects were
>>> permanently removed, the replication error went away for me.
>>>
>>>
>>> Andy
>>>
>>>
>>> On 5/8/2014 9:58 AM, Andreas Oster wrote:
>>>> Am 08.05.2014 15:30, schrieb lp101:
>>>>> Hello,
>>>>>
>>>>> Remove all traces of the demoted DC from your DNS. Use Windows
>>>>> ADUC module to remove the DC from the Domain Controllers OU. Use ADSI
>>>>> to remove all traces of the NTDS files and demoted server. Be careful
>>>>> using ADSI. Give it a few moments to allow the changes to replicate
>>>>> across all your existing DC's.
>>>>>
>>>>> On 5/8/2014 9:06 AM, Andreas Oster wrote:
>>>>>> Am 08.05.2014 15:03, schrieb Andreas Oster:
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I am currently struggling to remove one of our Samba4 DC from the
>>>>>>> domain. Some time ago, adding a new Samba DC to our AD did not
>>>>>>> succeed
>>>>>>> and I had to demote the new server again. After removal,
>>>>>>> replication on
>>>>>>> one of the old/existing DCs got weird.
>>>>>>>
>>>>>>> /usr/local/samba/bin/samba-tool drs showrepl gives the following:
>>>>>>>
>>>>>>> Standardname-des-ersten-Standorts\dc02
>>>>>>> DSA Options: 0x00000001
>>>>>>> DSA object GUID: ef37f4de-a03c-493c-96f6-e521a5415d81
>>>>>>> DSA invocationId: b0bc10b9-a67f-4550-8fbf-3dc9fbe6fecc
>>>>>>>
>>>>>>> ==== INBOUND NEIGHBORS ====
>>>>>>>
>>>>>>> DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>> DSA object GUID:
>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>> Last attempt @ Thu May 8 14:49:28 2014 CEST was
>>>>>>> successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ Thu May 8 14:49:28 2014 CEST
>>>>>>>
>>>>>>> DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>> DSA object GUID:
>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>> Last attempt @ Thu May 8 14:49:24 2014 CEST was
>>>>>>> successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ Thu May 8 14:49:24 2014 CEST
>>>>>>>
>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>> DSA object GUID:
>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>> Last attempt @ Thu May 8 14:48:50 2014 CEST was
>>>>>>> successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ Thu May 8 14:48:50 2014 CEST
>>>>>>>
>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>> DSA object GUID:
>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>> Last attempt @ Thu May 8 14:48:51 2014 CEST was
>>>>>>> successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ Thu May 8 14:48:51 2014 CEST
>>>>>>>
>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>> DSA object GUID:
>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>> Last attempt @ Thu May 8 14:48:54 2014 CEST was
>>>>>>> successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ Thu May 8 14:48:54 2014 CEST
>>>>>>>
>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>> DSA object GUID:
>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>> Last attempt @ Thu May 8 14:48:55 2014 CEST was
>>>>>>> successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ Thu May 8 14:48:55 2014 CEST
>>>>>>>
>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>> DSA object GUID:
>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>> Last attempt @ Thu May 8 14:50:01 2014 CEST was
>>>>>>> successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ Thu May 8 14:50:01 2014 CEST
>>>>>>>
>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>> DSA object GUID:
>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>> Last attempt @ Thu May 8 14:50:02 2014 CEST was
>>>>>>> successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ Thu May 8 14:50:02 2014 CEST
>>>>>>>
>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>> DSA object GUID:
>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>> Last attempt @ Thu May 8 14:48:56 2014 CEST was
>>>>>>> successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ Thu May 8 14:48:56 2014 CEST
>>>>>>>
>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>> DSA object GUID:
>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>> Last attempt @ Thu May 8 14:48:56 2014 CEST was
>>>>>>> successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ Thu May 8 14:48:56 2014 CEST
>>>>>>>
>>>>>>> ==== OUTBOUND NEIGHBORS ====
>>>>>>>
>>>>>>> DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>> Last attempt @ Thu May 8 14:51:59 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 1042908 consecutive failure(s).
>>>>>>> Last success @ Tue Feb 11 10:00:38 2014 CET
>>>>>>>
>>>>>>> DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>> Last attempt @ Thu May 8 14:51:59 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 1005465 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>> Last attempt @ Thu May 8 14:51:59 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 958484 consecutive failure(s).
>>>>>>> Last success @ Sat Feb 15 12:56:47 2014 CET
>>>>>>>
>>>>>>> DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>> DSA object GUID:
>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>> Last attempt @ NTTIME(0) was successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>> DSA object GUID:
>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>> Last attempt @ NTTIME(0) was successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>> Last attempt @ Thu May 8 14:51:58 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 1049436 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>> Last attempt @ Thu May 8 14:51:58 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 1012985 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>> Last attempt @ Thu May 8 14:51:58 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 976997 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>> DSA object GUID:
>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>> Last attempt @ NTTIME(0) was successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>> DSA object GUID:
>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>> Last attempt @ NTTIME(0) was successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>> Last attempt @ Thu May 8 14:52:00 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 999198 consecutive failure(s).
>>>>>>> Last success @ Tue Feb 11 10:00:39 2014 CET
>>>>>>>
>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>> Last attempt @ Thu May 8 14:52:00 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 994163 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>> Last attempt @ Thu May 8 14:52:00 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 952835 consecutive failure(s).
>>>>>>> Last success @ Sat Feb 15 12:56:42 2014 CET
>>>>>>>
>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>> DSA object GUID:
>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>> Last attempt @ NTTIME(0) was successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>> DSA object GUID:
>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>> Last attempt @ NTTIME(0) was successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>> Last attempt @ Thu May 8 14:51:58 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 1009552 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>> Last attempt @ Thu May 8 14:51:58 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 1010074 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>> Last attempt @ Thu May 8 14:51:59 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 958577 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>> DSA object GUID:
>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>> Last attempt @ NTTIME(0) was successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>> DSA object GUID:
>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>> Last attempt @ NTTIME(0) was successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>> Last attempt @ Thu May 8 14:52:00 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 975813 consecutive failure(s).
>>>>>>> Last success @ Tue Feb 11 10:00:39 2014 CET
>>>>>>>
>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>> Last attempt @ Thu May 8 14:52:00 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 955526 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>> NTDS DN: CN=NTDS
>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> DSA object GUID:
>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>> Last attempt @ Thu May 8 14:52:01 2014 CEST
>>>>>>> failed,
>>>>>>> result 2 (WERR_BADFILE)
>>>>>>> 892435 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>> DSA object GUID:
>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>> Last attempt @ NTTIME(0) was successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>> Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>> DSA object GUID:
>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>> Last attempt @ NTTIME(0) was successful
>>>>>>> 0 consecutive failure(s).
>>>>>>> Last success @ NTTIME(0)
>>>>>>>
>>>>>>> ==== KCC CONNECTION OBJECTS ====
>>>>>>>
>>>>>>> Connection --
>>>>>>> Connection name: 7027ea76-3617-488d-90f6-93f73de15c79
>>>>>>> Enabled : TRUE
>>>>>>> Server DNS name : dc01.samdom.loc
>>>>>>> Server DN name : CN=NTDS
>>>>>>> Settings,CN=dc01,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> TransportType: RPC
>>>>>>> options: 0x00000001
>>>>>>> Warning: No NC replicated for Connection!
>>>>>>> Connection --
>>>>>>> Connection name: dc03
>>>>>>> Enabled : TRUE
>>>>>>> Server DNS name : dc03.samdom.loc
>>>>>>> Server DN name : CN=NTDS
>>>>>>> Settings,CN=dc03,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> TransportType: RPC
>>>>>>> options: 0x00000000
>>>>>>> Warning: No NC replicated for Connection!
>>>>>>>
>>>>>>>
>>>>>>> The \0ADEL: entries are the remains of the initial failed join of
>>>>>>> dc03.
>>>>>>> I searched the net for a solution to get rid of those entries but
>>>>>>> did
>>>>>>> not find any useful information. My next idea was to also demote
>>>>>>> dc02.
>>>>>>> Unfortunately after demoting dc02 those \0ADEL: entries showed up on
>>>>>>> dc01, but only for dc02. I took VM snapshots before demoting dc02 so
>>>>>>> could easily switch back.
>>>>>>>
>>>>>>> Does anyone have an idea how to resolve this issue ?
>>>>>>>
>>>>>>> Thank you very much for your kind help
>>>>>>>
>>>>>>> best regards
>>>>>>>
>>>>>>> Andreas
>>>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> by the way Samba version is: Version 4.2.0pre1-GIT-d7c22d5
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> best regards
>>>>>>
>>>>>> Andreas
>>>>>>
>>>> Hello lp101,
>>>>
>>>> I have no traces of :
>>>>
>>>> bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3
>>>> 60bb6abe-2d08-4f5f-81db-787f6e23706b
>>>> 619df70c-abc9-4644-bff6-35809664bbd9
>>>>
>>>> in DNS. As dc03 is actually successfully joined and working, I cannot
>>>> remove it via ADUC.
>>>> Can you tell me where I can find those NTDS entries via ADSI ?
>>>>
>>>> Thanks
>>>>
>>>> best regards
>>>>
>>>> Andreas
>>>>
>>>>
>>>>
>> Hi Andy,
>>
>> I searched via ldbsearch for deleted objects and found the entries. I
>> then changed the tombstone timeout to a smaller value (10days)= and did
>> restart samba. After some minutes I searched again and now the entries
>> for :
>> bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3
>> 60bb6abe-2d08-4f5f-81db-787f6e23706b
>> 619df70c-abc9-4644-bff6-35809664bbd9
>>
>> have disappeared from the deleted objects. Unfortunately this seems to
>> have made things worse as I do now get the following failure:
>>
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> ERROR(runtime): DsReplicaGetInfo of type -2 failed - (8442,
>> 'WERR_DS_DRA_INTERNAL_ERROR')
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line
>> 116, in drsuapi_ReplicaInfo
>> (info_type, info) = ctx.drsuapi.DsReplicaGetInfo(ctx.drsuapi_handle,
>> 1, req1)
>>
>>
>> in log.samba I can see the following error:
>>
>> [2014/05/08 19:34:49.159705, 0]
>> ../source4/dsdb/kcc/kcc_drs_replica_info.c:680(fill_neighbor_from_repsTo)
>> ../source4/dsdb/kcc/kcc_drs_replica_info.c:680: Failed to find DN for
>> neighbor GUID 23db6774-c155-4e5f-a793-07e9c772ddc4
>>
>> Does anybody have an idea how to get rid of the orphaned neighbour
>> GUIDs. Where can I find those entries ?
>>
>> Thank you for your kind help
>>
>> best regards
>>
>> Andreas
>
Hello Andy,
does this mean I have to wait 10 days until the entries get completely
deleted from AD ? Do you think replication will also work again if
purging has taken place ?
thanks
best regards
Andreas
More information about the samba
mailing list