[Samba] DRS Replication between two DC's Failing
Denis Cardon
dcardon at tranquil.it
Thu Jan 11 16:14:01 UTC 2018
Hi Harsh,
>>
>> The DRS sync between two Domain Controllers connected on one network is
>> failing. I have enabled the log level 9.
>>
>> samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na
>> --full-sync -UAdministrator
>> INFO: Current debug levels:
>> all: 9
>> tdb: 9
>> printdrivers: 9
.....
>> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>> out: struct drsuapi_DsReplicaSync
>> result : WERR_BAD_NET_RESP
>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
>> 386, in
>> run
>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>> source_dsa_guid, NC, req_options)
>> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
>> 85, in
>> sendDsReplicaSync
>> raise drsException("DsReplicaSync failed %s" % estr)
>>
>> *Harsh Kukreja *Systems Administrator
>> *International University of Namibia *Tel: 061-4336000 - E-mail:
>> h.kukreja
>> @ium.edu.na - Web:
>> *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
>> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
>
> Not sure what your issue is but have you tried using the fqdn for DC1
> and DC2? I've experienced issues with manual replication when using a IP
> and not the dns or fqdn name.
Indeed, domain controllers will use Kerberos for authentication during
replication. If you are using IP address, you cannot use Kerberos since
the client computer won't be able to build up a SPN to known which AD
account it should ask a ticket for.
Cheers,
Denis
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba
mailing list