[Samba] Demote a dead PDC: residuals in "DNS" console

Andrew Bartlett abartlet at samba.org
Sat Oct 31 09:36:05 UTC 2015 

On Wed, 2015-10-28 at 16:42 +0100, Ole Traupe wrote:
> Hi,
> 
> I demoted my PDC (DC1) forcefully, because replication (among others)
> wasn't working anymore due to hard disk failure and I was afraid of 
> spending a lot of time on nothing.
> 
> With DC1 offline I seized the FSMO roles on DC2 (4.2.5), restarted 
> Samba, and found errors in the samba log due to the missing DC1.
> 
> I removed the two DNS entries created according to this site:
> https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_join
> s
> I applied the script suggested here:
> https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC
> This removed the DC1 entry in ADUC and "Active Directory Sites and 
> Services".
> 
> However, the error persists (10 minute interval; sanitized):
> # /usr/local/samba/sbin/samba_dnsupdate: couldn't get address for 
> 'dc1.my.domain.de': not found
> 
> Likely due to further DNS entries, the last-mentioned site suggests
> to 
> remove them by hand. Most of the containers in the DNS console have
> only 
> duplicate entries for DC1/2, so no problem. However, 3 don't:
> 
> 
> (removed subfolder and client PC entries; sanitized, translated where
> necessary GR->EN)
> 
> 
> *DNS/DC2/Forward-Lookupzones/my.domain.de*
> 
> Name    Type    Data    Time stamp
> (identical to parent folder)    Source of Authority (SOA)    [3], 
> dc1.my.domain.de., hostmaster.my.domain.de.    ?28.?10.?2015 15:00:00
> (identical to parent folder)    Nameserver (NS) dc1.my.domain.de.   
>  Static
> (identical to parent folder)    Host (A)    IP__of__DC1    Static
> (identical to parent folder)    Host (A)    IP__of__DC2    Static
> DC2    Host (A)    130.149.34.118    ?29.?07.?2015 13:00:00
> 
> 
> *DNS/DC2/Forward-Lookupzones/_msdcs.my.domain.de*
> 
> (identical to parent folder)    Source of Authority (SOA)    [3], 
> dc1.my.domain.de., hostmaster.my.domain.de.    ?28.?10.?2015 15:00:00
> (identical to parent folder)    Nameserver (NS) dc1.my.domain.de.   
>  Static
> objectGUID__of__DC2    Alias (CNAME)    DC2.my.domain.de.
> ?29.?07.?2015 
> 13:00:00
> 
> 
> *DNS/DC2/Forward-Lookupzones/_msdcs.my.domain.de/pdc/_tcp*
> 
> _ldap    Service Identification (SRV)    [0][100][389] 
> dc1.my.domain.de.    Static
> 
> 
> What to do in these cases? Is it safe to open the properties of the 
> non-duplicate entries and replace DC1 with DC2?

Just a quick note to say that we are (finally) working to improve this
situation.  I have patches to improve samba_dnsupdate so that it will
add some of the missing entries (and use RPC to do so, avoiding nasty
chicken/egg issues), and my improvements to samba-tool domain demote
(adding a --remove-other-dead-server option) have landed in master.

I'm sorry this has been so bad for so long, but there is hope. 

Thanks!

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list