[Samba] showrepl is showing a deleted connexion

MORILLO Jordi J.Morillo at educationetformation.fr
Fri Jan 22 14:03:21 UTC 2016 

Hi Denis,

I have seen in an old post that you have tested new KCC from full mesh to bridge head at a french school.
Is your "drs showrepl" correct on such DC's ?

In my case, a drs showrepl is showing a full mesh on inbound and outbound (not good) but only 1 KCC connection objects (good)
Where is a full description of my trouble: https://lists.samba.org/archive/samba/2015-December/196844.html
Best  regards


-----Message d'origine-----
De : Denis Cardon [mailto:denis.cardon at tranquil-it-systems.fr] 
Envoyé : vendredi 22 janvier 2016 14:31
À : MORILLO Jordi <J.Morillo at educationetformation.fr>; samba at lists.samba.org
Objet : Re: [Samba] showrepl is showing a deleted connexion

Hi Jordi,

> Solved !
> Thanks for the script.
> In my case, it was just too late.
> I have just found a ugly but working solution:
>  From Configuration, Schema, Domaindnszones, forestdnszones and principal, I remove using ldbdel a "repsTo" binary object.
> No more trouble with drs showrepl :-)

Indeed, samba-tool drs showrepl show in fact the repsfrom/repsto attributes. They should be created / deleted by kcc. However I have seen lingering repsto attributes in the past too and had to ldbedit to cleanup the mess.

Ldbdel'eting an entry in "CN=Deleted Object" should be done with care. 
In your case, you still had a repsto referencing the GUID of that object, hence among other things the crash of samba-tool drs showrepl on the OUTBOUND NEIGHBOR part of the listing. However, I guess the initial condition is a bug and it should be the job of the KCC (or integrity
check) to delete a repsto pointing to an object in Deleted Objects. 
Should check with Douglas and the dev team...

Cheers,

Denis

>
> -----Message d'origine-----
> De : samba [mailto:samba-bounces at lists.samba.org] De la part de Stefan 
> Kania Envoyé : vendredi 22 janvier 2016 09:35 À : 
> samba at lists.samba.org Objet : Re: [Samba] showrepl is showing a 
> deleted connexion
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> You shoud remove alle DC-date with this script:
> https://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-
> 9f
> 97-0e1cc4d577f3
> Than you can ben sure that alle the metadate is removed. Then clean 
> only the DNS-entries by hand
>
> Am 21.01.2016 um 20:09 schrieb MORILLO Jordi:
>> Hi everybody,
>>
>> One of my DC crash this afternoon (dead disk). I can't remove this DC 
>> server from windows GUI (computer object from < users and computers 
>> >) and NTDS settings from < sites and services > because windows GUI 
>> error.
>>
>> So i manually remove this old server :
>>
>> -          Clean all DNS stuff (tpc, sites, kerberos, kpasswd, srv
>> entries.....)
>>
>> -          With apache directory studio, i connect to ldap and
>> remove NTDS settings under site's tree (configuration -> sites ->
>> my_old_site) After that, windows GUI is good, no more DC's computer 
>> object or NTDS settings
>>
>> But A samba-tool drs showrepl gives :
>>
>> ==== OUTBOUND NEIGHBORS ==== ....
>> DC=pr,DC=educationetformation,DC=fr NTDS DN: CN=NTDS 
>> Settings\0ADEL:1e23b3de-ae49-406d-bd33-e233b168945c,CN=DC540\0ADEL:ce
>> e
> b7300-2411-4e05-83e2-e4ebf521f145,CN=Servers\0ADEL:85d2165b-0a31-4f90-
> be 
> 71-e2b73c8eb88a,CN=SaintSaens\0ADEL:f23842e5-e22b-4ad2-9cb3-a72fe0dd73
> dd ,CN=Sites,CN=Configuration,DC=pr,DC=educationetformation,DC=fr
>>
>>
> DSA object GUID: 1e23b3de-ae49-406d-bd33-e233b168945c
>> Last attempt @ Thu Jan 21 19:44:00 2016 CET failed, result 87
>> (WERR_INVALID_PARAM) 1932 consecutive failure(s). Last success @
>> NTTIME(0) ....
>>
>> This object is not visible from ldap but is visible with ldbsearch on 
>> CONFIGURATION ldb If I ldbdel this object, samba-tool drs showrepl 
>> failed :
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> ERROR(runtime): DsReplicaGetInfo of type 4294967294 failed - (8442,
>> 'WERR_DS_DRA_INTERNAL_ERROR')
>>
>> So I ldbadd this object (previously backup up), no more
>> ERROR(runtime) but i can see again wrong connexion from samba-tool 
>> drs showrepl.... Any idea to clean drs showrepl from this deleted object ?
>> Thanks for all Samba 4.3.3
>>
>
>
> - --
> Stefan Kania
> Landweg 13
> 25693 St. Michaelisdonn
>
>
> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre 
> E-Mail. Weiter Informationen unter http://www.gnupg.org
>
> Mein Schlüssel liegt auf
>
> hkp://subkeys.pgp.net
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iEYEARECAAYFAlah5CEACgkQ2JOGcNAHDTbmoQCfdKK0uNK5QUmqyN0B6ZW1Sqvr
> 0jwAoKNnsFZmSNIXitYMmP8Wqr1CBXwj
> =dZgV
> -----END PGP SIGNATURE-----
>

--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

More information about the samba mailing list