[Samba] Fwd: Re: Problem with Samba4 DB

bentunx bentunx at gmail.com
Wed Jun 15 09:14:39 UTC 2016 

hi mathias

let me confirm your statement
so.. you think if we demote those 2 DC server that already offline, the 
DNS will be running well
well if this is one of option we have, i will consider to upgrade our 
FSMO DC from samba 4.1.X  to 4.4.x , by the way, are there any 
consideration if we update samba directly from 4.1 to 4.4 ?

let me answer some of your question
*1 - what command are you launching to update your DNS? What are error 
messages?*
*2 - what are the DNS names of new entry which refuse to be added? Same 
question for the two DC your colleague removed from AD?*
/# samba-tool dns add pdc domain.co.id milis A 172.16.99.49//
//Password for [administrator at domain.CO.ID]://
//ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')//
//  File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
line 175, in _run//
//    return self.run(*args, **kwargs)//
//  File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py", 
line 1067, in run//
//    0, server, zone, name, add_rec_buf, None)/



*3 - what version of Samba are you running?* 4.1 >> New versions include 
a command switch to remove DC from AD database from another DC. In 
others words you could cleanup database from old DC entries.
     yes i will try this,

*4 - what gives the following commands? And what are DNS name and IP  of 
your FSMO owner?*
/DNS : pdc.domain.co.id //
//InfrastructureMasterRole owner: CN=NTDS 
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
//RidAllocationMasterRole owner: CN=NTDS 
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
//PdcEmulationMasterRole owner: CN=NTDS 
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
//DomainNamingMasterRole owner: CN=NTDS 
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
//SchemaMasterRole owner: CN=NTDS 
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
/
TIA
Zhia

On 14/06/2016 15:36, mathias dufresne wrote:
> Oki Doki. First the fact you can't add new DNS entry in your DNS zones 
> is not a blocking point to remove a DC. It's a blcoking point to add 
> new entries. Now you are the one deciding if you would remove it or 
> not, but seriously, for me that's not a reason to keep up it running: 
> you can replace it by another DC which will do exactly the same job 
> and if you are lucky enough you would be able to add new DNS entries 
> again.
>
> Anyway, several questions now:
> 1 - what command are you launching to update your DNS? What are error 
> messages?
> 2 - what are the DNS names of new entry which refuse to be added? Same 
> question for the two DC your colleague removed from AD?
> 3 - what version of Samba are you running? New versions include a 
> command switch to remove DC from AD database from another DC. In 
> others words you could cleanup database from old DC entries.
> 4 - what gives the following commands? And what are DNS name and IP  
> of your FSMO owner?
> samba-tool dns query dc200 AD.DOMAIN.TLD AD.DOMAIN.TLD SOA
> samba-tool dns query dc200 _msdcs.AD.DOMAIN.TLD _msdcs.AD.DOMAIN.TLD SOA
>
>
>
>
>
>
> 2016-06-14 3:47 GMT+02:00 bentunx <bentunx at gmail.com 
> <mailto:bentunx at gmail.com>>:
>
>
>
>     Thx mathias for your reply
>
>     First, yes im using internal DNS,  i just try to add new dns from
>     other dc but it doesnt work, i think the (maybe) corrupted dns
>     data already sync to other dc
>
>     And i still run my samba4 installation, because sofar the only
>     problem is, i cant add new dns record
>
>     In other case i found up one of my team just re install 2 samba4
>     server in site office with different AD domain without demote
>     first .. i dont know if this issue related to my dns problem ..
>
>     Is this the only DC involved in that issue? If yes I would stop
>     the service on that DC the avoid contamination of others (I don't
>     know if this issue can propagate but I'm sure I would learn if it
>     is in prod ;)
>
>     In prod, what you really want is your AD works. No matter which DC
>     is FSMO nor if some DC get reinstalled. Remove the DC from your AD
>     to limit risks, investigate later if you wan to, repair first but
>     repair AD, not the DC.
>
>     Then I must admit you have AD as you speak DNS.
>     Perhaps you are running internal DNS, in that case you can only
>     push DNS modification on DC declared as SOA in LDAP DB. If broken
>     DC is SOA, it is also certainly FSMO, move FSMO and SOA on some
>     other host (you can stop broken DC first, no matter).
>
>     If you are running BIND9_DLZ DNS back end you can simply change
>     your clients DNS resolver to use another DC, as Bind + DLZ knows
>     it can modify it's DB (its zones) every DC using Bind + DLZ as DNS
>     back end would reply they are SOA and so they all will accept DNS
>     modification requests.
>
>     Cheers,
>
>     mathias
>
>     2016-06-13 9:29 GMT+02:00 bentunx <bentunx at gmail.com
>     <mailto:bentunx at gmail.com> <mailto:bentunx at gmail.com
>     <mailto:bentunx at gmail.com>>>:
>
>        dear all
>
>        i have problem with my samba4 installation
>        currently we still using samba 4.1.11
>        we have many about 30 site office who is connected to the head
>        office by Vpn with 1 mbps
>        i have 2 DC in  head office and have oen DC in every Site office
>
>        since yesterday i found out in my one off my DC in head office, the
>        Main DC (the DC that we make as first DNS in other DC in head
>     office
>        of site office) , we cant add new DNS entry, then i try to dbcheck
>        --cross-ncs --fix --yes , and dbcheck --reindex
>        and still i cant add new DNS Entry
>        /Password for [administrator at Domain.CO.ID
>     <mailto:administrator at Domain.CO.ID>
>        <mailto:administrator at Domain.CO.ID
>     <mailto:administrator at Domain.CO.ID>>]://
>
>        //ERROR(runtime): uncaught exception - (1383,
>        'WERR_INTERNAL_DB_ERROR')//
>        //  File
>      "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>        line 175, in _run//
>        //    return self.run(*args, **kwargs)//
>        //  File
>      "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py",
>     line
>        1067, in run//
>        //    0, server, zone, name, add_rec_buf, None)/
>
>
>        and today i found up samba process take 100% of my CPU usage ..
>        can anyone here help me to give me some hint ?
>
>        Zhia
>        --    To unsubscribe from this list go to the following URL and
>     read the
>        instructions: https://lists.samba.org/mailman/options/samba
>
>
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list