[Samba] drs showrepl - Failed to bind to UUID - Undetermined error

Fri Sep 9 15:04:18 UTC 2016

On Fri, 9 Sep 2016 15:24:40 +0100
Jonathan Hunter via samba <samba at lists.samba.org> wrote:

> Hi Guys,
> 
> I have now updated to 4.5.0 - thank you to all the team for your
> efforts on this :)
> 
> I was excited to read in the release notes that there were many
> replication improvements, and I have run 'samba-tool dbcheck
> --cross-ncs --fix' on all my DCs; there were many, many
> replPropertyMetaData and other errors which have now been found and
> fixed - thanks!
> 
> However, I think something still isn't right in my domain; this is
> probably not the fault of 4.5.0 but rather an inconsistency caused
> when one of my DCs died and was rebuilt - however I'm now not sure
> where to look (presumably with ADSIEdit / ldbsearch) to check which
> object I need to remove / update.
> 
> The symptom I can see is that running 'samba-tool drs showrepl' fails
> on one of my DCs, but works on the other two. On the failing DC I get
> the message:
> 
> user at dc2:~ $ sudo /usr/local/samba/bin/samba-tool drs showrepl
> Failed to bind to uuid aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeee for
> ncacn_ip_tcp:1.2.3.4[1024,seal,target_hostname=dc2.mydomain.org.uk
> ,abstract_syntax=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeee/0x00000004,
> 
> FUL
> ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
> dc2.mydomain.org.uk failed - drsException: DRS connection to
> dc2.mydomain.org.uk failed: (-1073741823, 'Undetermined error')
>   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py",
> line 41, in drsuapi_connect (ctx.drsuapi, ctx.drsuapi_handle,
> ctx.bind_supported_extensions) =
> drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds) File
> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",
> line 54, in drsuapi_connect raise drsException("DRS connection to %s
> failed: %s" % (server, e))
> 
> 
> Replication of objects between DCs does seem to work fine (at least,
> changing the description on a test user object on any DC did propagate
> between all 3 DCs) so I don't think the basic mechanism is broken..
> but I suspect whatever objects 'samba-tool drs showrepl' looks at
> aren't quite right.
> 
> I don't understand why this only fails on one DC, though - all three
> are built pretty much identically, so I would have expected this to
> work or not equally across all three.
> 
> Where should I be looking in AD? The inter-site links seem to be
> defined OK from what I can tell, but I don't know much about the
> internals of these beyond looking in AD Sites & Services and things
> "look OK" there.
> 
> Any pointers would be much appreciated, I'll do some digging from
> there.
> 
> Thanks!
> 
> Jonathan
> 
> 
> 
> On an unrelated note, on DC3, 'samba-tool drs showrepl' does work, but
> shows the following warnings/errors, before then working fine and
> showing the usual output that I would expect to see. Should I file a
> bug for this - can anyone else reproduce it?
> 
> user at dc3:~ $ sudo /usr/local/samba/bin/samba-tool drs showrepl
> Failed to connect host 127.0.1.1 on port 135 -
> NT_STATUS_CONNECTION_REFUSED Failed to connect host 127.0.1.1
> (dc3.mydomain.org.uk) on port 135 - NT_STATUS_CONNECTION_REFUSED.
> Failed to connect host 127.0.1.1 on port 1024 -
> NT_STATUS_CONNECTION_REFUSED Failed to connect host 127.0.1.1
> (dc3.mydomain.org.uk) on port 1024 - NT_STATUS_CONNECTION_REFUSED.
> mysite\DC3
> [...]
> 
> 
> I think I have tracked this one down to the following smb.conf items
> that were present on this machine (and which I have now removed):
> 
>        bind interfaces only = yes
>        interfaces = eth0 lo
> The 'lo' interface has the IP 127.0.0.1, but for some reason
> 'samba-tool drs showrepl' is trying to connect to 127.0.1.1 - which
> then fails.
> 

Is this in ubuntu ?
check /etc/hosts and remove any line starting with 127.0.1.1 (or
comment it out)
If networkmanager is running, stop it using dnsmasq.
This is what usually cause the ptoblem you are having.

Rowland