[Samba] remove dead server (samba 4.4.4)

Vinicius Bones Silva vbs at e-trust.com.br
Fri Dec 16 17:50:06 UTC 2016 

Hi,

     I'm trying to remove a DC from a site we have shutdown. The demote command is 
throwing up this message:

[root at aragorn ~]# samba-tool domain demote --remove-other-dead-server=pippin
Removing nTDSConnection: CN=eca08dbb-1f34-476e-96dd-33ec22b2bc94,CN=NTDS 
Settings,CN=GANDALF,CN=Servers,CN=SAOPAULO,CN=Sites,CN=Configuration,DC=e-trust,DC=com,DC=br
Removing nTDSDSA: CN=NTDS 
Settings,CN=PIPPIN,CN=Servers,CN=TOBIAS,CN=Sites,CN=Configuration,DC=e-trust,DC=com,DC=br 
(and any children)
Removing RID Set: CN=RID Set,CN=PIPPIN,OU=Domain Controllers,DC=e-trust,DC=com,DC=br
Removing computer account: CN=PIPPIN,OU=Domain Controllers,DC=e-trust,DC=com,DC=br (and 
any child objects)
Removing Samba-specific DNS service account: CN=dns-pippin,CN=Users,DC=e-trust,DC=com,DC=br
updating DomainDnsZones.e-trust.com.br keeping 3 values, removing 1 values
updating ForestDnsZones.e-trust.com.br keeping 3 values, removing 1 values
updating e-trust.com.br keeping 8 values, removing 1 values
updating 
DC=_ldap._tcp.TOBIAS._sites.DomainDnsZones,DC=e-trust.com.br,CN=MicrosoftDNS,DC=DomainDnsZones,DC=e-trust,DC=com,DC=br 
keeping 0 values, removing 1 values
updating 
DC=_ldap._tcp.TOBIAS._sites.ForestDnsZones,DC=e-trust.com.br,CN=MicrosoftDNS,DC=DomainDnsZones,DC=e-trust,DC=com,DC=br 
keeping 0 values, removing 1 values
ERROR(<type 'exceptions.TypeError'>): uncaught exception - __ndr_unpack__() argument 1 
must be string or read-only buffer, not dnsp.DnssrvRpcRecord
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 720, in run
     remove_dc.remove_dc(samdb, logger, remove_other_dead_server)
   File "/usr/lib64/python2.7/site-packages/samba/remove_dc.py", line 423, in remove_dc
     remove_dns_account=True)
   File "/usr/lib64/python2.7/site-packages/samba/remove_dc.py", line 351, in 
offline_remove_ntds_dc
     remove_dns_account=remove_dns_account)
   File "/usr/lib64/python2.7/site-packages/samba/remove_dc.py", line 266, in 
offline_remove_server
     remove_dns_references(samdb, logger, dnsHostName)
   File "/usr/lib64/python2.7/site-packages/samba/remove_dc.py", line 186, in 
remove_dns_references
     for v in values if not to_remove(v) ]
   File "/usr/lib64/python2.7/site-packages/samba/remove_dc.py", line 160, in to_remove
     dnsRecord = ndr_unpack(dnsp.DnssrvRpcRecord, value)
   File "/usr/lib64/python2.7/site-packages/samba/ndr.py", line 45, in ndr_unpack
     object.__ndr_unpack__(data, allow_remaining=allow_remaining)
A transaction is still active in ldb context [0x1953490] on 
tdb:///var/lib/samba/private/sam.ldb

The pippin server still shows up in the Domain controllers list and site list. Is there 
anything I can do to complete the removal?

The samba version is 4.4.4:

[root at aragorn ~]# rpm -qa |grep -i samba
sernet-samba-client-4.4.4-1.el7.x86_64
sernet-samba-common-4.4.4-1.el7.x86_64
sernet-samba-libsmbclient0-4.4.4-1.el7.x86_64
sernet-samba-4.4.4-1.el7.x86_64
sernet-samba-ad-4.4.4-1.el7.x86_64
sernet-samba-libs-4.4.4-1.el7.x86_64
sernet-samba-winbind-4.4.4-1.el7.x86_64

And I'm using named as the DNS backend.

Regards,
-- 

	
Vinicius Silva
SOC


BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
vbs at e-trust.com.br
skype: vinicius.bones.silva

	







	Smiley face

www.e-trust.com.br <http://www.e-trust.com.br/>


Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta 
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com 
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a 
E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou 
informações contidas nesta mensagem não necessariamente refletem a posição oficial da 
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada 
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.

This message may contain privileged and confidential information for the use of the 
intended recipients only. If you are not an intended recipient then you should not 
disseminate, copy, or take any action based on its contents. If you have received this 
message in error then please notify E-TRUST by sending an e-mail message to 
suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not 
necessarily reflect the position of E-TRUST. If this message is digitally signed, its 
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at 
www.e-trust.com.br.

More information about the samba mailing list