[Samba] AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH) #11388
Rowland Penny
rpenny at samba.org
Mon Dec 10 13:12:02 UTC 2018
On Mon, 10 Dec 2018 13:42:56 +0100
Noël Köthe via samba <samba at lists.samba.org> wrote:
> Hello Andrew,
>
> Am Donnerstag, den 18.10.2018, 20:42 +1300 schrieb Andrew Bartlett:
>
> > > we are running a 2008 R2 AD (schema 47) with two DCs:
> > > * dc-win (Windows 2008 R2)
> > > * dc-samba (samba 4.5.12, Debian stable)
> > >
> > > Since some weeks replication works only from dc-win to dc-samba
> > > but not in the other direction.:(
> >
> > I've seen this before.
>
> I found it in bugzilla: :-)
> https://bugzilla.samba.org/show_bug.cgi?id=11388
>
> > > Any hint how to solve this?
> > >
> > > Thanks alot for your work.
> >
> > Start with a current Samba. Schema replication, while not perfect,
> > is improved.
>
> I updated the system dc-samba yesterday to samba 4.9.2 (I'm aware of
> 4.9.3 for security but Debian package will come later) but the
> replication error is still the same:
>
> # samba-tool -V
> 4.9.2-Debian
>
> # samba-tool drs showrepl
> Default-First-Site-Name\DC-SAMBA
> DSA Options: 0x00000001
> DSA object GUID: 3715fa00-bdca-4782-a953-6d4b1fb08275
> DSA invocationId: a2907a5d-6e53-42ce-a6e4-402b4e161313
>
> ==== INBOUND NEIGHBORS ====
>
> CN=Configuration,DC=credativ,DC=de
> Default-First-Site-Name\DC-WIN via RPC
> DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
> Last attempt @ Mon Dec 10 13:31:07 2018 CET was
> successful 0 consecutive failure(s).
> Last success @ Mon Dec 10 13:31:07 2018 CET
>
> DC=credativ,DC=de
> Default-First-Site-Name\DC-WIN via RPC
> DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
> Last attempt @ Mon Dec 10 13:33:11 2018 CET was
> successful 0 consecutive failure(s).
> Last success @ Mon Dec 10 13:33:11 2018 CET
>
> CN=Schema,CN=Configuration,DC=credativ,DC=de
> Default-First-Site-Name\DC-WIN via RPC
> DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
> Last attempt @ Mon Dec 10 13:31:07 2018 CET was
> successful 0 consecutive failure(s).
> Last success @ Mon Dec 10 13:31:07 2018 CET
>
> DC=DomainDnsZones,DC=credativ,DC=de
> Default-First-Site-Name\DC-WIN via RPC
> DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
> Last attempt @ Mon Dec 10 13:31:07 2018 CET was
> successful 0 consecutive failure(s).
> Last success @ Mon Dec 10 13:31:07 2018 CET
>
> DC=ForestDnsZones,DC=credativ,DC=de
> Default-First-Site-Name\DC-WIN via RPC
> DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
> Last attempt @ Mon Dec 10 13:31:07 2018 CET was
> successful 0 consecutive failure(s).
> Last success @ Mon Dec 10 13:31:07 2018 CET
>
> ==== OUTBOUND NEIGHBORS ====
>
> CN=Configuration,DC=credativ,DC=de
> Default-First-Site-Name\DC-WIN via RPC
> DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
> Last attempt @ Mon Dec 10 12:24:01 2018 CET was
> successful 0 consecutive failure(s).
> Last success @ Mon Dec 10 12:24:01 2018 CET
>
> DC=credativ,DC=de
> Default-First-Site-Name\DC-WIN via RPC
> DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
> Last attempt @ Mon Dec 10 12:53:44 2018 CET was
> successful 0 consecutive failure(s).
> Last success @ Mon Dec 10 12:53:44 2018 CET
>
> CN=Schema,CN=Configuration,DC=credativ,DC=de
> Default-First-Site-Name\DC-WIN via RPC
> DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
> Last attempt @ Sun Dec 2 14:00:33 2018 CET was
> successful 0 consecutive failure(s).
> Last success @ Sun Dec 2 14:00:33 2018 CET
>
> DC=DomainDnsZones,DC=credativ,DC=de
> Default-First-Site-Name\DC-WIN via RPC
> DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
> Last attempt @ Mon Dec 10 13:28:32 2018 CET was
> successful 0 consecutive failure(s).
> Last success @ Mon Dec 10 13:28:32 2018 CET
>
> DC=ForestDnsZones,DC=credativ,DC=de
> Default-First-Site-Name\DC-WIN via RPC
> DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
> Last attempt @ Sun Dec 2 14:00:33 2018 CET was
> successful 0 consecutive failure(s).
> Last success @ Sun Dec 2 14:00:33 2018 CET
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: f34fb31f-32e9-42a4-af24-d305268446a5
> Enabled : TRUE
> Server DNS name : dc-win.credativ.de
> Server DN name : CN=NTDS
> Settings,CN=DC-WIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=credativ,DC=de
> TransportType: RPC options: 0x00000001
> Warning: No NC replicated for Connection!
>
> # samba-tool drs replicate dc-samba dc-win dc=credativ,dc=de
> Replicate from dc-win to dc-samba was successful.
>
> # samba-tool drs replicate dc-win dc-samba dc=credativ,dc=de
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (8418,
> 'WERR_DS_DRA_SCHEMA_MISMATCH') File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 568, in
> run drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options) File
> "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 88, in
> sendDsReplicaSync raise drsException("DsReplicaSync failed %s" % estr)
>
> I will add the information to the #11388 and next step is to add an
> additional windows DC to find if this can replicate.
>
> Regards
>
> Noël
Ah, okay, you have added a later version of Samba and it still doesn't
work.
Have you checked the schema versions, do they match ?
What function levels are being used, are they the same at both ends ?
Rowland
More information about the samba
mailing list