[Samba] DRS Replication between two DC's Failing

Harsh Kukreja h.kukreja at ium.edu.na
Thu Jan 11 15:39:52 UTC 2018


Hi

The DRS sync between two Domain Controllers connected on one network is
failing. I have enabled the log level 9.

samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na
--full-sync -UAdministrator
INFO: Current debug levels:
  all: 9
  tdb: 9
  printdrivers: 9
  lanman: 9
  smb: 9
  rpc_parse: 9
  rpc_srv: 9
  rpc_cli: 9
  passdb: 9
  sam: 9
  auth: 9
  winbind: 9
  vfs: 9
  idmap: 9
  quota: 9
  acls: 9
  locking: 9
  msdfs: 9
  dmapi: 9
  registry: 9
  scavenger: 9
  dns: 0
  ldb: 9
  tevent: 9
  auth_audit: 9
  auth_json_audit: 9
  kerberos: 9
  drs_repl: 9
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[softshare]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:172.16.10.5[,seal,print]
Mapped to DCERPC endpoint 135
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
Password for [IUMNET\Administrator]:
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
     drsuapi_DsBind: struct drsuapi_DsBind
        in: struct drsuapi_DsBind
            bind_guid                : *
                bind_guid                :
e24d201a-4fd6-11d1-a3da-0000f875ae0d
            bind_info                : *
                bind_info: struct drsuapi_DsBindInfoCtr
                    length                   : 0x0000001c (28)
                    __ndr_length             : 0x0000001c (28)
                    info                     : union
drsuapi_DsBindInfo(case 28)
                    info28: struct drsuapi_DsBindInfo28
                        supported_extensions     : 0x0fefff7f (267386751)
                               1: DRSUAPI_SUPPORTED_EXTENSION_BASE
                               1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
                               1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
                               1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
                               1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
                               1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
                               1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
                               0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
                               1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
                               1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
                               1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
                               1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
                               1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
                               1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
                               1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
                               1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
                               1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
                               1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
                               1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
                               1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
                               0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
                               1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
                               1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
                               1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
                               1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
                               0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
                               0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
                               0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
                               0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
                        site_guid                :
00000000-0000-0000-0000-000000000000
                        pid                      : 0x00000000 (0)
                        repl_epoch               : 0x00000000 (0)
     drsuapi_DsBind: struct drsuapi_DsBind
        out: struct drsuapi_DsBind
            bind_info                : *
                bind_info: struct drsuapi_DsBindInfoCtr
                    length                   : 0x0000001c (28)
                    __ndr_length             : 0x0000001c (28)
                    info                     : union
drsuapi_DsBindInfo(case 28)
                    info28: struct drsuapi_DsBindInfo28
                        supported_extensions     : 0x2fffff6f (805306223)
                               1: DRSUAPI_SUPPORTED_EXTENSION_BASE
                               1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
                               1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
                               1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
                               0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
                               1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
                               1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
                               0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
                               1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
                               1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
                               1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
                               1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
                               1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
                               1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
                               1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
                               1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
                               1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
                               1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
                               1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
                               1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
                               1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
                               1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
                               1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
                               1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
                               0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
                               1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
                               0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
                               0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
                        site_guid                :
29e318da-d660-4a24-94d9-81e86b5a1e82
                        pid                      : 0x00000000 (0)
                        repl_epoch               : 0x00000000 (0)
            bind_handle              : *
                bind_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     :
2cb3f3b5-b29a-4958-a912-51a0881976da
            result                   : WERR_OK
lpcfg_servicenumber: couldn't find ldb
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
     drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
        in: struct drsuapi_DsReplicaSync
            bind_handle              : *
                bind_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     :
2cb3f3b5-b29a-4958-a912-51a0881976da
            level                    : 0x00000001 (1)
            req                      : *
                req                      : union
drsuapi_DsReplicaSyncRequest(case 1)
                req1: struct drsuapi_DsReplicaSyncRequest1
                    naming_context           : *
                        naming_context: struct
drsuapi_DsReplicaObjectIdentifier
                            __ndr_size               : 0x00000066 (102)
                            __ndr_size_sid           : 0x00000000 (0)
                            guid                     :
00000000-0000-0000-0000-000000000000
                            sid                      : S-0-0
                            __ndr_size_dn            : 0x00000016 (22)
                            dn                       :
'DC=iumnet,DC=edu,DC=na'
                    source_dsa_guid          :
27182378-a9c7-451e-bb95-7b2172a5f311
                    source_dsa_dns           : NULL
                    options                  : 0x00008010 (32784)
                           0: DRSUAPI_DRS_ASYNC_OP
                           0: DRSUAPI_DRS_GETCHG_CHECK
                           0: DRSUAPI_DRS_UPDATE_NOTIFICATION
                           0: DRSUAPI_DRS_ADD_REF
                           0: DRSUAPI_DRS_SYNC_ALL
                           0: DRSUAPI_DRS_DEL_REF
                           1: DRSUAPI_DRS_WRIT_REP
                           0: DRSUAPI_DRS_INIT_SYNC
                           0: DRSUAPI_DRS_PER_SYNC
                           0: DRSUAPI_DRS_MAIL_REP
                           0: DRSUAPI_DRS_ASYNC_REP
                           0: DRSUAPI_DRS_IGNORE_ERROR
                           0: DRSUAPI_DRS_TWOWAY_SYNC
                           0: DRSUAPI_DRS_CRITICAL_ONLY
                           0: DRSUAPI_DRS_GET_ANC
                           0: DRSUAPI_DRS_GET_NC_SIZE
                           0: DRSUAPI_DRS_LOCAL_ONLY
                           0: DRSUAPI_DRS_NONGC_RO_REP
                           0: DRSUAPI_DRS_SYNC_BYNAME
                           0: DRSUAPI_DRS_REF_OK
                           1: DRSUAPI_DRS_FULL_SYNC_NOW
                           1: DRSUAPI_DRS_NO_SOURCE
                           0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
                           0: DRSUAPI_DRS_FULL_SYNC_PACKET
                           0: DRSUAPI_DRS_SYNC_REQUEUE
                           0: DRSUAPI_DRS_SYNC_URGENT
                           0: DRSUAPI_DRS_REF_GCSPN
                           0: DRSUAPI_DRS_NO_DISCARD
                           0: DRSUAPI_DRS_NEVER_SYNCED
                           0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
                           0: DRSUAPI_DRS_INIT_SYNC_NOW
                           0: DRSUAPI_DRS_PREEMPTED
                           0: DRSUAPI_DRS_SYNC_FORCED
                           0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
                           0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
                           0: DRSUAPI_DRS_USE_COMPRESSION
                           0: DRSUAPI_DRS_NEVER_NOTIFY
                           0: DRSUAPI_DRS_SYNC_PAS
                           0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
     drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
        out: struct drsuapi_DsReplicaSync
            result                   : WERR_BAD_NET_RESP
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 386, in
run
    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, in
sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)

*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA


More information about the samba mailing list