[Samba] Samba AD/DC Sync To Windows DC Failures
Clay Kinney
ckinney at hharchitects.com
Thu Jan 26 19:20:06 UTC 2017
I just added a window server 2008 r2 to be a backup DC for our samba 4.4.5
AD/DC but I am getting an error when trying to manually sync samba to the
windows server.
I used the link on the wiki site to make the initial sync, which worked
great
ยง
<https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_
DC_to_a_Samba_AD> Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD
Using the internal samba DNS
Any help would be appreciated.
Clay
/usr/local/samba/bin/samba-tool drs replicate w2008r2 dc01
CN=Configuration,DC=dc01,DC=example,DC=com
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[Profiles]"
Processing section "[3333]"
Processing section "[test]"
pm_process() returned Yes
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:w2008r2[,seal]
Mapped to DCERPC endpoint 135
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name w2008r2<0x20>
getlmhostsent: lmhost entry: 10.0.1.100 DC01
getlmhostsent: lmhost entry: 10.0.1.135 W2008R2
Mapped to DCERPC endpoint 49155
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name w2008r2<0x20>
getlmhostsent: lmhost entry: 10.0.1.100 DC01
getlmhostsent: lmhost entry: 10.0.1.135 W2008R2
Received smb_krb5 packet of length 272
Received smb_krb5 packet of length 1247
Received smb_krb5 packet of length 1258
Received smb_krb5 packet of length 1280
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name w2008r2<0x20>
getlmhostsent: lmhost entry: 10.0.1.100 DC01
getlmhostsent: lmhost entry: 10.0.1.135 W2008R2
Received smb_krb5 packet of length 1258
Received smb_krb5 packet of length 1280
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (8440, 'WERR_DS_DRA_BAD_NC')
File
"/usr/local/samba-4.4.5/lib/python2.7/site-packages/samba/netcmd/drs.py",
line 350, in run
drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,
source_dsa_guid, NC, req_options)
File
"/usr/local/samba-4.4.5/lib/python2.7/site-packages/samba/drs_utils.py",
line 83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
We are also getting failures when show replicas
/usr/local/samba/bin/samba-tool drs showrepl
Processing section "[sysvol]"
Processing section "[Profiles]"
Processing section "[3333]"
Processing section "[test]"
pm_process() returned Yes
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:dc01.example.lan[,seal]
Mapped to DCERPC endpoint 135
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name dc01.example.lan<0x20>
getlmhostsent: lmhost entry: 10.0.1.100 DC01
getlmhostsent: lmhost entry: 10.0.1.135 W2008R2
Mapped to DCERPC endpoint 1024
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name dc01.example.lan<0x20>
getlmhostsent: lmhost entry: 10.0.1.100 DC01
getlmhostsent: lmhost entry: 10.0.1.135 W2008R2
Received smb_krb5 packet of length 272
Received smb_krb5 packet of length 1247
Received smb_krb5 packet of length 1286
Received smb_krb5 packet of length 1280
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
added interface eth0 ip=10.0.1.100 bcast=10.0.1.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name dc01.example.lan<0x20>
getlmhostsent: lmhost entry: 10.0.1.100 DC01
getlmhostsent: lmhost entry: 10.0.1.135 W2008R2
Received smb_krb5 packet of length 1286
Received smb_krb5 packet of length 1280
Default-First-Site-Name\DC01
DSA Options: 0x00000001
DSA object GUID: 85b9ddd9-887e-41b8-b141-c461477a3c88
DSA invocationId: d99340e4-66cf-4e04-9dfb-e7cb1a950f12
==== INBOUND NEIGHBORS ====
DC=example,DC=lan
Default-First-Site-Name\W2008R2 via RPC
DSA object GUID: 003ee1a3-bcf1-4877-8ebb-f52344853467
Last attempt @ Thu Jan 26 13:10:10 2017 CST failed, result
2 (WERR_BADFILE)
1615 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=example,DC=lan
Default-First-Site-Name\W2008R2 via RPC
DSA object GUID: 003ee1a3-bcf1-4877-8ebb-f52344853467
Last attempt @ Thu Jan 26 13:10:11 2017 CST failed, result
2 (WERR_BADFILE)
1615 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=example,DC=lan
Default-First-Site-Name\W2008R2 via RPC
DSA object GUID: 003ee1a3-bcf1-4877-8ebb-f52344853467
Last attempt @ Thu Jan 26 13:10:11 2017 CST failed, result
2 (WERR_BADFILE)
1615 consecutive failure(s).
Last success @ NTTIME(0)
==== OUTBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=example,DC=lan
Default-First-Site-Name\W2008R2 via RPC
DSA object GUID: 003ee1a3-bcf1-4877-8ebb-f52344853467
Last attempt @ Thu Jan 26 13:13:49 2017 CST failed, result
2 (WERR_BADFILE)
95944 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=example,DC=lan
Default-First-Site-Name\W2008R2 via RPC
DSA object GUID: 003ee1a3-bcf1-4877-8ebb-f52344853467
Last attempt @ Thu Jan 26 13:13:49 2017 CST failed, result
2 (WERR_BADFILE)
95944 consecutive failure(s).
Last success @ NTTIME(0)
DC=example,DC=lan
Default-First-Site-Name\W2008R2 via RPC
DSA object GUID: 003ee1a3-bcf1-4877-8ebb-f52344853467
Last attempt @ Thu Jan 26 13:13:49 2017 CST failed, result
2 (WERR_BADFILE)
96603 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=example,DC=lan
Default-First-Site-Name\W2008R2 via RPC
DSA object GUID: 003ee1a3-bcf1-4877-8ebb-f52344853467
Last attempt @ Thu Jan 26 13:13:49 2017 CST failed, result
2 (WERR_BADFILE)
96603 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=example,DC=lan
Default-First-Site-Name\W2008R2 via RPC
DSA object GUID: 003ee1a3-bcf1-4877-8ebb-f52344853467
Last attempt @ Thu Jan 26 13:13:50 2017 CST failed, result
2 (WERR_BADFILE)
96603 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: a75c65f9-7468-4bea-bb29-6bb17b5cb75b
Enabled : TRUE
Server DNS name :
Server DN name : CN=NTDS
Settings,CN=W2008R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
iguration,DC=example,DC=lan
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
More information about the samba
mailing list