[Samba] No more replication for new DC
Rowland Penny
rowlandpenny241155 at gmail.com
Mon Nov 16 15:35:28 UTC 2015
On 16/11/15 15:09, mathias dufresne wrote:
> That did not work. I've added DNS entries mentioned in that wiki page. I
> also forced creation of all entries mentioned by samba_dnsupdate
> --all-names --verbose.
> So I expect all needed DNS entries are present. If some are still missing
> they are not mentioned by samba_dnsupdate. And as samba_dnsupdate job is to
> create missing DNS entries, I dare rely on it.
>
> I expect the issue comes from missing servicePrincipalName.
>
> I'm wondering why these LDAP fields are not filled...
>
> Cheers,
>
> mathias
>
> 2015-11-16 15:39 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
>
>> On 16/11/15 14:33, mathias dufresne wrote:
>>
>>> Another error coming often:
>>> [2015/11/16 15:11:07.592598, 0]
>>> ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
>>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>>>
>>> ncacn_ip_tcp:10.156.248.219[1024,seal,krb5,target_hostname=231cc777-1ab8-4b15-be6c-dcd218df48e9._msdcs.samba.domain.tld,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.156.248.221]
>>> NT_STATUS_INVALID_PARAMETER
>>>
>>> Digging a bit further there is no "servicePrincipalName" for last added
>>> DC.
>>> Using samba_spnupdate on FSMO owner or on newly added DC has no effect.
>>>
>>> I'm about to create these servicePrincipalName by hand to see if it could
>>> solve my little issue.
>>>
>>> Cheers,
>>>
>>> mathias
>>>
>>>
>>> 2015-11-16 14:40 GMT+01:00 mathias dufresne <infractory at gmail.com>:
>>>
>>> Hi all,
>>>> I have 3 DCs running Samba 4.3.1 in the same domain. They seem to work
>>>> quiet well with coherent databases on each of them.
>>>>
>>>> After rebuilding my RPM to include systemd units, I've joined a Samba
>>>> 4.3.1 today, using --domain-critical-only. The join was successful, the
>>>> replication was not. This DC has only 146 objects in the DB when it
>>>> should
>>>> have a bit less than 50000 objects.
>>>>
>>>> As I was suspecting the newly built RPMs, I set up another DC using same
>>>> RPMs as the ones used to prepare first 3 DC. I joined that 5th DC to the
>>>> domain, successfully, but replication does not work too.
>>>>
>>>> Finally I installed 4.2.5 sernet's version, join it to the domain and
>>>> still replication does not work.
>>>>
>>>> In log.samba from newly added DC there are lines:
>>>> [2015/11/16 14:25:05.966500, 0]
>>>>
>>>> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit)
>>>> ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit
>>>> of transaction: operations error at
>>>> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147
>>>> [2015/11/16 14:25:05.968151, 0]
>>>>
>>>> ../source4/dsdb/repl/drepl_out_helpers.c:770(dreplsrv_op_pull_source_apply_changes_trigger)
>>>> Failed to commit objects:
>>>> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>>>>
>>>> Coming repetitively.
>>>>
>>>> One important thing is I changed FSMO owner on that domain once I
>>>> switched
>>>> from 4.3.0 to 4.3.1.
>>>> As already discussed seizing FSMO does not modify DNS entry for SOA so
>>>> I'd
>>>> modified that manually plus lot of others entries to remove traces of old
>>>> DCs. There is no more LDAP entry for these old DCs.
>>>>
>>>> If someone has some idea to solve that, he would be welcomed :)
>>>>
>>>> Cheers,
>>>>
>>>> mathias
>>>>
>>>>
>>>>
>> Have a look here:
>> https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
Before you do anything else, have you tried rebooting the DC?
Rowland
More information about the samba
mailing list