[Samba] Demote a dead PDC: residuals in "DNS" console

Ole Traupe ole.traupe at tu-berlin.de
Mon Nov 2 11:06:51 UTC 2015 

Andrew, that is great news! Thank you very much for your continuous 
effort in providing Samba for us!

Ole


Am 31.10.2015 um 10:36 schrieb Andrew Bartlett:
> On Wed, 2015-10-28 at 16:42 +0100, Ole Traupe wrote:
>> Hi,
>>
>> I demoted my PDC (DC1) forcefully, because replication (among others)
>> wasn't working anymore due to hard disk failure and I was afraid of
>> spending a lot of time on nothing.
>>
>> With DC1 offline I seized the FSMO roles on DC2 (4.2.5), restarted
>> Samba, and found errors in the samba log due to the missing DC1.
>>
>> I removed the two DNS entries created according to this site:
>> https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_join
>> s
>> I applied the script suggested here:
>> https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC
>> This removed the DC1 entry in ADUC and "Active Directory Sites and
>> Services".
>>
>> However, the error persists (10 minute interval; sanitized):
>> # /usr/local/samba/sbin/samba_dnsupdate: couldn't get address for
>> 'dc1.my.domain.de': not found
>>
>> Likely due to further DNS entries, the last-mentioned site suggests
>> to
>> remove them by hand. Most of the containers in the DNS console have
>> only
>> duplicate entries for DC1/2, so no problem. However, 3 don't:
>>
>>
>> (removed subfolder and client PC entries; sanitized, translated where
>> necessary GR->EN)
>>
>>
>> *DNS/DC2/Forward-Lookupzones/my.domain.de*
>>
>> Name    Type    Data    Time stamp
>> (identical to parent folder)    Source of Authority (SOA)    [3],
>> dc1.my.domain.de., hostmaster.my.domain.de.    ?28.?10.?2015 15:00:00
>> (identical to parent folder)    Nameserver (NS) dc1.my.domain.de.
>>   Static
>> (identical to parent folder)    Host (A)    IP__of__DC1    Static
>> (identical to parent folder)    Host (A)    IP__of__DC2    Static
>> DC2    Host (A)    130.149.34.118    ?29.?07.?2015 13:00:00
>>
>>
>> *DNS/DC2/Forward-Lookupzones/_msdcs.my.domain.de*
>>
>> (identical to parent folder)    Source of Authority (SOA)    [3],
>> dc1.my.domain.de., hostmaster.my.domain.de.    ?28.?10.?2015 15:00:00
>> (identical to parent folder)    Nameserver (NS) dc1.my.domain.de.
>>   Static
>> objectGUID__of__DC2    Alias (CNAME)    DC2.my.domain.de.
>> ?29.?07.?2015
>> 13:00:00
>>
>>
>> *DNS/DC2/Forward-Lookupzones/_msdcs.my.domain.de/pdc/_tcp*
>>
>> _ldap    Service Identification (SRV)    [0][100][389]
>> dc1.my.domain.de.    Static
>>
>>
>> What to do in these cases? Is it safe to open the properties of the
>> non-duplicate entries and replace DC1 with DC2?
> Just a quick note to say that we are (finally) working to improve this
> situation.  I have patches to improve samba_dnsupdate so that it will
> add some of the missing entries (and use RPC to do so, avoiding nasty
> chicken/egg issues), and my improvements to samba-tool domain demote
> (adding a --remove-other-dead-server option) have landed in master.
>
> I'm sorry this has been so bad for so long, but there is hope.
>
> Thanks!
>
> Andrew Bartlett
>

More information about the samba mailing list