[Samba] replication problems in samba4 ad domain

[Jon Detert]

----- Original Message -----

> From: "Nigel W" <nigel.w at nosun.ca>
> To: "Jon Detert" <jdetert at infinityhealthcare.com>
> Cc: samba at lists.samba.org
> Sent: Wednesday, February 25, 2015 1:25:28 PM
> Subject: Re: [Samba] replication problems in samba4 ad domain

> Hello,

> On Wed, Feb 25, 2015 at 9:28 AM, Jon Detert < jdetert at infinityhealthcare.com
> > wrote:

> > 1) on all 3 dcs, says "Warning: No NC replicated for Connection!" in the
> > "KCC
> > CONNECTION OBJECTS" section for each of the other 2 dcs
> 

> This is apparently normal, see:
> https://wiki.samba.org/index.php/FAQ#Message:_Warning:_No_NC_replicated_for_Connection.21

> On Wed, Feb 25, 2015 at 9:28 AM, Jon Detert < jdetert at infinityhealthcare.com
> > wrote:

> > 4) on dc1, shows success for dc3, and failure for dc2, for all 5 branches
> > under the "INBOUND NEIGHBORS" section.
> 

> What is the error message for the failures?

I don't have the actual error messages anymore. However, the problem is solved: I restarted samba on dc1, and all the problems went away. 

When I first set up dc2, I was able to join it to the domain for which dc1 was the only dc at the time. However, at that time, not all network conversations that two dc's might have with each other were allowed (there are multiple firewalls in between the two dc's). Some changes were made to domain objects before I made all the network conversations possible. Even after I allowed all necessary conversations, dc2 and dc1 were not able to synchronize (specifically in the direction of dc2 -> dc1). However, after I restarted the samba service on dc1, they synchronized. 

> .local is a bad idea for a domain, see:
> https://wiki.samba.org/index.php/DNS#Avoid_.local_TLD

Thanks for pointing that out. 

> For me, the issues I have had with replication have come from the servers
> having issues not being able to lookup the target controller in DNS.

> Thanks,

Best regards, 

Jon Detert