[Samba] DC site replication issue ?
Mircea Husz
mirceahusz at yahoo.com
Mon Mar 6 21:19:41 UTC 2017
On Mon, 2017-03-06 at 15:48 -0500, lingpanda101 via samba wrote:
> On 3/6/2017 12:53 PM, Mircea Husz wrote:
> >
> > --------------------------------------------
> > On Mon, 3/6/17, lingpanda101 via samba <samba at lists.samba.org>
> > wrote:
> >
> > Subject: Re: [Samba] DC site replication issue ?
> > To: samba at lists.samba.org
> > Date: Monday, March 6, 2017, 9:20 AM
> >
> > On 3/6/2017 9:56 AM,
> > Mircea Husz via samba wrote:
> > > All,
> > >
> > > I'm migrating a
> > samba3 domain to a new samba4 AD version 4.5.5. Did a fair
> > amount of testing on isolated vlans including two sites and
> > replication between two domain controllers.
> > >
> > > I'm now rolling
> > out DCs intended to become production shortly. One is in
> > Chicago, the other in NY, and each is configured in its own
> > timezone with NTP synching up.
> > >
> > > I am looking at a potential replication
> > issue and want to know if the message from 'samba-tool
> > drs showrepl' is indicative of trouble.
> > >
> > > The 'Inbound
> > neighbors' list looks correct on both CH and NY DCs. The
> > 'Outbound neighbors' list on both DCs shows
> > 'Last attempt @ NTTIME(0) was successful'. I listed
> > the full output at the bottom of this post.
> > >
> > > The logs don't
> > have overt error messages, although I admit I don't
> > understand everything that gets logged. I looked at levels
> > 3, 5, and 10.
> > >
> > > I
> > tested replication by adding a DNS entry, adding an account,
> > then deleting the test account, and all that gets replicated
> > to the other DC. So it seems to work fine.
> > >
> > > Also I used the
> > ldapcmp tool, which came back with the only difference being
> > the uppercase vs lowercase bug between cn and CN, dc and DC
> > as per this report:
> > > https://bugzilla.samba.org/show_bug.cgi?id=12399
> > >
> > > Forcing replication
> > returns with success: 'Replicate from CH1-AD-V01 to
> > NY4-AD-V01 was successful.'
> > >
> > > So my questions are:
> > >
> > 1 - Do others with DCs in multiple sites get an actual time
> > entry in the Outbound neighbors list instead of '@
> > NTTIME(0)' ?
> > >
> > > 2
> > - Is replication used in production with three or more sites
> > and timezones and is it reliable ? I'd like to know if
> > going to production with such a setup is generally
> > recommended based on real-life deployments.
> > >
> > > Thank you for all
> > input.
> > >
> > > The output
> > from 'samba-tool drs showrepl':
> > >
> > > CH1\CH1-AD-V01
> > > DSA Options: 0x00000001
> > > DSA object GUID:
> > ae57ed96-5b4a-4d86-befd-027711adfe26
> > >
> > DSA invocationId: cf59ac10-c027-4a45-8df5-218c88433fdd
> > >
> > > ==== INBOUND
> > NEIGHBORS ====
> > >
> > >
> > DC=ForestDnsZones,DC=ad,DC=corp,DC=com
> > >
> > NY4\NY4-AD-V01 via RPC
> > > DSA object GUID:
> > b7aea0b6-f0fa-477c-a44d-96a8b005450d
> > >
> > Last attempt @ Fri Mar 3 11:23:46 2017 CST was
> > successful
> > > 0 consecutive failure(s).
> > > Last success @ Fri Mar 3 11:23:46 2017
> > CST
> > >
> > >
> > DC=DomainDnsZones,DC=ad,DC=corp,DC=com
> > >
> > NY4\NY4-AD-V01 via RPC
> > > DSA object GUID:
> > b7aea0b6-f0fa-477c-a44d-96a8b005450d
> > >
> > Last attempt @ Fri Mar 3 11:23:46 2017 CST was
> > successful
> > > 0 consecutive failure(s).
> > > Last success @ Fri Mar 3 11:23:46 2017
> > CST
> > >
> > >
> > DC=ad,DC=corp,DC=com
> > > NY4\NY4-AD-V01 via
> > RPC
> > > DSA object GUID:
> > b7aea0b6-f0fa-477c-a44d-96a8b005450d
> > >
> > Last attempt @ Fri Mar 3 11:23:46 2017 CST was
> > successful
> > > 0 consecutive failure(s).
> > > Last success @ Fri Mar 3 11:23:46 2017
> > CST
> > >
> > >
> > CN=Schema,CN=Configuration,DC=ad,DC=corp,DC=com
> > > NY4\NY4-AD-V01 via RPC
> > > DSA object GUID:
> > b7aea0b6-f0fa-477c-a44d-96a8b005450d
> > >
> > Last attempt @ Fri Mar 3 11:23:47 2017 CST was
> > successful
> > > 0 consecutive failure(s).
> > > Last success @ Fri Mar 3 11:23:47 2017
> > CST
> > >
> > >
> > CN=Configuration,DC=ad,DC=corp,DC=com
> > >
> > NY4\NY4-AD-V01 via RPC
> > > DSA object GUID:
> > b7aea0b6-f0fa-477c-a44d-96a8b005450d
> > >
> > Last attempt @ Fri Mar 3 11:23:47 2017 CST was
> > successful
> > > 0 consecutive failure(s).
> > > Last success @ Fri Mar 3 11:23:47 2017
> > CST
> > >
> > > ==== OUTBOUND
> > NEIGHBORS ====
> > >
> > >
> > DC=ForestDnsZones,DC=ad,DC=corp,DC=com
> > >
> > NY4\NY4-AD-V01 via RPC
> > > DSA object GUID:
> > b7aea0b6-f0fa-477c-a44d-96a8b005450d
> > >
> > Last attempt @ NTTIME(0) was successful
> > >
> > 0 consecutive failure(s).
> > > Last success
> > @ NTTIME(0)
> > >
> > >
> > DC=DomainDnsZones,DC=ad,DC=corp,DC=com
> > >
> > NY4\NY4-AD-V01 via RPC
> > > DSA object GUID:
> > b7aea0b6-f0fa-477c-a44d-96a8b005450d
> > >
> > Last attempt @ NTTIME(0) was successful
> > >
> > 0 consecutive failure(s).
> > > Last success
> > @ NTTIME(0)
> > >
> > >
> > DC=ad,DC=corp,DC=com
> > > NY4\NY4-AD-V01 via
> > RPC
> > > DSA object GUID:
> > b7aea0b6-f0fa-477c-a44d-96a8b005450d
> > >
> > Last attempt @ NTTIME(0) was successful
> > >
> > 0 consecutive failure(s).
> > > Last success
> > @ NTTIME(0)
> > >
> > >
> > CN=Schema,CN=Configuration,DC=ad,DC=corp,DC=com
> > > NY4\NY4-AD-V01 via RPC
> > > DSA object GUID:
> > b7aea0b6-f0fa-477c-a44d-96a8b005450d
> > >
> > Last attempt @ NTTIME(0) was successful
> > >
> > 0 consecutive failure(s).
> > > Last success
> > @ NTTIME(0)
> > >
> > >
> > CN=Configuration,DC=ad,DC=corp,DC=com
> > >
> > NY4\NY4-AD-V01 via RPC
> > > DSA object GUID:
> > b7aea0b6-f0fa-477c-a44d-96a8b005450d
> > >
> > Last attempt @ NTTIME(0) was successful
> > >
> > 0 consecutive failure(s).
> > > Last success
> > @ NTTIME(0)
> > >
> > > ====
> > KCC CONNECTION OBJECTS ====
> > >
> > > Connection --
> > >
> > Connection name: 2ab1b199-31a6-48d9-a87e-4aa10e8a2594
> > > Enabled : TRUE
> > > Server DNS name :
> > ny4-ad-v01.ad.corp.com
> > > Server DN name
> > : CN=NTDS
> > Settings,CN=NY4-AD-
> > V01,CN=Servers,CN=NY4,CN=Sites,CN=Configuration,DC=ad,DC=corp,DC=co
> > m
> > > TransportType: RPC
> > >
> > options: 0x00000001
> > > Warning: No NC
> > replicated for Connection!
> > >
> > > Thanks,
> > > -Mike
> > >
> >
> > I can
> > only answer number 1. I have the same behavior with no
> > reporting
> > of the time stamp on Outbound
> > Neighbors.
> >
> > --
> > - James
> >
> >
> > Aside from the lack of timestamp, how long has replication worked
> > in your setup ?
> >
> > Thanks,
> > -Mike
> >
> >
> > --
> > To unsubscribe from this
> > list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
> I have been using Samba since 2012 version 4.0 as a DC. Replication
> has
> never been a issue aside from my own misunderstanding of how Samba
> operates. My replication partners are contained within a MAN and not
> a
> WAN. My network consists of 6 DC's across 3 sites. I can't comment
> on
> time zone concerns however. The only issue I see if any is Sysvol
> replication. Make sure not to forget this step.
>
> https://wiki.samba.org/index.php/SysVol_replication_(DFS-R)
>
> --
> - James
>
If it works for 6 DCs such that you've never had an issue, that's great
to know. I hope that your experience is typical.
It also means that the lack of timestamp I observe is not necessarily
due to the timezone difference.
I'm still wondering if anyone is seeing a timestamps in the outbound
neigbhors list.
-Mike
More information about the samba
mailing list