[Samba] RPC, DCOM, 1745 and Other Errors

[Taylor, Jonn]

On 09/29/2014 01:31 PM, mourik jan heupink - merit wrote:
> Hi John,
>
> On 09/29/2014 08:18 PM, Taylor, Jonn wrote:
>> Yes, it is possible to corrupt you domain. The problem is that the
>> dcpromo does not remove the meta data for that DC. Currently none of the
>> domain tools can remove it so all your DC's will continue to try and
>> replicate to it. In my testing I found that the domain get corrupted
>> after a few weeks.
> We have been running longer than a few weeks with one unavailable DC.
> So: many replication failures filling up the logs. But that was it, no
> corruption of any kind, at least none that I'm aware of.
>
> Just last week I removed the metadata with the visual basic script from:
> http://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3
>
>
> This worked very well: the replication errors have stopped, and there
> has been no database corruption. Only the dns entries had to be
> manually removed.
>
> What corruption (or risk of corruption?) are you talking about?
>
> MJ
>From what I remember if you try and rejoin a DC with the same name some
bad this happen when you try and remove it a second time. I have had
this happen on a first removal. This was done on a 2003 domain that was
upgraded to 2008R2 then joined a samba 4 AD server to it. After that we
did a dcpromo on the old MS AD server. That failed and had to do a
force. After the force it left the meta data that could not be removed.
After a few week our users were unable to login to our terminal server
and a few weeks after that no one could authenticate to the domain.

This is a known problem that has been posted on the dev list several
times along with the DNS issues that go with this bug.

Jonn