[Samba] DC site replication issue ?

Mircea Husz mirceahusz at yahoo.com
Mon Mar 6 14:56:36 UTC 2017 

All,

I'm migrating a samba3 domain to a new samba4 AD version 4.5.5. Did a fair amount of testing on isolated vlans including two sites and replication between two domain controllers.

I'm now rolling out DCs intended to become production shortly. One is in Chicago, the other in NY, and each is configured in its own timezone with NTP synching up.

I am looking at a potential replication issue and want to know if the message from 'samba-tool drs showrepl' is indicative of trouble.

The 'Inbound neighbors' list looks correct on both CH and NY DCs. The 'Outbound neighbors' list on both DCs shows 'Last attempt @ NTTIME(0) was successful'. I listed the full output at the bottom of this post.

The logs don't have overt error messages, although I admit I don't understand everything that gets logged. I looked at levels 3, 5, and 10.

I tested replication by adding a DNS entry, adding an account, then deleting the test account, and all that gets replicated to the other DC. So it seems to work fine.

Also I used the ldapcmp tool, which came back with the only difference being the uppercase vs lowercase bug between cn and CN, dc and DC as per this report: 
https://bugzilla.samba.org/show_bug.cgi?id=12399

Forcing replication returns with success: 'Replicate from CH1-AD-V01 to NY4-AD-V01 was successful.'

So my questions are:
1 - Do others with DCs in multiple sites get an actual time entry in the Outbound neighbors list instead of '@ NTTIME(0)' ?

2 - Is replication used in production with three or more sites and timezones and is it reliable ? I'd like to know if going to production with such a setup is generally recommended based on real-life deployments.

Thank you for all input.

The output from 'samba-tool drs showrepl':

CH1\CH1-AD-V01
DSA Options: 0x00000001
DSA object GUID: ae57ed96-5b4a-4d86-befd-027711adfe26
DSA invocationId: cf59ac10-c027-4a45-8df5-218c88433fdd

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=ad,DC=corp,DC=com
NY4\NY4-AD-V01 via RPC
DSA object GUID: b7aea0b6-f0fa-477c-a44d-96a8b005450d
Last attempt @ Fri Mar  3 11:23:46 2017 CST was successful
0 consecutive failure(s).
Last success @ Fri Mar  3 11:23:46 2017 CST

DC=DomainDnsZones,DC=ad,DC=corp,DC=com
NY4\NY4-AD-V01 via RPC
DSA object GUID: b7aea0b6-f0fa-477c-a44d-96a8b005450d
Last attempt @ Fri Mar  3 11:23:46 2017 CST was successful
0 consecutive failure(s).
Last success @ Fri Mar  3 11:23:46 2017 CST

DC=ad,DC=corp,DC=com
NY4\NY4-AD-V01 via RPC
DSA object GUID: b7aea0b6-f0fa-477c-a44d-96a8b005450d
Last attempt @ Fri Mar  3 11:23:46 2017 CST was successful
0 consecutive failure(s).
Last success @ Fri Mar  3 11:23:46 2017 CST

CN=Schema,CN=Configuration,DC=ad,DC=corp,DC=com
NY4\NY4-AD-V01 via RPC
DSA object GUID: b7aea0b6-f0fa-477c-a44d-96a8b005450d
Last attempt @ Fri Mar  3 11:23:47 2017 CST was successful
0 consecutive failure(s).
Last success @ Fri Mar  3 11:23:47 2017 CST

CN=Configuration,DC=ad,DC=corp,DC=com
NY4\NY4-AD-V01 via RPC
DSA object GUID: b7aea0b6-f0fa-477c-a44d-96a8b005450d
Last attempt @ Fri Mar  3 11:23:47 2017 CST was successful
0 consecutive failure(s).
Last success @ Fri Mar  3 11:23:47 2017 CST

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=ad,DC=corp,DC=com
NY4\NY4-AD-V01 via RPC
DSA object GUID: b7aea0b6-f0fa-477c-a44d-96a8b005450d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

DC=DomainDnsZones,DC=ad,DC=corp,DC=com
NY4\NY4-AD-V01 via RPC
DSA object GUID: b7aea0b6-f0fa-477c-a44d-96a8b005450d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

DC=ad,DC=corp,DC=com
NY4\NY4-AD-V01 via RPC
DSA object GUID: b7aea0b6-f0fa-477c-a44d-96a8b005450d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=ad,DC=corp,DC=com
NY4\NY4-AD-V01 via RPC
DSA object GUID: b7aea0b6-f0fa-477c-a44d-96a8b005450d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

CN=Configuration,DC=ad,DC=corp,DC=com
NY4\NY4-AD-V01 via RPC
DSA object GUID: b7aea0b6-f0fa-477c-a44d-96a8b005450d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
Connection name: 2ab1b199-31a6-48d9-a87e-4aa10e8a2594
Enabled        : TRUE
Server DNS name : ny4-ad-v01.ad.corp.com
Server DN name  : CN=NTDS Settings,CN=NY4-AD-V01,CN=Servers,CN=NY4,CN=Sites,CN=Configuration,DC=ad,DC=corp,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!

Thanks,
-Mike

More information about the samba mailing list