[Samba] Unable to demote DC

Denis Cardon denis.cardon at tranquil-it-systems.fr
Wed Mar 23 11:31:35 UTC 2016


Hi Chris,

Le 22/03/2016 22:07, Chris Hastie a écrit :
> I'm trying to remove a DC from a Samba4 based AD network, but run into
> an error that I can't fathom. Can anyone point me in the right direction?
>
> # samba-tool domain demote -Uadministrator

which version of samba are you using? 4.4 or below?

is the sogo3.ad.oak-wood.co.uk server still running ok or do you have 
replication problem on that server?

Server demotion has been a common issue for quite some time. Could you 
try to upgrade to 4.4 and run the samba-tool demote with the 
--remove-other-dead-server flag?

Otherwise you can demote by hand cleaning up the LDAP and DNS on the DC 
that is still running properly.

HTH,

Denis



> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using SOGO3.ad.oak-wood.co.uk as partner server for the demotion
> Using binding ncacn_ip_tcp:SOGO3.ad.oak-wood.co.uk[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name
> SOGO3.ad.oak-wood.co.uk<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> SOGO3.ad.oak-wood.co.uk<0x20>
> Password for [NUMBER37\administrator]:
> Deactivating inbound replication
> Asking partner server SOGO3.ad.oak-wood.co.uk to synchronize from us
> Error while demoting, re-enabling inbound replication
> ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a
> DsReplicaSync for partion
> CN=Schema,CN=Configuration,DC=ad,DC=oak-wood,DC=co,DC=uk - drsException:
> DsReplicaSync failed (2, 'WERR_BADFILE')
>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 720, in run
>      sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid,
> str(part), drsuapi.DRSUAPI_DRS_WRIT_REP)
>    File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83,
> in sendDsReplicaSync
>      raise drsException("DsReplicaSync failed %s" % estr)
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr




More information about the samba mailing list