[Samba] Trouble demoting DC with broken replication

Andreas Oster aoster at novanetwork.de
Sat May 10 00:49:10 MDT 2014


Am 09/05/14 20:17, schrieb Andy Durant:
> In my case, yes. Once i waited the time for the tombstone to expire and
> fully remove the item from Active directory, all my errors went away.
>
> My one other DC never stopped replicating properly, and it appears by
> the DRS output, your other ones are working correctly as well.
>
> I was even able to add another DC with the same name and IP as the first
> failed DC and it started replicating right away as well.(After the
> tombstone expired and the objects were completely removed. Prior to that
> - a new dc may have the same name and IP but the guid will be different
> and thus replication will still show the error for the failed one, plus
> - working replication for the new one.)
>
> Andy
>
> On 5/9/2014 4:02 AM, Andreas Oster wrote:
>> Am 08.05.2014 20:31, schrieb Andy Durant:
>>> The 10 days you set for tombstone hasn't elapsed yet for that particular
>>> object, or it hasn't replicated to your remaining DCs. You will have to
>>> wait for it to expire and be actually deleted.
>>>
>>>
>>>
>>> Andy
>>>
>>>
>>> On 5/8/2014 1:55 PM, Andreas Oster wrote:
>>>> Am 08.05.2014 16:12, schrieb Andy Durant:
>>>>> I struggled with this issue for a few weeks in my lab.
>>>>>
>>>>> Use this as a guide for cleaning up metadata and using adsiedit to
>>>>> clean
>>>>> up the directory.
>>>>>
>>>>> http://support.microsoft.com/kb/216498
>>>>>
>>>>> Ensure that all dns entries are cleaned up as well. Both in the DNS
>>>>> section of RSAT and using adsiedit.  You can load the dns
>>>>> partitions as
>>>>> well.
>>>>>
>>>>> Once you are are all that is cleaned up run:
>>>>>
>>>>> ldbsearch --cross-ncs --show-deleted -H
>>>>> /usr/local/samba/private/sam.ldb
>>>>> | grep "failed dc"
>>>>>
>>>>> You'll likely see a few entries all with the OADEL.
>>>>>
>>>>>   From what I can tell, anything listed there is tombstoned and you
>>>>> simply
>>>>> need to wait for the tombstone period to expire and the objects
>>>>> will be
>>>>> removed.  I'm not sure why replication still picks up on them and
>>>>> shows
>>>>> as failure, but I can confirm that in my lab - and I tested it 3 times
>>>>> to be sure, that after the tombstone period expired and the objects
>>>>> were
>>>>> permanently removed, the replication error went away for me.
>>>>>
>>>>>
>>>>> Andy
>>>>>
>>>>>
>>>>> On 5/8/2014 9:58 AM, Andreas Oster wrote:
>>>>>> Am 08.05.2014 15:30, schrieb lp101:
>>>>>>>        Hello,
>>>>>>>
>>>>>>>        Remove all traces of the demoted DC from your DNS. Use
>>>>>>> Windows
>>>>>>> ADUC module to remove the DC from the Domain Controllers OU. Use
>>>>>>> ADSI
>>>>>>> to remove all traces of the NTDS files and demoted server. Be
>>>>>>> careful
>>>>>>> using ADSI. Give it a few moments to allow the changes to replicate
>>>>>>> across all your existing DC's.
>>>>>>>
>>>>>>> On 5/8/2014 9:06 AM, Andreas Oster wrote:
>>>>>>>> Am 08.05.2014 15:03, schrieb Andreas Oster:
>>>>>>>>> Hi all,
>>>>>>>>>
>>>>>>>>> I am currently struggling to remove one of our Samba4 DC from the
>>>>>>>>> domain. Some time ago, adding a new Samba DC to our AD did not
>>>>>>>>> succeed
>>>>>>>>> and I had to demote the new server again. After removal,
>>>>>>>>> replication on
>>>>>>>>> one of the old/existing DCs got weird.
>>>>>>>>>
>>>>>>>>> /usr/local/samba/bin/samba-tool drs showrepl   gives the
>>>>>>>>> following:
>>>>>>>>>
>>>>>>>>> Standardname-des-ersten-Standorts\dc02
>>>>>>>>> DSA Options: 0x00000001
>>>>>>>>> DSA object GUID: ef37f4de-a03c-493c-96f6-e521a5415d81
>>>>>>>>> DSA invocationId: b0bc10b9-a67f-4550-8fbf-3dc9fbe6fecc
>>>>>>>>>
>>>>>>>>> ==== INBOUND NEIGHBORS ====
>>>>>>>>>
>>>>>>>>> DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>>                     Last attempt @ Thu May  8 14:49:28 2014
>>>>>>>>> CEST was
>>>>>>>>> successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ Thu May  8 14:49:28 2014 CEST
>>>>>>>>>
>>>>>>>>> DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>>                     Last attempt @ Thu May  8 14:49:24 2014
>>>>>>>>> CEST was
>>>>>>>>> successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ Thu May  8 14:49:24 2014 CEST
>>>>>>>>>
>>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>>                     Last attempt @ Thu May  8 14:48:50 2014
>>>>>>>>> CEST was
>>>>>>>>> successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ Thu May  8 14:48:50 2014 CEST
>>>>>>>>>
>>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>>                     Last attempt @ Thu May  8 14:48:51 2014
>>>>>>>>> CEST was
>>>>>>>>> successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ Thu May  8 14:48:51 2014 CEST
>>>>>>>>>
>>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>>                     Last attempt @ Thu May  8 14:48:54 2014
>>>>>>>>> CEST was
>>>>>>>>> successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ Thu May  8 14:48:54 2014 CEST
>>>>>>>>>
>>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>>                     Last attempt @ Thu May  8 14:48:55 2014
>>>>>>>>> CEST was
>>>>>>>>> successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ Thu May  8 14:48:55 2014 CEST
>>>>>>>>>
>>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>>                     Last attempt @ Thu May  8 14:50:01 2014
>>>>>>>>> CEST was
>>>>>>>>> successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ Thu May  8 14:50:01 2014 CEST
>>>>>>>>>
>>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>>                     Last attempt @ Thu May  8 14:50:02 2014
>>>>>>>>> CEST was
>>>>>>>>> successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ Thu May  8 14:50:02 2014 CEST
>>>>>>>>>
>>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>>                     Last attempt @ Thu May  8 14:48:56 2014
>>>>>>>>> CEST was
>>>>>>>>> successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ Thu May  8 14:48:56 2014 CEST
>>>>>>>>>
>>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>>                     Last attempt @ Thu May  8 14:48:56 2014
>>>>>>>>> CEST was
>>>>>>>>> successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ Thu May  8 14:48:56 2014 CEST
>>>>>>>>>
>>>>>>>>> ==== OUTBOUND NEIGHBORS ====
>>>>>>>>>
>>>>>>>>> DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>>>>                     Last attempt @ Thu May  8 14:51:59 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     1042908 consecutive failure(s).
>>>>>>>>>                     Last success @ Tue Feb 11 10:00:38 2014 CET
>>>>>>>>>
>>>>>>>>> DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>>>>                     Last attempt @ Thu May  8 14:51:59 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     1005465 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>>>>                     Last attempt @ Thu May  8 14:51:59 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     958484 consecutive failure(s).
>>>>>>>>>                     Last success @ Sat Feb 15 12:56:47 2014 CET
>>>>>>>>>
>>>>>>>>> DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>>>>                     Last attempt @ Thu May  8 14:51:58 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     1049436 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>>>>                     Last attempt @ Thu May  8 14:51:58 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     1012985 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>>>>                     Last attempt @ Thu May  8 14:51:58 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     976997 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=ForestDnsZones,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>>>>                     Last attempt @ Thu May  8 14:52:00 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     999198 consecutive failure(s).
>>>>>>>>>                     Last success @ Tue Feb 11 10:00:39 2014 CET
>>>>>>>>>
>>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>>>>                     Last attempt @ Thu May  8 14:52:00 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     994163 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>>>>                     Last attempt @ Thu May  8 14:52:00 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     952835 consecutive failure(s).
>>>>>>>>>                     Last success @ Sat Feb 15 12:56:42 2014 CET
>>>>>>>>>
>>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>>>>                     Last attempt @ Thu May  8 14:51:58 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     1009552 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>>>>                     Last attempt @ Thu May  8 14:51:58 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     1010074 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>>>>                     Last attempt @ Thu May  8 14:51:59 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     958577 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> DC=DomainDnsZones,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:23db6774-c155-4e5f-a793-07e9c772ddc4,CN=dc03\0ADEL:bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>>>>>>                     Last attempt @ Thu May  8 14:52:00 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     975813 consecutive failure(s).
>>>>>>>>>                     Last success @ Tue Feb 11 10:00:39 2014 CET
>>>>>>>>>
>>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:1a890c41-4326-47c1-90c0-28f8e70801a7,CN=dc03\0ADEL:60bb6abe-2d08-4f5f-81db-787f6e23706b,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 1a890c41-4326-47c1-90c0-28f8e70801a7
>>>>>>>>>                     Last attempt @ Thu May  8 14:52:00 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     955526 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             NTDS DN: CN=NTDS
>>>>>>>>> Settings\0ADEL:8c0461e2-6f72-42be-98ab-ce175fc84653,CN=dc03\0ADEL:619df70c-abc9-4644-bff6-35809664bbd9,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 8c0461e2-6f72-42be-98ab-ce175fc84653
>>>>>>>>>                     Last attempt @ Thu May  8 14:52:01 2014 CEST
>>>>>>>>> failed,
>>>>>>>>> result 2 (WERR_BADFILE)
>>>>>>>>>                     892435 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc03 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> 94534f65-5d06-41f5-844d-a58a0bc03c93
>>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> CN=Schema,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>             Standardname-des-ersten-Standorts\dc01 via RPC
>>>>>>>>>                     DSA object GUID:
>>>>>>>>> c60bca82-df6e-409e-85c5-e2cc733691da
>>>>>>>>>                     Last attempt @ NTTIME(0) was successful
>>>>>>>>>                     0 consecutive failure(s).
>>>>>>>>>                     Last success @ NTTIME(0)
>>>>>>>>>
>>>>>>>>> ==== KCC CONNECTION OBJECTS ====
>>>>>>>>>
>>>>>>>>> Connection --
>>>>>>>>>             Connection name: 7027ea76-3617-488d-90f6-93f73de15c79
>>>>>>>>>             Enabled        : TRUE
>>>>>>>>>             Server DNS name : dc01.samdom.loc
>>>>>>>>>             Server DN name  : CN=NTDS
>>>>>>>>> Settings,CN=dc01,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     TransportType: RPC
>>>>>>>>>                     options: 0x00000001
>>>>>>>>> Warning: No NC replicated for Connection!
>>>>>>>>> Connection --
>>>>>>>>>             Connection name: dc03
>>>>>>>>>             Enabled        : TRUE
>>>>>>>>>             Server DNS name : dc03.samdom.loc
>>>>>>>>>             Server DN name  : CN=NTDS
>>>>>>>>> Settings,CN=dc03,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=samdom,DC=loc
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                     TransportType: RPC
>>>>>>>>>                     options: 0x00000000
>>>>>>>>> Warning: No NC replicated for Connection!
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> The \0ADEL:  entries are the remains of the initial failed join of
>>>>>>>>> dc03.
>>>>>>>>> I searched the net for a solution to get rid of those entries but
>>>>>>>>> did
>>>>>>>>> not find any useful information. My next idea was to also demote
>>>>>>>>> dc02.
>>>>>>>>> Unfortunately after demoting dc02 those \0ADEL: entries showed
>>>>>>>>> up on
>>>>>>>>> dc01, but only for dc02. I took VM snapshots before demoting
>>>>>>>>> dc02 so
>>>>>>>>> could easily switch back.
>>>>>>>>>
>>>>>>>>> Does anyone have an idea how to resolve this issue ?
>>>>>>>>>
>>>>>>>>> Thank you very much for your kind help
>>>>>>>>>
>>>>>>>>> best regards
>>>>>>>>>
>>>>>>>>> Andreas
>>>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> by the way Samba version is: Version 4.2.0pre1-GIT-d7c22d5
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> best regards
>>>>>>>>
>>>>>>>> Andreas
>>>>>>>>
>>>>>> Hello lp101,
>>>>>>
>>>>>> I have no traces of :
>>>>>>
>>>>>> bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3
>>>>>> 60bb6abe-2d08-4f5f-81db-787f6e23706b
>>>>>> 619df70c-abc9-4644-bff6-35809664bbd9
>>>>>>
>>>>>> in DNS. As dc03 is actually successfully joined and working, I cannot
>>>>>> remove it via ADUC.
>>>>>> Can you tell me where I can find those NTDS entries via ADSI ?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> best regards
>>>>>>
>>>>>> Andreas
>>>>>>
>>>>>>
>>>>>>
>>>> Hi Andy,
>>>>
>>>> I searched via ldbsearch for deleted objects and found the entries. I
>>>> then changed the tombstone timeout to a smaller value (10days)= and did
>>>> restart samba. After some minutes I searched again and now the entries
>>>> for :
>>>> bb22ce3e-2d94-47e2-aa29-11a2a0e4e2f3
>>>> 60bb6abe-2d08-4f5f-81db-787f6e23706b
>>>> 619df70c-abc9-4644-bff6-35809664bbd9
>>>>
>>>> have disappeared from the deleted objects. Unfortunately this seems to
>>>> have made things worse as I do now get the following failure:
>>>>
>>>>
>>>> ==== OUTBOUND NEIGHBORS ====
>>>>
>>>> ERROR(runtime): DsReplicaGetInfo of type -2 failed - (8442,
>>>> 'WERR_DS_DRA_INTERNAL_ERROR')
>>>>     File
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py",
>>>> line
>>>> 116, in drsuapi_ReplicaInfo
>>>>       (info_type, info) =
>>>> ctx.drsuapi.DsReplicaGetInfo(ctx.drsuapi_handle,
>>>> 1, req1)
>>>>
>>>>
>>>> in log.samba I can see the following error:
>>>>
>>>> [2014/05/08 19:34:49.159705,  0]
>>>> ../source4/dsdb/kcc/kcc_drs_replica_info.c:680(fill_neighbor_from_repsTo)
>>>>
>>>>     ../source4/dsdb/kcc/kcc_drs_replica_info.c:680: Failed to find
>>>> DN for
>>>> neighbor GUID 23db6774-c155-4e5f-a793-07e9c772ddc4
>>>>
>>>> Does anybody have an idea how to get rid of the orphaned neighbour
>>>> GUIDs. Where can I find those entries ?
>>>>
>>>> Thank you for your kind help
>>>>
>>>> best regards
>>>>
>>>> Andreas
>> Hello Andy,
>>
>> does this mean I have to wait 10 days until the entries get completely
>> deleted from AD ?  Do you think replication will also work again if
>> purging has taken place ?
>>
>> thanks
>>
>> best regards
>>
>> Andreas
Hello Andy,

yes, you are right my other two DCs do not show any replication issues.
I will wait some days for the entries to expire and be removed from AD.
I hope this will actually fix the replication issues I have on the 
affected DC.

Thank you very much for your help.

best regards

Andreas



More information about the samba mailing list