[Samba] Demote a dead PDC: residuals in "DNS" console
Ole Traupe
ole.traupe at tu-berlin.de
Wed Oct 28 15:42:05 UTC 2015
Hi,
I demoted my PDC (DC1) forcefully, because replication (among others)
wasn't working anymore due to hard disk failure and I was afraid of
spending a lot of time on nothing.
With DC1 offline I seized the FSMO roles on DC2 (4.2.5), restarted
Samba, and found errors in the samba log due to the missing DC1.
I removed the two DNS entries created according to this site:
https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
I applied the script suggested here:
https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC
This removed the DC1 entry in ADUC and "Active Directory Sites and
Services".
However, the error persists (10 minute interval; sanitized):
# /usr/local/samba/sbin/samba_dnsupdate: couldn't get address for
'dc1.my.domain.de': not found
Likely due to further DNS entries, the last-mentioned site suggests to
remove them by hand. Most of the containers in the DNS console have only
duplicate entries for DC1/2, so no problem. However, 3 don't:
(removed subfolder and client PC entries; sanitized, translated where
necessary GR->EN)
*DNS/DC2/Forward-Lookupzones/my.domain.de*
Name Type Data Time stamp
(identical to parent folder) Source of Authority (SOA) [3],
dc1.my.domain.de., hostmaster.my.domain.de. ?28.?10.?2015 15:00:00
(identical to parent folder) Nameserver (NS) dc1.my.domain.de. Static
(identical to parent folder) Host (A) IP__of__DC1 Static
(identical to parent folder) Host (A) IP__of__DC2 Static
DC2 Host (A) 130.149.34.118 ?29.?07.?2015 13:00:00
*DNS/DC2/Forward-Lookupzones/_msdcs.my.domain.de*
(identical to parent folder) Source of Authority (SOA) [3],
dc1.my.domain.de., hostmaster.my.domain.de. ?28.?10.?2015 15:00:00
(identical to parent folder) Nameserver (NS) dc1.my.domain.de. Static
objectGUID__of__DC2 Alias (CNAME) DC2.my.domain.de. ?29.?07.?2015
13:00:00
*DNS/DC2/Forward-Lookupzones/_msdcs.my.domain.de/pdc/_tcp*
_ldap Service Identification (SRV) [0][100][389]
dc1.my.domain.de. Static
What to do in these cases? Is it safe to open the properties of the
non-duplicate entries and replace DC1 with DC2?
Ole
More information about the samba
mailing list