[Samba] AD DC Replication failure

Lars Hanke debian at lhanke.de
Mon May 18 12:55:51 MDT 2015 

I have 2 AD DC and apparently there is something wrong with the 
replication. samba-tool drs showrepl returns kinda different information 
for the two:

---8<-----------

First DC:

Default-First-Site-Name\SAMBA
DSA Options: 0x00000001
DSA object GUID: b19509be-c3ee-4a58-9fc9-afd61759a23f
DSA invocationId: 4f30d79d-2e9c-4235-88a1-c258b8622d23

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=ad,DC=microsult,DC=de
         Default-First-Site-Name\VERDANDI via RPC
                 DSA object GUID: a03bbb51-1dca-44ae-a4d9-7aa8cb4a1ace
                 Last attempt @ Mon May 18 20:33:36 2015 CEST was successful
                 0 consecutive failure(s).
                 Last success @ Mon May 18 20:33:36 2015 CEST

[...]
==== OUTBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=ad,DC=microsult,DC=de
         Default-First-Site-Name\VERDANDI via RPC
                 DSA object GUID: a03bbb51-1dca-44ae-a4d9-7aa8cb4a1ace
                 Last attempt @ NTTIME(0) was successful
                 0 consecutive failure(s).
                 Last success @ NTTIME(0)
[...]
==== KCC CONNECTION OBJECTS ====

Connection --
         Connection name: 5ec3b776-4bad-4223-99b0-c489fc89a17b
         Enabled        : TRUE
         Server DNS name : verdandi.ad.microsult.de
         Server DN name  : CN=NTDS 
Settings,CN=VERDANDI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=microsult,DC=de
                 TransportType: RPC
                 options: 0x00000001
Warning: No NC replicated for Connection!

Second DC:
Default-First-Site-Name\VERDANDI
DSA Options: 0x00000001
DSA object GUID: a03bbb51-1dca-44ae-a4d9-7aa8cb4a1ace
DSA invocationId: 8bdb4f85-1da2-4f5a-b9a9-e8369d202745

==== INBOUND NEIGHBORS ====

CN=Schema,CN=Configuration,DC=ad,DC=microsult,DC=de
         Default-First-Site-Name\SAMBA via RPC
                 DSA object GUID: b19509be-c3ee-4a58-9fc9-afd61759a23f
                 Last attempt @ Mon May 18 20:35:32 2015 CEST failed, 
result 5 (WERR_ACCESS_DENIED)
                 1147 consecutive failure(s).
                 Last success @ Thu May 14 21:00:14 2015 CEST
[...]
==== OUTBOUND NEIGHBORS ====

CN=Schema,CN=Configuration,DC=ad,DC=microsult,DC=de
         Default-First-Site-Name\SAMBA via RPC
                 DSA object GUID: b19509be-c3ee-4a58-9fc9-afd61759a23f
                 Last attempt @ NTTIME(0) was successful
                 0 consecutive failure(s).
                 Last success @ NTTIME(0)
[...]
==== KCC CONNECTION OBJECTS ====

Connection --
         Connection name: ae027231-5c79-45d9-a9fd-1006cc1beb45
         Enabled        : TRUE
         Server DNS name : samba.ad.microsult.de
         Server DN name  : CN=NTDS 
Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=microsult,DC=de
                 TransportType: RPC
                 options: 0x00000001
Warning: No NC replicated for Connection!

---8<-----------

I'm actually a little lost in correctly understanding INBOUND and 
OUTBOUND to begin with. But it seems that since last Thursday something 
bad is happening. Since everything keeps running currently, I'd 
appreciate any ideas to hunt down the core issue.

Thanks for your help,
  - lars.

More information about the samba mailing list