[Samba] DRS Replication between two DC's Failing
lingpanda101
lingpanda101 at gmail.com
Thu Jan 11 16:04:13 UTC 2018
On 1/11/2018 10:39 AM, Harsh Kukreja via samba wrote:
> Hi
>
> The DRS sync between two Domain Controllers connected on one network is
> failing. I have enabled the log level 9.
>
> samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na
> --full-sync -UAdministrator
> INFO: Current debug levels:
> all: 9
> tdb: 9
> printdrivers: 9
> lanman: 9
> smb: 9
> rpc_parse: 9
> rpc_srv: 9
> rpc_cli: 9
> passdb: 9
> sam: 9
> auth: 9
> winbind: 9
> vfs: 9
> idmap: 9
> quota: 9
> acls: 9
> locking: 9
> msdfs: 9
> dmapi: 9
> registry: 9
> scavenger: 9
> dns: 0
> ldb: 9
> tevent: 9
> auth_audit: 9
> auth_json_audit: 9
> kerberos: 9
> drs_repl: 9
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[softshare]"
> pm_process() returned Yes
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:172.16.10.5[,seal,print]
> Mapped to DCERPC endpoint 135
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> Mapped to DCERPC endpoint 1024
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Cannot do GSSAPI to an IP address
> Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
> Starting GENSEC submechanism ntlmssp
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_TARGET_TYPE_DOMAIN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_TARGET_INFO
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> Password for [IUMNET\Administrator]:
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> drsuapi_DsBind: struct drsuapi_DsBind
> in: struct drsuapi_DsBind
> bind_guid : *
> bind_guid :
> e24d201a-4fd6-11d1-a3da-0000f875ae0d
> bind_info : *
> bind_info: struct drsuapi_DsBindInfoCtr
> length : 0x0000001c (28)
> __ndr_length : 0x0000001c (28)
> info : union
> drsuapi_DsBindInfo(case 28)
> info28: struct drsuapi_DsBindInfo28
> supported_extensions : 0x0fefff7f (267386751)
> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
> 1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
> 0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
> 1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
> 1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
> 0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
> 0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
> 0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
> site_guid :
> 00000000-0000-0000-0000-000000000000
> pid : 0x00000000 (0)
> repl_epoch : 0x00000000 (0)
> drsuapi_DsBind: struct drsuapi_DsBind
> out: struct drsuapi_DsBind
> bind_info : *
> bind_info: struct drsuapi_DsBindInfoCtr
> length : 0x0000001c (28)
> __ndr_length : 0x0000001c (28)
> info : union
> drsuapi_DsBindInfo(case 28)
> info28: struct drsuapi_DsBindInfo28
> supported_extensions : 0x2fffff6f (805306223)
> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
> 1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
> 1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
> 1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
> 0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
> 0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
> site_guid :
> 29e318da-d660-4a24-94d9-81e86b5a1e82
> pid : 0x00000000 (0)
> repl_epoch : 0x00000000 (0)
> bind_handle : *
> bind_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid :
> 2cb3f3b5-b29a-4958-a912-51a0881976da
> result : WERR_OK
> lpcfg_servicenumber: couldn't find ldb
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Cannot do GSSAPI to an IP address
> Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
> Starting GENSEC submechanism ntlmssp
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_TARGET_TYPE_DOMAIN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_TARGET_INFO
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
> in: struct drsuapi_DsReplicaSync
> bind_handle : *
> bind_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid :
> 2cb3f3b5-b29a-4958-a912-51a0881976da
> level : 0x00000001 (1)
> req : *
> req : union
> drsuapi_DsReplicaSyncRequest(case 1)
> req1: struct drsuapi_DsReplicaSyncRequest1
> naming_context : *
> naming_context: struct
> drsuapi_DsReplicaObjectIdentifier
> __ndr_size : 0x00000066 (102)
> __ndr_size_sid : 0x00000000 (0)
> guid :
> 00000000-0000-0000-0000-000000000000
> sid : S-0-0
> __ndr_size_dn : 0x00000016 (22)
> dn :
> 'DC=iumnet,DC=edu,DC=na'
> source_dsa_guid :
> 27182378-a9c7-451e-bb95-7b2172a5f311
> source_dsa_dns : NULL
> options : 0x00008010 (32784)
> 0: DRSUAPI_DRS_ASYNC_OP
> 0: DRSUAPI_DRS_GETCHG_CHECK
> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION
> 0: DRSUAPI_DRS_ADD_REF
> 0: DRSUAPI_DRS_SYNC_ALL
> 0: DRSUAPI_DRS_DEL_REF
> 1: DRSUAPI_DRS_WRIT_REP
> 0: DRSUAPI_DRS_INIT_SYNC
> 0: DRSUAPI_DRS_PER_SYNC
> 0: DRSUAPI_DRS_MAIL_REP
> 0: DRSUAPI_DRS_ASYNC_REP
> 0: DRSUAPI_DRS_IGNORE_ERROR
> 0: DRSUAPI_DRS_TWOWAY_SYNC
> 0: DRSUAPI_DRS_CRITICAL_ONLY
> 0: DRSUAPI_DRS_GET_ANC
> 0: DRSUAPI_DRS_GET_NC_SIZE
> 0: DRSUAPI_DRS_LOCAL_ONLY
> 0: DRSUAPI_DRS_NONGC_RO_REP
> 0: DRSUAPI_DRS_SYNC_BYNAME
> 0: DRSUAPI_DRS_REF_OK
> 1: DRSUAPI_DRS_FULL_SYNC_NOW
> 1: DRSUAPI_DRS_NO_SOURCE
> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
> 0: DRSUAPI_DRS_FULL_SYNC_PACKET
> 0: DRSUAPI_DRS_SYNC_REQUEUE
> 0: DRSUAPI_DRS_SYNC_URGENT
> 0: DRSUAPI_DRS_REF_GCSPN
> 0: DRSUAPI_DRS_NO_DISCARD
> 0: DRSUAPI_DRS_NEVER_SYNCED
> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
> 0: DRSUAPI_DRS_INIT_SYNC_NOW
> 0: DRSUAPI_DRS_PREEMPTED
> 0: DRSUAPI_DRS_SYNC_FORCED
> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
> 0: DRSUAPI_DRS_USE_COMPRESSION
> 0: DRSUAPI_DRS_NEVER_NOTIFY
> 0: DRSUAPI_DRS_SYNC_PAS
> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
> out: struct drsuapi_DsReplicaSync
> result : WERR_BAD_NET_RESP
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 386, in
> run
> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, in
> sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
>
> *Harsh Kukreja *Systems Administrator
> *International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
> @ium.edu.na - Web:
> *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
Not sure what your issue is but have you tried using the fqdn for DC1
and DC2? I've experienced issues with manual replication when using a IP
and not the dns or fqdn name.
--
--
James
More information about the samba
mailing list