[Samba] ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (-1073610699, 'The operation cannot be performed.')

Heinz Allerberger allerberger at em.uni-frankfurt.de
Mon Aug 22 15:48:46 UTC 2016 

Am 22.08.2016 um 12:07 schrieb Heinz Allerberger via samba:
> Hi  All,
>
> since Friday I get a surprising error, when I try to replicate my 
> domain-controllers.
> This is new! It worked before in any direction without any failures...
>
> When I replicate from dc2 to dc1 this runs also, without any failures:
> root at dc1:~# samba-tool drs replicate dc1 dc2 
> DC=mydomain,DC=uni-frankfurt,DC=de
> Replicate from dc2 to dc1 was successful.
>
> Only when I try to replicate from dc1 to dc2 I get this new failure:
> root at dc1:~# samba-tool drs replicate dc2 dc1 
> DC=mydomain,DC=uni-frankfurt,DC=de
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - 
> drsException: DsReplicaSync failed (-1073610699, 'The operation cannot 
> be performed.')
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 
> 348, in run
>     drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, 
> source_dsa_guid, NC, req_options)
>   File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, 
> in sendDsReplicaSync
>     raise drsException("DsReplicaSync failed %s" % estr)
>
> Is this a bug?
>
> Heinz
>
High All again,

maybe I do have more helpful information for analyzing the 
DsReplicaSync-failure.
On DC1 are all INBOUND NEIGHBORS are all successful, but OUTBOUND 
NEIGHBORS gives "WERR_BAD_NETPATH"
Please have a loot to the output from showrepl below..

What I can not understand in this case is, that all checks of the 
DNS-resolution are without any failure.
root at dc1:~#host dc1
dc1.mydomain.uni-frankfurt.de has address 192.168.151.230

root at dc1:~# host dc2
dc2.mydomain.uni-frankfurt.de has address 192.168.151.231

host -t SRV _kerberos._tcp.mydomain.uni-frankfurt.de
_kerberos._tcp.mydomain.uni-frankfurt.de has SRV record 0 100 88 
dc1.mydomain.uni-frankfurt.de.
_kerberos._tcp.mydomain.uni-frankfurt.de has SRV record 0 100 88 
dc2.mydomain.uni-frankfurt.de.

root at dc1:~# host -t SRV _ldap._tcp.mydomain.uni-frankfurt.de
_ldap._tcp.mydomain.uni-frankfurt.de has SRV record 0 100 389 
dc1.mydomain.uni-frankfurt.de.
_ldap._tcp.mydomain.uni-frankfurt.de has SRV record 0 100 389 
dc2.mydomain.uni-frankfurt.de.

root at dc1:~# samba-tool drs showrepl

Default-First-Site-Name\DC1
DSA Options: 0x00000001
DSA object GUID: 1ae9c878-4d33-417a-9995-061189db4f8d
DSA invocationId: dff09274-9c24-49c6-beb5-647561d5d893

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=mydomain,DC=uni-frankfurt,DC=de
         Default-First-Site-Name\dc2 via RPC
                 DSA object GUID: e4da82c7-5d42-4011-8733-00a9dffb6633
                 Last attempt @ Mon Aug 22 16:19:25 2016 CEST was successful
                 0 consecutive failure(s).
                 Last success @ Mon Aug 22 16:19:25 2016 CEST
....

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=mydomain,DC=uni-frankfurt,DC=de
         Default-First-Site-Name\dc2 via RPC
                 DSA object GUID: e4da82c7-5d42-4011-8733-00a9dffb6633
                 Last attempt @ Mon Aug 22 16:20:14 2016 CEST failed, result 53 (WERR_BAD_NETPATH)
                 37 consecutive failure(s).
                 Last success @ NTTIME(0)

DC=DomainDnsZones,DC=mydomain,DC=uni-frankfurt,DC=de
         Default-First-Site-Name\dc2 via RPC
                 DSA object GUID: e4da82c7-5d42-4011-8733-00a9dffb6633
                 Last attempt @ Mon Aug 22 16:20:14 2016 CEST failed, result 53 (WERR_BAD_NETPATH)
                 37 consecutive failure(s).
                 Last success @ NTTIME(0)

DC=mydomain,DC=uni-frankfurt,DC=de
         Default-First-Site-Name\dc2 via RPC
                 DSA object GUID: e4da82c7-5d42-4011-8733-00a9dffb6633
                 Last attempt @ Mon Aug 22 16:20:14 2016 CEST failed, result 53 (WERR_BAD_NETPATH)
                 37 consecutive failure(s).
                 Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=mydomain,DC=uni-frankfurt,DC=de
         Default-First-Site-Name\dc2 via RPC
                 DSA object GUID: e4da82c7-5d42-4011-8733-00a9dffb6633
                 Last attempt @ Mon Aug 22 16:20:14 2016 CEST failed, result 53 (WERR_BAD_NETPATH)
                 37 consecutive failure(s).
                 Last success @ NTTIME(0)

CN=Configuration,DC=mydomain,DC=uni-frankfurt,DC=de
         Default-First-Site-Name\dc2 via RPC
                 DSA object GUID: e4da82c7-5d42-4011-8733-00a9dffb6633
                 Last attempt @ Mon Aug 22 16:20:14 2016 CEST failed, result 53 (WERR_BAD_NETPATH)
                 37 consecutive failure(s).
                 Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
         Connection name: 1367f590-6672-4807-bc27-2ac167d40a88
         Enabled        : TRUE
         Server DNS name : dc2.mydomain.uni-frankfurt.de
         Server DN name  : CN=NTDS Settings,CN=dc2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=uni-frankfurt,DC=de
                 TransportType: RPC
                 options: 0x00000001
Warning: No NC replicated for Connection!


Does somebody have an idea, what I can do?


Heinz

More information about the samba mailing list