[Samba] Trouble demoting DC with broken replication

Andy Durant adurant at vestec.com
Fri May 9 12:17:16 MDT 2014


In my case, yes. Once i waited the time for the tombstone to expire and 
fully remove the item from Active directory, all my errors went away.

My one other DC never stopped replicating properly, and it appears by 
the DRS output, your other ones are working correctly as well.

I was even able to add another DC with the same name and IP as the first 
failed DC and it started replicating right away as well.(After the 
tombstone expired and the objects were completely removed. Prior to that 
- a new dc may have the same name and IP but the guid will be different 
and thus replication will still show the error for the failed one, plus 
- working replication for the new one.)

Andy

On 5/9/2014 4:02 AM, Andreas Oster wrote:
> Am 08.05.2014 20:31, schrieb Andy Durant:
>> The 10 days you set for tombstone hasn't elapsed yet for that particular
>> object, or it hasn't replicated to your remaining DCs. You will have to
>> wait for it to expire and be actually deleted.
>>
>>
>>
>> Andy
>>
>>
>> On 5/8/2014 1:55 PM, Andreas Oster wrote:
>>> Am 08.05.2014 16:12, schrieb Andy Durant:
>>>> I struggled with this issue for a few weeks in my lab.
>>>>
>>>> Use this as a guide for cleaning up metadata and using adsiedit to clean
>>>> up the directory.
>>>>
>>>> http://support.microsoft.com/kb/216498
>>>>
>>>> Ensure that all dns entries are cleaned up as well. Both in the DNS
>>>> section of RSAT and using adsiedit.  You can load the dns partitions as
>>>> well.
>>>>
>>>> Once you are are all that is cleaned up run:
>>>>
>>>> ldbsearch --cross-ncs --show-deleted -H /usr/local/samba/private/sam.ldb
>>>> | grep "failed dc"
>>>>
>>>> You'll likely see a few entries all with the OADEL.
>>>>
>>>>   From what I can tell, anything listed there is tombstoned and you
>>>> simply
>>>> need to wait for the tombstone period to expire and the objects will be
>>>> removed.  I'm not sure why replication still picks up on them and shows
>>>> as failure, but I can confirm that in my lab - and I tested it 3 times
>>>> to be sure, that after the tombstone period expired and the objects were
>>>> permanently removed, the replication error went away for me.
>>>>
>>>>
>>>> Andy
>>>>
>>>>
>>>> On 5/8/2014 9:58 AM, Andreas Oster wrote:
>>>>> Am 08.05.2014 15:30, schrieb lp101:
>>>>>>        Hello,
>>>>>>
>>>>>>        Remove all traces of the demoted DC from your DNS. Use Windows
>>>>>> ADUC module to remove the DC from the Domain Controllers OU. Use ADSI
>>>>>> to remove all traces of the NTDS files and demoted server. Be careful
>>>>>> using ADSI. Give it a few moments to allow the changes to replicate
>>>>>> across all your existing DC's.
>>>>>>
>>>>>> On 5/8/2014 9:06 AM, Andreas Oster wrote:
>>>>>>> Am 08.05.2014 15:03, schrieb Andreas Oster:
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> I am currently struggling to remove one of our Samba4 DC from the
>>>>>>>> domain. Some time ago, adding a new Samba DC to our AD did not
>>>>>>>> succeed
>>>>>>>> and I had to demote the new server again. After removal,
>>>>>>>> replication on
>>>>>>>> one of the old/existing DCs got weird.
>>>>>>>>
>>>>>>>> /usr/local/samba/bin/samba-tool drs showrepl   gives the following:
>>>>>>>>
>>>>>>>> Standardname-des-ersten-Standorts\dc02
>>>>>>>> DSA Options: 0x00000001
>>>>>>>> DSA object GUID: ef37f4de-a03c-493c-96f6-e521a5415d81
>>>>>>>> DSA invocationId: b0bc10b9-a67f-4550-8fbf-3dc9fbe6fecc
>>>>>>>>
>>>>>>>> ==== INBOUND NEIGHBORS ====
>>>>>>>>
>>>>>>>> DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>                     Last attempt @ Thu May  8 14:49:28 2014 CEST was
>>>>>>>> successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ Thu May  8 14:49:28 2014 CEST
>>>>>>>>
>>>>>>>> DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>                     Last attempt @ Thu May  8 14:49:24 2014 CEST was
>>>>>>>> successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ Thu May  8 14:49:24 2014 CEST
>>>>>>>>
>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>                     Last attempt @ Thu May  8 14:48:50 2014 CEST was
>>>>>>>> successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ Thu May  8 14:48:50 2014 CEST
>>>>>>>>
>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>                     Last attempt @ Thu May  8 14:48:51 2014 CEST was
>>>>>>>> successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ Thu May  8 14:48:51 2014 CEST
>>>>>>>>
>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>                     Last attempt @ Thu May  8 14:48:54 2014 CEST was
>>>>>>>> successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ Thu May  8 14:48:54 2014 CEST
>>>>>>>>
>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>                     Last attempt @ Thu May  8 14:48:55 2014 CEST was
>>>>>>>> successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ Thu May  8 14:48:55 2014 CEST
>>>>>>>>
>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>                     Last attempt @ Thu May  8 14:50:01 2014 CEST was
>>>>>>>> successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ Thu May  8 14:50:01 2014 CEST
>>>>>>>>
>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>                     Last attempt @ Thu May  8 14:50:02 2014 CEST was
>>>>>>>> successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ Thu May  8 14:50:02 2014 CEST
>>>>>>>>
>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>                     Last attempt @ Thu May  8 14:48:56 2014 CEST was
>>>>>>>> successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ Thu May  8 14:48:56 2014 CEST
>>>>>>>>
>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>                     Last attempt @ Thu May  8 14:48:56 2014 CEST was
>>>>>>>> successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ Thu May  8 14:48:56 2014 CEST
>>>>>>>>
>>>>>>>> ==== OUTBOUND NEIGHBORS ====
>>>>>>>>
>>>>>>>> DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>>>                     Last attempt @ Thu May  8 14:51:59 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     1042908 consecutive failure(s).
>>>>>>>>                     Last success @ Tue Feb 11 10:00:38 2014 CET
>>>>>>>>
>>>>>>>> DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>>>                     Last attempt @ Thu May  8 14:51:59 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     1005465 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>>>                     Last attempt @ Thu May  8 14:51:59 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     958484 consecutive failure(s).
>>>>>>>>                     Last success @ Sat Feb 15 12:56:47 2014 CET
>>>>>>>>
>>>>>>>> DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>>>                     Last attempt @ Thu May  8 14:51:58 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     1049436 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>>>                     Last attempt @ Thu May  8 14:51:58 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     1012985 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>>>                     Last attempt @ Thu May  8 14:51:58 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     976997 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>>>                     Last attempt @ Thu May  8 14:52:00 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     999198 consecutive failure(s).
>>>>>>>>                     Last success @ Tue Feb 11 10:00:39 2014 CET
>>>>>>>>
>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>>>                     Last attempt @ Thu May  8 14:52:00 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     994163 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>>>                     Last attempt @ Thu May  8 14:52:00 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     952835 consecutive failure(s).
>>>>>>>>                     Last success @ Sat Feb 15 12:56:42 2014 CET
>>>>>>>>
>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>>>                     Last attempt @ Thu May  8 14:51:58 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     1009552 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>>>                     Last attempt @ Thu May  8 14:51:58 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     1010074 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>>>                     Last attempt @ Thu May  8 14:51:59 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     958577 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>>>                     Last attempt @ Thu May  8 14:52:00 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     975813 consecutive failure(s).
>>>>>>>>                     Last success @ Tue Feb 11 10:00:39 2014 CET
>>>>>>>>
>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>>>                     Last attempt @ Thu May  8 14:52:00 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     955526 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     DSA object GUID:
>>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>>>                     Last attempt @ Thu May  8 14:52:01 2014 CEST
>>>>>>>> failed,
>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>                     892435 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>                     DSA object GUID:
>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>
>>>>>>>> ==== KCC CONNECTION OBJECTS ====
>>>>>>>>
>>>>>>>> Connection --
>>>>>>>>             Connection name: 7027ea76-3617-488d-90f6-93f73de15c79
>>>>>>>>             Enabled        : TRUE
>>>>>>>>             Server DNS name : dc01.samdom.loc
>>>>>>>>             Server DN name  : CN=NTDS
>>>>>>>> Settings,CN=dc01,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     TransportType: RPC
>>>>>>>>                     options: 0x00000001
>>>>>>>> Warning: No NC replicated for Connection!
>>>>>>>> Connection --
>>>>>>>>             Connection name: dc03
>>>>>>>>             Enabled        : TRUE
>>>>>>>>             Server DNS name : dc03.samdom.loc
>>>>>>>>             Server DN name  : CN=NTDS
>>>>>>>> Settings,CN=dc03,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                     TransportType: RPC
>>>>>>>>                     options: 0x00000000
>>>>>>>> Warning: No NC replicated for Connection!
>>>>>>>>
>>>>>>>>
>>>>>>>> The \0ADEL:  entries are the remains of the initial failed join of
>>>>>>>> dc03.
>>>>>>>> I searched the net for a solution to get rid of those entries but
>>>>>>>> did
>>>>>>>> not find any useful information. My next idea was to also demote
>>>>>>>> dc02.
>>>>>>>> Unfortunately after demoting dc02 those \0ADEL: entries showed up on
>>>>>>>> dc01, but only for dc02. I took VM snapshots before demoting dc02 so
>>>>>>>> could easily switch back.
>>>>>>>>
>>>>>>>> Does anyone have an idea how to resolve this issue ?
>>>>>>>>
>>>>>>>> Thank you very much for your kind help
>>>>>>>>
>>>>>>>> best regards
>>>>>>>>
>>>>>>>> Andreas
>>>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> by the way Samba version is: Version 4.2.0pre1-GIT-d7c22d5
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> best regards
>>>>>>>
>>>>>>> Andreas
>>>>>>>
>>>>> Hello lp101,
>>>>>
>>>>> I have no traces of :
>>>>>
>>>>> bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3
>>>>> 60bb6abe-2d08-4f5f-81db-787f6e23706b
>>>>> 619df70c-abc9-4644-bff6-35809664bbd9
>>>>>
>>>>> in DNS. As dc03 is actually successfully joined and working, I cannot
>>>>> remove it via ADUC.
>>>>> Can you tell me where I can find those NTDS entries via ADSI ?
>>>>>
>>>>> Thanks
>>>>>
>>>>> best regards
>>>>>
>>>>> Andreas
>>>>>
>>>>>
>>>>>
>>> Hi Andy,
>>>
>>> I searched via ldbsearch for deleted objects and found the entries. I
>>> then changed the tombstone timeout to a smaller value (10days)= and did
>>> restart samba. After some minutes I searched again and now the entries
>>> for :
>>> bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3
>>> 60bb6abe-2d08-4f5f-81db-787f6e23706b
>>> 619df70c-abc9-4644-bff6-35809664bbd9
>>>
>>> have disappeared from the deleted objects. Unfortunately this seems to
>>> have made things worse as I do now get the following failure:
>>>
>>>
>>> ==== OUTBOUND NEIGHBORS ====
>>>
>>> ERROR(runtime): DsReplicaGetInfo of type -2 failed - (8442,
>>> 'WERR_DS_DRA_INTERNAL_ERROR')
>>>     File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line
>>> 116, in drsuapi_ReplicaInfo
>>>       (info_type, info) = ctx.drsuapi.DsReplicaGetInfo(ctx.drsuapi_handle,
>>> 1, req1)
>>>
>>>
>>> in log.samba I can see the following error:
>>>
>>> [2014/05/08 19:34:49.159705,  0]
>>> ../source4/dsdb/kcc/kcc_drs_replica_info.c:680(fill_neighbor_from_repsTo)
>>>     ../source4/dsdb/kcc/kcc_drs_replica_info.c:680: Failed to find DN for
>>> neighbor GUID 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>
>>> Does anybody have an idea how to get rid of the orphaned neighbour
>>> GUIDs. Where can I find those entries ?
>>>
>>> Thank you for your kind help
>>>
>>> best regards
>>>
>>> Andreas
> Hello Andy,
>
> does this mean I have to wait 10 days until the entries get completely
> deleted from AD ?  Do you think replication will also work again if
> purging has taken place ?
>
> thanks
>
> best regards
>
> Andreas


More information about the samba mailing list