[Samba] No more replication for new DC
Rowland Penny
rowlandpenny241155 at gmail.com
Mon Nov 16 14:39:39 UTC 2015
On 16/11/15 14:33, mathias dufresne wrote:
> Another error coming often:
> [2015/11/16 15:11:07.592598, 0]
> ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
> ncacn_ip_tcp:10.156.248.219[1024,seal,krb5,target_hostname=231cc777-1ab8-4b15-be6c-dcd218df48e9._msdcs.samba.domain.tld,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.156.248.221]
> NT_STATUS_INVALID_PARAMETER
>
> Digging a bit further there is no "servicePrincipalName" for last added DC.
> Using samba_spnupdate on FSMO owner or on newly added DC has no effect.
>
> I'm about to create these servicePrincipalName by hand to see if it could
> solve my little issue.
>
> Cheers,
>
> mathias
>
>
> 2015-11-16 14:40 GMT+01:00 mathias dufresne <infractory at gmail.com>:
>
>> Hi all,
>>
>> I have 3 DCs running Samba 4.3.1 in the same domain. They seem to work
>> quiet well with coherent databases on each of them.
>>
>> After rebuilding my RPM to include systemd units, I've joined a Samba
>> 4.3.1 today, using --domain-critical-only. The join was successful, the
>> replication was not. This DC has only 146 objects in the DB when it should
>> have a bit less than 50000 objects.
>>
>> As I was suspecting the newly built RPMs, I set up another DC using same
>> RPMs as the ones used to prepare first 3 DC. I joined that 5th DC to the
>> domain, successfully, but replication does not work too.
>>
>> Finally I installed 4.2.5 sernet's version, join it to the domain and
>> still replication does not work.
>>
>> In log.samba from newly added DC there are lines:
>> [2015/11/16 14:25:05.966500, 0]
>> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit)
>> ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit
>> of transaction: operations error at
>> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147
>> [2015/11/16 14:25:05.968151, 0]
>> ../source4/dsdb/repl/drepl_out_helpers.c:770(dreplsrv_op_pull_source_apply_changes_trigger)
>> Failed to commit objects:
>> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>>
>> Coming repetitively.
>>
>> One important thing is I changed FSMO owner on that domain once I switched
>> from 4.3.0 to 4.3.1.
>> As already discussed seizing FSMO does not modify DNS entry for SOA so I'd
>> modified that manually plus lot of others entries to remove traces of old
>> DCs. There is no more LDAP entry for these old DCs.
>>
>> If someone has some idea to solve that, he would be welcomed :)
>>
>> Cheers,
>>
>> mathias
>>
>>
Have a look here:
https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
More information about the samba
mailing list