[Samba] Samba 4.4.2 AD DC demote fails

Andrew Bartlett abartlet at samba.org
Sat Apr 30 00:59:28 UTC 2016 

On Fri, 2016-04-29 at 20:50 +0100, Miguel Medalha wrote:
> Demotion of a AD DC fails with the following errors:
> 
> If I explicitly select a partner server with the "--server=" option
> the 
> error is:
> 
> Deactivating inbound replication
> Asking partner server [selectedDC] to synchronize from us
> Error while demoting, re-enabling inbound replication
> ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception -
> local 
> variable 'e' referenced before assignment
>    File 
> "/usr/local/samba/lib64/python2.7/site
> -packages/samba/netcmd/__init__.py", 
> line 175, in _run
>      return self.run(*args, **kwargs)
>    File 
> "/usr/local/samba/lib64/python2.7/site
> -packages/samba/netcmd/domain.py", 
> line 797, in run
>      raise CommandError("Error while sending a DsReplicaSync for
> partion 
> %s" % str(part), e)
> 
> 
> If I don't explicitly select a partner server, the error is:
> 
> Deactivating inbound replication
> Asking partner server [someDC] to synchronize from us
> Error while demoting, re-enabling inbound replication
> ERROR(<type 'exceptions.RuntimeError'>): Error while sending a 
> DsReplicaSync for partion DC=lan,DC=cimbal,DC=pt - (8440, 
> 'WERR_DS_DRA_BAD_NC')
>    File 
> "/usr/local/samba/lib64/python2.7/site
> -packages/samba/netcmd/domain.py", 
> line 786, in run
>      drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1)
> 
> 
> I have two other DCs which seem to be working correctly. Replication
> and 
> name resolution are working. All 7 FSMO roles have been successfully 
> transferred to one of the other DCs prior to the demotion attempt.
> 
> Can anyone here point me to the right direction? I would like to
> avoid 
> brute force removal of the DC by "--remove-other-dead-server".

The brute force removal really isn't as bad as it seems, if you have
got all the data off the DC first and turned it off.  Indeed, it is
actually more correct and more tested, cleaning up more of the right
things.

In any case, I found and fixed the issue you hit last week, the patch
is at https://bugzilla.samba.org/show_bug.cgi?id=11882

The syntax error should then go away (bug I have a patch for that as
well, it is on samba-technical if you are curious).

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list