[Samba] Demote a dead PDC: residuals in "DNS" console
mathias dufresne
infractory at gmail.com
Thu Oct 29 11:16:49 UTC 2015
Hi,
I played with demote recently on a test AD domain composed with Samba
version 4.3.0 and 4.3.1. I demoted all version 4.3.0.
I was facing same issue as you. I written long mails here to explain how I
managed that. My DNS looks clear now.
Today I played with AD sites and I found in default sites all demoted DC.
They weren't removed from DNS DB nor here. For now I have no idea how to
get rid of these DC in my sites configuration without ADUC.
So you should have a look into your AD Sites configuration tool to check if
they were correctly removed.
Cheers,
mathias
2015-10-29 10:01 GMT+01:00 Ole Traupe <ole.traupe at tu-berlin.de>:
> Ok, I made a backup following the Samba wiki and then did this. Had to
> wait a bit between updating the SOA's because I got a strange error message
> saying that a time value for the non-update of some resource cleanup wasn't
> set. But a few minutes later I could update the second SOA as well, and now
> the Samba log is clean.
>
> Ole
>
>
>
> Am 28.10.2015 um 16:42 schrieb Ole Traupe:
>
>> Hi,
>>
>> I demoted my PDC (DC1) forcefully, because replication (among others)
>> wasn't working anymore due to hard disk failure and I was afraid of
>> spending a lot of time on nothing.
>>
>> With DC1 offline I seized the FSMO roles on DC2 (4.2.5), restarted Samba,
>> and found errors in the samba log due to the missing DC1.
>>
>> I removed the two DNS entries created according to this site:
>> https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
>> I applied the script suggested here:
>> https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC
>> This removed the DC1 entry in ADUC and "Active Directory Sites and
>> Services".
>>
>> However, the error persists (10 minute interval; sanitized):
>> # /usr/local/samba/sbin/samba_dnsupdate: couldn't get address for '
>> dc1.my.domain.de': not found
>>
>> Likely due to further DNS entries, the last-mentioned site suggests to
>> remove them by hand. Most of the containers in the DNS console have only
>> duplicate entries for DC1/2, so no problem. However, 3 don't:
>>
>>
>> (removed subfolder and client PC entries; sanitized, translated where
>> necessary GR->EN)
>>
>>
>> *DNS/DC2/Forward-Lookupzones/my.domain.de*
>>
>> Name Type Data Time stamp
>> (identical to parent folder) Source of Authority (SOA) [3],
>> dc1.my.domain.de., hostmaster.my.domain.de. ?28.?10.?2015 15:00:00
>> (identical to parent folder) Nameserver (NS) dc1.my.domain.de.
>> Static
>> (identical to parent folder) Host (A) IP__of__DC1 Static
>> (identical to parent folder) Host (A) IP__of__DC2 Static
>> DC2 Host (A) 130.149.34.118 ?29.?07.?2015 13:00:00
>>
>>
>> *DNS/DC2/Forward-Lookupzones/_msdcs.my.domain.de*
>>
>> (identical to parent folder) Source of Authority (SOA) [3],
>> dc1.my.domain.de., hostmaster.my.domain.de. ?28.?10.?2015 15:00:00
>> (identical to parent folder) Nameserver (NS) dc1.my.domain.de.
>> Static
>> objectGUID__of__DC2 Alias (CNAME) DC2.my.domain.de. ?29.?07.?2015
>> 13:00:00
>>
>>
>> *DNS/DC2/Forward-Lookupzones/_msdcs.my.domain.de/pdc/_tcp*
>>
>> _ldap Service Identification (SRV) [0][100][389] dc1.my.domain.de.
>> Static
>>
>>
>> What to do in these cases? Is it safe to open the properties of the
>> non-duplicate entries and replace DC1 with DC2?
>>
>> Ole
>>
>>
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list