[Samba] Replication Problem with Deleted Object on Samba 4.1.17

Achim Gottinger achim at ag-web.biz
Tue Jul 21 18:26:29 UTC 2015 

Hello List,

Im running an network with five samba 4 addc, all on debian wheezy with 
the sernet packages. Recently an replication error showed up for an 
single Computer (WIN7-M-ADMIN) record. So I unjoined the pc from the 
domain deleted it's record from dc1 manually on the other dc's it had 
been removed automaticaly during unjoin.
Now I get the following error

[2015/07/21 20:15:40.113205,  0] 
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
   ldb: No objectClass found in replPropertyMetaData for 
CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted 
Objects,DC=domain,DC=local!

[2015/07/21 20:15:40.113772,  0] 
../source4/dsdb/repl/replicated_objects.c:783(dsdb_replicated_objects_commit)
   Failed to apply records: replmd_replicated_apply_add: error during 
DRS repl ADD: No objectClass found in replPropertyMetaData for 
CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted 
Objects,DC=domain,DC=local!
   : Object class violation
[2015/07/21 20:15:40.114277,  0] 
../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger)
   Failed to commit objects: 
WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE

Joing does not help the Computer shows up on dc's 2-4 but not on dc1.

On dc1 there is no record for win7-m-admin neighter an deleted one.

samba-tool dbcheck -cross-ncs show's no errors on all dc's.
samba-tool ldbcmp detects an missing win7-m-admin record on dc1.

An year back it was possible to remove Deleted Object with ldbdel

Now:
ldbdel --show-deleted --extended-dn -H /var/lib/samba/private/sam.ldb -b 
"CN=Deleted Objects,DC=domain,DC=local" 
'<GUID=a8530d8e-1767-4f6b-8fe9-ce11a51b295c>'
Results in:
delete of '' failed - (Unwilling to perform) Refusing to delete 
tombstone object 
CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted 
Objects,DC=fot,DC=local.  This check is to prevent corruption of the 
replicated state.

I'd just purge this record from dc's 2-4 and rejoin the computer once 
again but unfortunately this is no longer possible because of this new 
check. Is there an way to force the deletion, because the replicated 
state is already corrupted?

Thanks in advance
Achim~

More information about the samba mailing list