[Samba] drs showrepl - Failed to bind to UUID - Undetermined error

Jonathan Hunter jmhunter1 at gmail.com
Fri Sep 9 14:24:40 UTC 2016 

Hi Guys,

I have now updated to 4.5.0 - thank you to all the team for your efforts on
this :)

I was excited to read in the release notes that there were many replication
improvements, and I have run 'samba-tool dbcheck --cross-ncs --fix' on all
my DCs; there were many, many replPropertyMetaData and other errors which
have now been found and fixed - thanks!

However, I think something still isn't right in my domain; this is probably
not the fault of 4.5.0 but rather an inconsistency caused when one of my
DCs died and was rebuilt - however I'm now not sure where to look
(presumably with ADSIEdit / ldbsearch) to check which object I need to
remove / update.

The symptom I can see is that running 'samba-tool drs showrepl' fails on
one of my DCs, but works on the other two. On the failing DC I get the
message:

user at dc2:~ $ sudo /usr/local/samba/bin/samba-tool drs showrepl
Failed to bind to uuid aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeee for
ncacn_ip_tcp:1.2.3.4[1024,seal,target_hostname=dc2.mydomain.org.uk
,abstract_syntax=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeee/0x00000004,

FUL
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
dc2.mydomain.org.uk failed - drsException: DRS connection to
dc2.mydomain.org.uk failed: (-1073741823, 'Undetermined error')
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py",
line 41, in drsuapi_connect
    (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) =
drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",
line 54, in drsuapi_connect
    raise drsException("DRS connection to %s failed: %s" % (server, e))


Replication of objects between DCs does seem to work fine (at least,
changing the description on a test user object on any DC did propagate
between all 3 DCs) so I don't think the basic mechanism is broken.. but I
suspect whatever objects 'samba-tool drs showrepl' looks at aren't quite
right.

I don't understand why this only fails on one DC, though - all three are
built pretty much identically, so I would have expected this to work or not
equally across all three.

Where should I be looking in AD? The inter-site links seem to be defined OK
from what I can tell, but I don't know much about the internals of these
beyond looking in AD Sites & Services and things "look OK" there.

Any pointers would be much appreciated, I'll do some digging from there.

Thanks!

Jonathan



On an unrelated note, on DC3, 'samba-tool drs showrepl' does work, but
shows the following warnings/errors, before then working fine and showing
the usual output that I would expect to see. Should I file a bug for this -
can anyone else reproduce it?

user at dc3:~ $ sudo /usr/local/samba/bin/samba-tool drs showrepl
Failed to connect host 127.0.1.1 on port 135 - NT_STATUS_CONNECTION_REFUSED
Failed to connect host 127.0.1.1 (dc3.mydomain.org.uk) on port 135 -
NT_STATUS_CONNECTION_REFUSED.
Failed to connect host 127.0.1.1 on port 1024 - NT_STATUS_CONNECTION_REFUSED
Failed to connect host 127.0.1.1 (dc3.mydomain.org.uk) on port 1024 -
NT_STATUS_CONNECTION_REFUSED.
mysite\DC3
[...]


I think I have tracked this one down to the following smb.conf items that
were present on this machine (and which I have now removed):

       bind interfaces only = yes
       interfaces = eth0 lo
The 'lo' interface has the IP 127.0.0.1, but for some reason 'samba-tool
drs showrepl' is trying to connect to 127.0.1.1 - which then fails.

-- 
"If we knew what it was we were doing, it would not be called research,
would it?"
      - Albert Einstein

More information about the samba mailing list