[Samba] Samba DC sync issues - help

L.P.H. van Belle belle at bazuin.nl
Mon Jan 18 11:04:48 UTC 2016 

Hai, 

Reboot both servers first, DC1 and wait until its fully up, then reboot DC2, and run the replicate again but now like this : 

samba-tool drs replicate dc_WITH_FSMO_ROLES dc_TO_SYNC_TO DC=win,DC=office

report if this worked. 

And check with this one, you can run it on any samba DC.
https://secure.bazuin.nl/scripts/samba-check-db-repl.sh 

configure it, and run it, and report back.
For the configure, NT_ADMIN_USER/PASS is sufficient. 
And set CONFIGURED to yes 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nico De Ranter
> Verzonden: maandag 18 januari 2016 11:34
> Aan: samba
> Onderwerp: [Samba] Samba DC sync issues - help
> 
> Help, my Samba DC's refuse to sync :-(
> 
> I have 2 Samba 4.1.17 DC servers.  I made some changes via Active
> Directory
> USer and Computers on Windows.  However even after a weekend the changes
> do
> not appear on the second DC.
> 
> If I run
> samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator
> --filter=msDS-NcType,serverState,subrefs
> 
> I see:
> 
> ************************************************************
> 
> Password for [OFFICE\administrator]:
> 
> * Comparing [DOMAIN] context...
> 
> * DN lists have different size: 397 != 396
>     CN=NICO-PC-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office
>     CN=NICO-VM,CN=Computers,DC=win,DC=office
>     CN=dcim,CN=Computers,DC=win,DC=office
>     CN=NICO-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office
>     CN=dcim,OU=Servers,OU=DomainComputers,DC=win,DC=office
> 
> * Objects to be compared: 394
> Comparing:
> 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc1]
> 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc2]
>     Difference in attribute values:
>         homeDirectory =>
> ['\\\\storage\\virtpc']
> ['\\\\storage.office\\virtpc']
>     FAILED
> ...[snip removed lots of similar errors for all other users]...
> 
> * Result for [DOMAIN]: FAILURE
> 
> SUMMARY
> ---------
> 
> Attributes with different values:
> 
>     homeDirectory
> 
> Attributes found only in ldap://dc2:
> 
>     description
> 
> * Comparing [CONFIGURATION] context...
> 
> * Objects to be compared: 1615
> 
> * Result for [CONFIGURATION]: SUCCESS
> 
> * Comparing [SCHEMA] context...
> 
> * Objects to be compared: 1550
> 
> * Result for [SCHEMA]: SUCCESS
> 
> * Comparing [DNSDOMAIN] context...
> 
> * Objects to be compared: 56
> 
> * Result for [DNSDOMAIN]: SUCCESS
> 
> * Comparing [DNSFOREST] context...
> 
> * Objects to be compared: 18
> 
> * Result for [DNSFOREST]: SUCCESS
> ERROR: Compare failed: -1
> 
> *************************************************************************
> 
> Running a manual replication seems to work fine:
> samba-tool drs replicate dc2 dc1 DC=win,DC=office
> Replicate from dc1 to dc2 was successful.
> 
> However nothing changes, when I do an ldapcmp I still see the same errors.
> What am I doing wrong? (Note: the clocks are synchronised)  I've been
> trying to solve this for a week now but I cannot figure out what is going
> wrong.
> 
> Nico
> 
> 
> 
> --
> Nico De Ranter
> 
> Operations Engineer
> 
> T. +32 16 40 12 82
> 
> M. +32 497 91 53 78
> 
> 
> <http://www.esaturnus.com>
> 
> 
> 
> eSATURNUS
> Romeinse straat 12
> 3001 Leuven – Belgium
> 
> T. +32 16 40 12 82
> F. +32 16 40 84 77
> www.esaturnus.com
> 
> 
> 
> 
> 
> <http://www.esaturnus.com/>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list