[Samba] replPropertyMetaData & KCC issues after updating to Samba 4.5.0

lingpanda101 at gmail.com lingpanda101 at gmail.com
Mon Sep 26 14:34:45 UTC 2016 

On 9/23/2016 8:08 PM, garming at catalyst.net.nz wrote:
>
>>
>> I have what appears to still be a full mesh replication. Shouldn't the
>> outbound and inbound neighbors be reflective of the KCC connection
>> objects? I would expect to find only inbound and outbound connections
>> for SOLDC1. Maybe I'm completely misinterpreting the intended
>> behavior.
>
> There's likely at least some stale entries (repsFrom). The KCC builds 
> the inbound connections for each DC. Then as a separate step 
> translates the connections to replication links. The outbound links 
> are mostly the other DCs problem (likely an old repsFrom pulling from 
> SOLDC1). I've taken quite a few steps to rid the DCs of as many old 
> repsFrom entries as possible from within the KCC, but based on time 
> delays and use of the old KCC, this may not be enough in its current 
> state to be equivalent to a fresh domain.
>
> I've taken another look and it's plausible that the failover for 
> inbound connections won't occur for 2 hours thanks to the default of 
> the interSiteTopologyFailover variable on the site objects. I would be 
> interested as to result if you set the variable (which I think is in 
> minutes) to something much lower.
>
> This area is definitely not simple. And has a lot of room to improve 
> (One bug I see here is 'Last attempt @ NTTIME(0) was successful' which 
> has an unmerged fix to get the right time I believe). But it is a vast 
> improvement on the old code, especially at scale.
>
>
> Cheers,
>
> Garming

Garming,

     What is the command and syntax to query Samba for the 
interSiteTopologyFailover variable? If I use ADSI edit to view the 
variable it displays as '<not set>'.

What's also odd is the interSiteTopologyGenerator variable. My 
understanding is the ISTG should only be defined on one DC in each site. 
Which it is but it's the DC that is defined that's odd. In my case for 
'Site-B', it's SOLDC2. That would explain why shutting SOLDC1 didn't 
prompt the KCC to create new NTDS connections. SOLDC1 is the DC that has 
automatically generated connections to the 'Default-First-Site-Name'.  
SOLDC2 only has KCC connections to SOLDC1. Isn't Samba defining the 
incorrect server as being the ISTG bridgehead server? This is the case 
for my other two sites as well. Thanks.

-- 
-James

More information about the samba mailing list