[Samba] Invalid zone operation IsSigned ERROR
Rowland Penny
rpenny at samba.org
Wed May 23 10:32:30 UTC 2018
On Wed, 23 May 2018 05:12:36 -0500
rschiefer at suturehealth.com wrote:
> No the Kerberos server was only installed on DC-1 but not running.
>
> I didn't set any of this up, inherited it with the new job. I
> suspect they attempted to run a Kerberos server at some point but
> abandoned it in a broken state.
>
> Yes, we have all the packages you suggest.
>
> Samba Kerberos is running.
>
> We have a VM snapshot of DC-1 in a working state. If I stop samba on
> Identity-c01 and restore the snapshot it works perfectly but as soon
> as I start Identity-c01 back up DC-1 goes back to having the error.
> I assume Identity-C01 is replicating some bad state to DC-1 and
> breaking it. Is there some way to force replication from DC-1 to
> identity-c01 first to avoid this? Or, is there something I can
> compare between the DC-1 working state against the broken state to
> troubleshoot further?
>
There are various 'samba-tool' commands you can run:
'samba-tool ldapcmp' which will compare the databases
'samba-tool drs showrepl' which shows replication status
'samba-tool drs relicate' which will replicate NCs between DCs
Just add '--help' on the end of the samba-tool for more information.
It might just be easier to demote 'Identity-c01' and then set up a new
DC, but if you do this, do not use the same hostname & IP.
Rowland
More information about the samba
mailing list