[Samba] DsGetNCChanges 2nd replication on different
Rowland Penny
rpenny at samba.org
Wed May 9 13:01:49 UTC 2018
On Wed, 9 May 2018 09:31:56 -0300
Carlos via samba <samba at lists.samba.org> wrote:
> Thanks for answering!
>
> These lines have been placed in the wrong way for a long time
> (servers are already over 3 years old), at the time they did not have
> so much "knowledge", then because of compatibility (and fear of
> stopping something, I left the mesmeas) :-D
>
> I use this version because all other Dcs are in this, until I can not
> get a window of time to update, I'm keeping this version.
>
> This message shook after I had a dead DC, removed by "demote", and
> rebranded it with the same name (add join ...).
> In the "new DC" also message like that.
>
> May 9 09:28:49 dc108 samba [1979]: UpdateRefs failed with
> WERR_DS_DRA_ACCESS_DENIED / NT code 0xc0002105 for
> e2eb738a-8c18-4f3e-aa5c-5968aabb4288._msdcs.XXXXXX.XXXX DC = XXX, DC
> = XXX, DC = XXX, DC = XXX
>
> Strange that "e2eb738a-8c18-4f3e-aa5c-5968aabb4288" is itself, the
> "new" dc ...
>
Re-using a DC name etc doesn't seem to be a good idea, you should have
used a new name etc. Whilst you demoted the old DC, it still left
information about itself in AD. Amongst the output you originally
posted was this fragment '0ADEL' this means the record is a tombstone
and they are not removed until the tombstone lifetime is reached, 180
days unless you have altered it.
Upgrading a self compiled Samba is fairly easy, download the required
tarball and unpack it, move into the directory created by the
unpacking, ensure that any new dependencies are installed and the
configure it with the same options as the running install. Then run
'make', stop Samba and run 'make install' as root, restart Samba. You
should now be using the new version of Samba. The 'make install' should
only take minutes.
Rowland
More information about the samba
mailing list