[Samba] replPropertyMetaData & KCC issues after updating to Samba 4.5.0

lingpanda101 at gmail.com lingpanda101 at gmail.com
Thu Sep 22 12:59:20 UTC 2016 

On 9/21/2016 11:32 PM, Garming Sam wrote:
> I would have assumed that deleting all the NTDS connections for all the
> DCs would have remedied this issue. I'll write a patch to try to avoid
> this error in any case.
>
> Ignoring this error and answering your earlier question, it's often hard
> to tell if the KCC is doing what is expected or not. To figure that out,
> you need a lot more information about the network topology
> configuration, which site links are defined, who belongs to which site
> in the database and probably some of the debug logs (running samba_kcc
> --debug manually). It also takes a little while for everything to settle
> down, until everyone is completely aware of who is online.
>
>
>
> Cheers,
>
> Garming
>
> On 22/09/16 00:32, lingpanda101 at gmail.com wrote:
>> I'm getting several KCC errors in each of my DC's. They are as follows.
>>
>> [2016/09/21 08:06:12.364447,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc: AttributeError: 'NoneType' object
>> has no attribute 'size'
>> [2016/09/21 08:06:12.381710,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../source4/dsdb/kcc/kcc_periodic.c:646(samba_kcc_done)
>>    ../source4/dsdb/kcc/kcc_periodic.c:646: Failed samba_kcc -
>> NT_STATUS_ACCESS_DENIED
>> [2016/09/21 08:11:12.870383,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc: Traceback (most recent call last):
>> [2016/09/21 08:11:12.870528,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:   File
>> "/usr/local/samba/sbin/samba_kcc", line 337, in <module>
>> [2016/09/21 08:11:12.870588,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:
>> attempt_live_connections=opts.attempt_live_connections)
>> [2016/09/21 08:11:12.870639,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:   File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py",
>> line 2644, in run
>> [2016/09/21 08:11:12.870994,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:     all_connected =
>> self.intersite(ping)
>> [2016/09/21 08:11:12.871046,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:   File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py",
>> line 1883, in intersite
>> [2016/09/21 08:11:12.871338,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:     all_connected =
>> self.create_intersite_connections()
>> [2016/09/21 08:11:12.871398,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:   File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py",
>> line 1817, in create_intersite_connections
>> [2016/09/21 08:11:12.871676,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:     part, True)
>> [2016/09/21 08:11:12.871724,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:   File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py",
>> line 1769, in create_connections
>> [2016/09/21 08:11:12.871999,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:     partial_ok, detect_failed)
>> [2016/09/21 08:11:12.872048,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:   File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py",
>> line 1419, in create_connection
>> [2016/09/21 08:11:12.872272,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:     not
>> cn.is_equivalent_schedule(link_sched))):
>> [2016/09/21 08:11:12.872321,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:   File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/kcc_utils.py",
>> line 1223, in is_equivalent_schedule
>> [2016/09/21 08:11:12.872513,  0, pid=1087, effective(0, 0), real(0,
>> 0)] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>>    /usr/local/samba/sbin/samba_kcc:     if ((self.schedule.size !=
>> sched.size or
>>
>> Replication appears to report no errors. Running a KCC check I get the
>> following.
>>
>> samba-tool drs kcc
>> ERROR(runtime): DsExecuteKCC failed - (-1073610699, 'The operation
>> cannot be performed.')
>>
>> Switching back to the old KCC clears the errors up.
>>
For clarification I'll add a few things.

I initially deleted all the NTDS site links for each site and allowed 
the new KCC to create them. However it did not create them I believe 
correctly. By that I mean it defined what appeared to be a bridgehead 
server at each site. So I disabled the new KCC 'kccsrv:samba_kcc=false' 
in my smb.conf and allowed the full mesh to be used again. After all 
site links were recreated. I then switched the 'kccsrv:samba_kcc=true' 
in my smb.conf and that's what prompted the following errors above.

To further expand on my Topology, I have 3 sites. I'll call them A,B and 
C. Each site contains 2 DC's. Sites use different subnets and are 
connected via. fiber. Sites B and C should not be replication partners. 
They should only replicate with Site A(Default-First-Site-Name). With 
the new KCC after deleting all the NTDS links, Sites B and C Domain 
Controller #1 becomes the bridgehead server for that site. Domain 
Controller #2 at sites B and C only replicates with Domain Controller #1 
at it's respective site. So if the bridgehead server goes down, Domain 
Controller #2 at sites B and C will no longer receive changes.

The new KCC does prevent sites B and C from replicating with each other. 
That is correct. This isn't a huge issue for me. I can continue using 
the old KCC for now. The full mesh isn't detrimental to my network. 
Don't want to take up too much of your time. Thanks


-- 
-James

More information about the samba mailing list