[Samba] No more replication for new DC

mathias dufresne infractory at gmail.com
Mon Nov 16 14:33:09 UTC 2015 

Another error coming often:
[2015/11/16 15:11:07.592598,  0]
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
  Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:10.156.248.219[1024,seal,krb5,target_hostname=231cc777-1ab8-4b15-be6c-dcd218df48e9._msdcs.samba.domain.tld,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.156.248.221]
NT_STATUS_INVALID_PARAMETER

Digging a bit further there is no "servicePrincipalName" for last added DC.
Using samba_spnupdate on FSMO owner or on newly added DC has no effect.

I'm about to create these servicePrincipalName by hand to see if it could
solve my little issue.

Cheers,

mathias


2015-11-16 14:40 GMT+01:00 mathias dufresne <infractory at gmail.com>:

> Hi all,
>
> I have 3 DCs running Samba 4.3.1 in the same domain. They seem to work
> quiet well with coherent databases on each of them.
>
> After rebuilding my RPM to include systemd units, I've joined a Samba
> 4.3.1 today, using --domain-critical-only. The join was successful, the
> replication was not. This DC has only 146 objects in the DB when it should
> have a bit less than 50000 objects.
>
> As I was suspecting the newly built RPMs, I set up another DC using same
> RPMs as the ones used to prepare first 3 DC. I joined that 5th DC to the
> domain, successfully, but replication does not work too.
>
> Finally I installed 4.2.5 sernet's version, join it to the domain and
> still replication does not work.
>
> In log.samba from newly added DC there are lines:
> [2015/11/16 14:25:05.966500,  0]
> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit)
>   ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit
> of transaction: operations error at
> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147
> [2015/11/16 14:25:05.968151,  0]
> ../source4/dsdb/repl/drepl_out_helpers.c:770(dreplsrv_op_pull_source_apply_changes_trigger)
>   Failed to commit objects:
> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>
> Coming repetitively.
>
> One important thing is I changed FSMO owner on that domain once I switched
> from 4.3.0 to 4.3.1.
> As already discussed seizing FSMO does not modify DNS entry for SOA so I'd
> modified that manually plus lot of others entries to remove traces of old
> DCs. There is no more LDAP entry for these old DCs.
>
> If someone has some idea to solve that, he would be welcomed :)
>
> Cheers,
>
> mathias
>
>

More information about the samba mailing list