[Samba] Demoting troublesome DC
Rowland Penny
rpenny at samba.org
Fri May 25 15:15:27 UTC 2018
On Fri, 25 May 2018 14:46:21 +0000
Paul Littlefield via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I am running in a duplicate test environment of my work domain.
>
> I have 2 x 4.1 DCs and 2 x 4.7 DCs.
>
> I have transferred FSMO role to #3 and it is replicating to #4 fine.
>
> I have demoted #1 which appeared to go fine and have turned it off.
>
> When I try to demote #2 it fails with the error...
>
>
> Using dc3.domain.com as partner server for the demotion
> Password for [DOMAIN\administrator]:
> Desactivating inbound replication
> Asking partner server dc3.domain.com to synchronize from us
> Failed to bind - LDAP error 8 LDAP_STRONG_AUTH_REQUIRED -
> <SASL:[GSS-SPNEGO]: Sign or Seal are required.> <> Failed to connect
> to 'ldap://dc3.domain.com' with backend 'ldap': (null) Error while
> demoting, re-enabling inbound replication ERROR(ldb): Error while
> changing account control - None
>
>
> ...any ideas?
>
> My first guess is the difference between Gentoo/Samba 4.1 and
> Ubuntu/4.7
>
> Thanks in advance.
>
Run on the 4.7.x DC;
samba-tool domain demote --remove-other-dead-server=dc
Where 'dc' is the hostname of the DC that you want to remove.
Rowland
More information about the samba
mailing list