[Samba] AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH) #11388
Noël Köthe
noel.koethe at credativ.de
Mon Dec 10 12:42:56 UTC 2018
Hello Andrew,
Am Donnerstag, den 18.10.2018, 20:42 +1300 schrieb Andrew Bartlett:
> > we are running a 2008 R2 AD (schema 47) with two DCs:
> > * dc-win (Windows 2008 R2)
> > * dc-samba (samba 4.5.12, Debian stable)
> >
> > Since some weeks replication works only from dc-win to dc-samba but not
> > in the other direction.:(
>
> I've seen this before.
I found it in bugzilla: :-)
https://bugzilla.samba.org/show_bug.cgi?id=11388
> > Any hint how to solve this?
> >
> > Thanks alot for your work.
>
> Start with a current Samba. Schema replication, while not perfect, is
> improved.
I updated the system dc-samba yesterday to samba 4.9.2 (I'm aware of
4.9.3 for security but Debian package will come later) but the
replication error is still the same:
# samba-tool -V
4.9.2-Debian
# samba-tool drs showrepl
Default-First-Site-Name\DC-SAMBA
DSA Options: 0x00000001
DSA object GUID: 3715fa00-bdca-4782-a953-6d4b1fb08275
DSA invocationId: a2907a5d-6e53-42ce-a6e4-402b4e161313
==== INBOUND NEIGHBORS ====
CN=Configuration,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Mon Dec 10 13:31:07 2018 CET was successful
0 consecutive failure(s).
Last success @ Mon Dec 10 13:31:07 2018 CET
DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Mon Dec 10 13:33:11 2018 CET was successful
0 consecutive failure(s).
Last success @ Mon Dec 10 13:33:11 2018 CET
CN=Schema,CN=Configuration,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Mon Dec 10 13:31:07 2018 CET was successful
0 consecutive failure(s).
Last success @ Mon Dec 10 13:31:07 2018 CET
DC=DomainDnsZones,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Mon Dec 10 13:31:07 2018 CET was successful
0 consecutive failure(s).
Last success @ Mon Dec 10 13:31:07 2018 CET
DC=ForestDnsZones,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Mon Dec 10 13:31:07 2018 CET was successful
0 consecutive failure(s).
Last success @ Mon Dec 10 13:31:07 2018 CET
==== OUTBOUND NEIGHBORS ====
CN=Configuration,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Mon Dec 10 12:24:01 2018 CET was successful
0 consecutive failure(s).
Last success @ Mon Dec 10 12:24:01 2018 CET
DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Mon Dec 10 12:53:44 2018 CET was successful
0 consecutive failure(s).
Last success @ Mon Dec 10 12:53:44 2018 CET
CN=Schema,CN=Configuration,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Sun Dec 2 14:00:33 2018 CET was successful
0 consecutive failure(s).
Last success @ Sun Dec 2 14:00:33 2018 CET
DC=DomainDnsZones,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Mon Dec 10 13:28:32 2018 CET was successful
0 consecutive failure(s).
Last success @ Mon Dec 10 13:28:32 2018 CET
DC=ForestDnsZones,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Sun Dec 2 14:00:33 2018 CET was successful
0 consecutive failure(s).
Last success @ Sun Dec 2 14:00:33 2018 CET
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: f34fb31f-32e9-42a4-af24-d305268446a5
Enabled : TRUE
Server DNS name : dc-win.credativ.de
Server DN name : CN=NTDS Settings,CN=DC-WIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=credativ,DC=de
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
# samba-tool drs replicate dc-samba dc-win dc=credativ,dc=de
Replicate from dc-win to dc-samba was successful.
# samba-tool drs replicate dc-win dc-samba dc=credativ,dc=de
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 568, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 88, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
I will add the information to the #11388 and next step is to add an
additional windows DC to find if this can replicate.
Regards
Noël
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20181210/b5f7ddef/signature.sig>
More information about the samba
mailing list