[Samba] Demoting troublesome DC
rpenny at samba.org
Fri May 25 15:15:27 UTC 2018
On Fri, 25 May 2018 14:46:21 +0000
Paul Littlefield via samba <samba at lists.samba.org> wrote:
> I am running in a duplicate test environment of my work domain.
> I have 2 x 4.1 DCs and 2 x 4.7 DCs.
> I have transferred FSMO role to #3 and it is replicating to #4 fine.
> I have demoted #1 which appeared to go fine and have turned it off.
> When I try to demote #2 it fails with the error...
> Using dc3.domain.com as partner server for the demotion
> Password for [DOMAIN\administrator]:
> Desactivating inbound replication
> Asking partner server dc3.domain.com to synchronize from us
> Failed to bind - LDAP error 8 LDAP_STRONG_AUTH_REQUIRED -
> <SASL:[GSS-SPNEGO]: Sign or Seal are required.> <> Failed to connect
> to 'ldap://dc3.domain.com' with backend 'ldap': (null) Error while
> demoting, re-enabling inbound replication ERROR(ldb): Error while
> changing account control - None
> ...any ideas?
> My first guess is the difference between Gentoo/Samba 4.1 and
> Thanks in advance.
Run on the 4.7.x DC;
samba-tool domain demote --remove-other-dead-server=dc
Where 'dc' is the hostname of the DC that you want to remove.
More information about the samba