[Samba] unexplained Replication failures...?

vincent at cojot.name vincent at cojot.name
Fri May 4 12:27:56 UTC 2018 

Hi Denis,
Thanks for taking the time to answer.

Yes, I may have been wrong with --forced-sync and --full-sync since the 
start but in fact I wanted to make sure to force replication between the 
servers.

Here is what I have noticed:

- replication works from dc00 -> dc00 but not from dc01 -> dc00:

[root at dc00 ~]# samba-tool drs replicate DC01 DC00 
dc=ad,dc=lasthome,dc=solace,dc=krynn --sync-forced --full-sync
Replicate from DC00 to DC01 was successful.
[root at dc00 ~]# samba-tool drs replicate DC00 DC01 
dc=ad,dc=lasthome,dc=solace,dc=krynn --sync-forced --full-sync
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - 
drsException: DsReplicaSync failed (87, 'WERR_INVALID_PARAMETER')
[...]

Here's what I have noticed:

# samba-tool ldapcmp ldap://dc00 ldap://dc01 domain 
--filter=msDS-NcType,serverState

* Comparing [DOMAIN] context...

* Objects to be compared: 304

Comparing:
'CN=DC01,OU=Domain Controllers,DC=ad,DC=lasthome,DC=solace,DC=krynn' 
[ldap://dc00]
'CN=DC01,OU=Domain Controllers,DC=ad,DC=lasthome,DC=solace,DC=krynn' 
[ldap://dc01]
     Difference in attribute values:
         servicePrincipalName =>
['E3514235-4B06-11D1-AB04-00C04FC2DCD2/9075aec2-bbc6-4f87-9246-aa75689b86d4/ad.lasthome.solace.krynn', 
'GC/dc01.ad.lasthome.solace.krynn/ad.lasthome.solace.krynn', 'HOST/DC01', 
'HOST/dc01.ad.lasthome.solace.krynn']
['E3514235-4B06-11D1-AB04-00C04FC2DCD2/9075aec2-bbc6-4f87-9246-aa75689b86d4/ad.lasthome.solace.krynn', 
'GC/dc01.ad.lasthome.solace.krynn/ad.lasthome.solace.krynn', 'HOST/DC01', 
'HOST/dc01.ad.lasthome.solace.krynn', 
'HOST/dc01.ad.lasthome.solace.krynn/KRYNN_AD', 
'HOST/dc01.ad.lasthome.solace.krynn/ad.lasthome.solace.krynn', 
'RestrictedKrbHost/DC01', 
'RestrictedKrbHost/dc01.ad.lasthome.solace.krynn', 
'ldap/9075aec2-bbc6-4f87-9246-aa75689b86d4._msdcs.ad.lasthome.solace.krynn', 
'ldap/DC01', 'ldap/dc01.ad.lasthome.solace.krynn', 
'ldap/dc01.ad.lasthome.solace.krynn/DomainDnsZones.ad.lasthome.solace.krynn', 
'ldap/dc01.ad.lasthome.solace.krynn/ForestDnsZones.ad.lasthome.solace.krynn', 
'ldap/dc01.ad.lasthome.solace.krynn/KRYNN_AD', 
'ldap/dc01.ad.lasthome.solace.krynn/ad.lasthome.solace.krynn']
     FAILED

* Result for [DOMAIN]: FAILURE

SUMMARY
---------

Attributes with different values:

     servicePrincipalName
ERROR: Compare failed: -1

Any ideas?

I will set the log level to '9' to see if I can pinpoint the issue more 
precisely..

Thanks,

,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,
Vincent S. Cojot, Computer Engineering. STEP project. _.,-*~'`^`'~*-,._.,-*~
Ecole Polytechnique de Montreal, Comite Micro-Informatique. _.,-*~'`^`'~*-,.
Linux Xview/OpenLook resources page _.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'
http://step.polymtl.ca/~coyote  _.,-*~'`^`'~*-,._ coyote at NOSPAM4cojot.name

They cannot scare me with their empty spaces
Between stars - on stars where no human race is
I have it in me so much nearer home
To scare myself with my own desert places.       - Robert Frost



On Fri, 4 May 2018, Denis Cardon via samba wrote:

> Hi Vincent,
>
>>  I'm running in circles trying to debug replication failures on samba
>>  4.7.6:
>>
>>  dc00 : is a VM on KVM host (attached to a bridge on local LAN)
>>  dc01 : is a similarly configured VM on another KVM host.
>>
>>  I've forcibly demoted and re-promoted dc01 but I still cannot get
>>  automatic replication to work:
>>
>>  root at dc00 ~]# samba-tool drs showrepl
>>  Krynn\DC00
>>  DSA Options: 0x00000001
>>  DSA object GUID: 204cb904-754b-4457-af09-9347f8714006
>>  DSA invocationId: b72fc409-bf9a-45e2-a623-0e668386536a
>>
>>  ==== INBOUND NEIGHBORS ====
>>
>>  DC=ForestDnsZones,DC=ad,DC=lasthome,DC=solace,DC=krynn
>>          Krynn\DC01 via RPC
>>                  DSA object GUID: 9ac5b74a-383a-4336-9c5d-978b45bad9c9
>>                  Last attempt @ Thu May  3 18:50:52 2018 EDT failed,
>>  result 87 (WERR_INVALID_PARAMETER)
>>                  4 consecutive failure(s).
>>                  Last success @ NTTIME(0)
>>
>>  All of these show 'Last success @ NTTIME(0)'.
>>
>>  I can force replication manually just fine but automatic replication
>>  doesn't seem to work.
>>
>>  [root at dc00 ~]# samba-tool dbcheck
>>  Checking 351 objects
>>  Checked 351 objects (0 errors)
>>  [root at dc00 ~]# samba-tool drs replicate DC01 DC00
>>  dc=ad,dc=lasthome,dc=solace,dc=krynn --sync-forced --full-sync
>>  Replicate from DC00 to DC01 was successful.
>
> if you need a --sync-forced --full-sync to have replication working, then 
> actually it is not working. Try to restart samba with "log level = 9" in 
> smb.conf and look for the few last message of the replication process, it 
> should give you a bit more information about the issue.
>
> Cheers,
>
> Denis
>
>>
>>  Any ideas?
>>
>>  Vincent
>> 
>
> -- 
> Denis Cardon
> Tranquil IT Systems
> Les Espaces Jules Verne, bâtiment A
> 12 avenue Jules Verne
> 44230 Saint SĂ©bastien sur Loire
> tel : +33 (0) 2.40.97.57.55
> http://www.tranquil.it
>
> Samba install wiki for Frenchies : https://dev.tranquil.it
> WAPT, software deployment made easy : https://wapt.fr
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list