[Samba] DsGetNCChanges 2nd replication on different
L.P.H. van Belle
belle at bazuin.nl
Wed May 9 12:40:37 UTC 2018
>> UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED / NT code
If you use the RSAT tools ( dns administrator in windows )
Go to the A record, check the security tab, it needs SELF, i think thats missing
Or point to an old server.
Compair it to an other record, but i think this is the problem.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Carlos via samba
> Verzonden: woensdag 9 mei 2018 14:32
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] DsGetNCChanges 2nd replication on different
>
> Thanks for answering!
>
> These lines have been placed in the wrong way for a long time
> (servers
> are already over 3 years old), at the time they did not have so much
> "knowledge", then because of compatibility (and fear of stopping
> something, I left the mesmeas) :-D
>
> I use this version because all other Dcs are in this, until I can not
> get a window of time to update, I'm keeping this version.
>
> This message shook after I had a dead DC, removed by "demote", and
> rebranded it with the same name (add join ...).
> In the "new DC" also message like that.
>
> May 9 09:28:49 dc108 samba [1979]: UpdateRefs failed with
> WERR_DS_DRA_ACCESS_DENIED / NT code 0xc0002105 for
> e2eb738a-8c18-4f3e-aa5c-5968aabb4288._msdcs.XXXXXX.XXXX DC =
> XXX, DC =
> XXX, DC = XXX, DC = XXX
>
> Strange that "e2eb738a-8c18-4f3e-aa5c-5968aabb4288" is
> itself, the "new"
> dc ...
>
> Any idea ?
>
>
> I think a "old informatio" about DC "dead"... :-|
>
>
> Regards;;
>
>
> On 09-05-2018 09:21, Rowland Penny via samba wrote:
> > On Wed, 9 May 2018 08:37:38 -0300
> > Carlos via samba <samba at lists.samba.org> wrote:
> >
> >> Hi!
> >>
> >> More information:
> >>
> >> samba -v (compilated)
> >>
> >> Version 4.4.4
> >>
> >> Totla Dcs = 16
> >>
> >> smb.conf:
> >>
> >> [global]
> >> workgroup = XXXX
> >> realm = XXXX.xxxxx.com.br
> >> netbios name = upsilon
> >> server role = active directory domain controller
> >> #passdb backend = tdbsam
> >> passdb backend = samba_dsdb
> >> server services = s3fs, rpc, nbt, wrepl, ldap,
> cldap, kdc,
> >> drepl, winbindd, ntp_signd, kcc,dnsupdate
> >> map archive = No
> >> map readonly = no
> >> store dos attributes = Yes
> >> vfs objects = dfs_samba4 acl_xattr
> >> dns forwarder = XXXXXXX
> >> dns forwarder = XXXXXXX
> >>
> >> ldap server require strong auth = no
> >>
> >> # Disable Cups
> >> load printers = no
> >> printing = bsd
> >> printcap name = /dev/null
> >> disable spoolss = yes
> >>
> > Is there a valid reason why you have messed with the smb.conf in the
> > way you have ?
> > I can understand the printer lines, but the rest ???
> > I would remove the following lines:
> >
> > #passdb backend = tdbsam
> > passdb backend = samba_dsdb
> > map archive = No
> > map readonly = no
> > store dos attributes = Yes
> > vfs objects = dfs_samba4 acl_xattr
> > dns forwarder = XXXXXXX
> > dns forwarder = XXXXXXX
> >
> > See if doing this helps, I also cannot understand why, when you are
> > compiling Samba, you are not using a more recent version.
> >
> > Rowland
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list