[Samba] DC site replication issue ?

Mircea Husz mirceahusz at yahoo.com
Mon Mar 6 17:53:08 UTC 2017 

--------------------------------------------
On Mon, 3/6/17, lingpanda101 via samba <samba at lists.samba.org> wrote:

 Subject: Re: [Samba] DC site replication issue ?
 To: samba at lists.samba.org
 Date: Monday, March 6, 2017, 9:20 AM
 
 On 3/6/2017 9:56 AM,
 Mircea Husz via samba wrote:
 > All,
 >
 > I'm migrating a
 samba3 domain to a new samba4 AD version 4.5.5. Did a fair
 amount of testing on isolated vlans including two sites and
 replication between two domain controllers.
 >
 > I'm now rolling
 out DCs intended to become production shortly. One is in
 Chicago, the other in NY, and each is configured in its own
 timezone with NTP synching up.
 >
 > I am looking at a potential replication
 issue and want to know if the message from 'samba-tool
 drs showrepl' is indicative of trouble.
 >
 > The 'Inbound
 neighbors' list looks correct on both CH and NY DCs. The
 'Outbound neighbors' list on both DCs shows
 'Last attempt @ NTTIME(0) was successful'. I listed
 the full output at the bottom of this post.
 >
 > The logs don't
 have overt error messages, although I admit I don't
 understand everything that gets logged. I looked at levels
 3, 5, and 10.
 >
 > I
 tested replication by adding a DNS entry, adding an account,
 then deleting the test account, and all that gets replicated
 to the other DC. So it seems to work fine.
 >
 > Also I used the
 ldapcmp tool, which came back with the only difference being
 the uppercase vs lowercase bug between cn and CN, dc and DC
 as per this report:
 > https://bugzilla.samba.org/show_bug.cgi?id=12399
 >
 > Forcing replication
 returns with success: 'Replicate from CH1-AD-V01 to
 NY4-AD-V01 was successful.'
 >
 > So my questions are:
 >
 1 - Do others with DCs in multiple sites get an actual time
 entry in the Outbound neighbors list instead of '@
 NTTIME(0)' ?
 >
 > 2
 - Is replication used in production with three or more sites
 and timezones and is it reliable ? I'd like to know if
 going to production with such a setup is generally
 recommended based on real-life deployments.
 >
 > Thank you for all
 input.
 >
 > The output
 from 'samba-tool drs showrepl':
 >
 > CH1\CH1-AD-V01
 > DSA Options: 0x00000001
 > DSA object GUID:
 ae57ed96-5b4a-4d86-befd-027711adfe26
 >
 DSA invocationId: cf59ac10-c027-4a45-8df5-218c88433fdd
 >
 > ==== INBOUND
 NEIGHBORS ====
 >
 >
 DC=ForestDnsZones,DC=ad,DC=corp,DC=com
 >
 NY4\NY4-AD-V01 via RPC
 > DSA object GUID:
 b7aea0b6-f0fa-477c-a44d-96a8b005450d
 >
 Last attempt @ Fri Mar  3 11:23:46 2017 CST was
 successful
 > 0 consecutive failure(s).
 > Last success @ Fri Mar  3 11:23:46 2017
 CST
 >
 >
 DC=DomainDnsZones,DC=ad,DC=corp,DC=com
 >
 NY4\NY4-AD-V01 via RPC
 > DSA object GUID:
 b7aea0b6-f0fa-477c-a44d-96a8b005450d
 >
 Last attempt @ Fri Mar  3 11:23:46 2017 CST was
 successful
 > 0 consecutive failure(s).
 > Last success @ Fri Mar  3 11:23:46 2017
 CST
 >
 >
 DC=ad,DC=corp,DC=com
 > NY4\NY4-AD-V01 via
 RPC
 > DSA object GUID:
 b7aea0b6-f0fa-477c-a44d-96a8b005450d
 >
 Last attempt @ Fri Mar  3 11:23:46 2017 CST was
 successful
 > 0 consecutive failure(s).
 > Last success @ Fri Mar  3 11:23:46 2017
 CST
 >
 >
 CN=Schema,CN=Configuration,DC=ad,DC=corp,DC=com
 > NY4\NY4-AD-V01 via RPC
 > DSA object GUID:
 b7aea0b6-f0fa-477c-a44d-96a8b005450d
 >
 Last attempt @ Fri Mar  3 11:23:47 2017 CST was
 successful
 > 0 consecutive failure(s).
 > Last success @ Fri Mar  3 11:23:47 2017
 CST
 >
 >
 CN=Configuration,DC=ad,DC=corp,DC=com
 >
 NY4\NY4-AD-V01 via RPC
 > DSA object GUID:
 b7aea0b6-f0fa-477c-a44d-96a8b005450d
 >
 Last attempt @ Fri Mar  3 11:23:47 2017 CST was
 successful
 > 0 consecutive failure(s).
 > Last success @ Fri Mar  3 11:23:47 2017
 CST
 >
 > ==== OUTBOUND
 NEIGHBORS ====
 >
 >
 DC=ForestDnsZones,DC=ad,DC=corp,DC=com
 >
 NY4\NY4-AD-V01 via RPC
 > DSA object GUID:
 b7aea0b6-f0fa-477c-a44d-96a8b005450d
 >
 Last attempt @ NTTIME(0) was successful
 >
 0 consecutive failure(s).
 > Last success
 @ NTTIME(0)
 >
 >
 DC=DomainDnsZones,DC=ad,DC=corp,DC=com
 >
 NY4\NY4-AD-V01 via RPC
 > DSA object GUID:
 b7aea0b6-f0fa-477c-a44d-96a8b005450d
 >
 Last attempt @ NTTIME(0) was successful
 >
 0 consecutive failure(s).
 > Last success
 @ NTTIME(0)
 >
 >
 DC=ad,DC=corp,DC=com
 > NY4\NY4-AD-V01 via
 RPC
 > DSA object GUID:
 b7aea0b6-f0fa-477c-a44d-96a8b005450d
 >
 Last attempt @ NTTIME(0) was successful
 >
 0 consecutive failure(s).
 > Last success
 @ NTTIME(0)
 >
 >
 CN=Schema,CN=Configuration,DC=ad,DC=corp,DC=com
 > NY4\NY4-AD-V01 via RPC
 > DSA object GUID:
 b7aea0b6-f0fa-477c-a44d-96a8b005450d
 >
 Last attempt @ NTTIME(0) was successful
 >
 0 consecutive failure(s).
 > Last success
 @ NTTIME(0)
 >
 >
 CN=Configuration,DC=ad,DC=corp,DC=com
 >
 NY4\NY4-AD-V01 via RPC
 > DSA object GUID:
 b7aea0b6-f0fa-477c-a44d-96a8b005450d
 >
 Last attempt @ NTTIME(0) was successful
 >
 0 consecutive failure(s).
 > Last success
 @ NTTIME(0)
 >
 > ====
 KCC CONNECTION OBJECTS ====
 >
 > Connection --
 >
 Connection name: 2ab1b199-31a6-48d9-a87e-4aa10e8a2594
 > Enabled        : TRUE
 > Server DNS name :
 ny4-ad-v01.ad.corp.com
 > Server DN name 
 : CN=NTDS
 Settings,CN=NY4-AD-V01,CN=Servers,CN=NY4,CN=Sites,CN=Configuration,DC=ad,DC=corp,DC=com
 > TransportType: RPC
 >
 options: 0x00000001
 > Warning: No NC
 replicated for Connection!
 >
 > Thanks,
 > -Mike
 >
 
 I can
 only answer number 1.  I have the same behavior with no
 reporting 
 of the time stamp on Outbound
 Neighbors.
 
 -- 
 - James
 

Aside from the lack of timestamp, how long has replication worked in your setup ?

Thanks,
-Mike
 

 -- 
 To unsubscribe from this
 list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list