[Samba] AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH)

Noël Köthe noel.koethe at credativ.de
Thu Oct 18 07:07:22 UTC 2018 

Hello,

we are running a 2008 R2 AD (schema 47) with two DCs:
* dc-win (Windows 2008 R2)
* dc-samba (samba 4.5.12, Debian stable)

Since some weeks replication works only from dc-win to dc-samba but not
in the other direction.:(

root at dc-samba:~# samba-tool drs replicate dc-samba dc-win dc=credativ,dc=de
Replicate from dc-win to dc-samba was successful.
root at dc-samba:~# samba-tool drs replicate dc-win dc-samba dc=credativ,dc=de
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 368, in run
    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)
  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)

I found the same problem in the mailinglist but I could find a solving
hint:
https://lists.samba.org/archive/samba-technical/2016-February/112019.html

showrepl says everything is OK:

# samba-tool drs showrepl
Default-First-Site-Name\DC-SAMBA
DSA Options: 0x00000001
DSA object GUID: 3715fa00-bdca-4782-a953-6d4b1fb08275
DSA invocationId: a2907a5d-6e53-42ce-a6e4-402b4e161313

==== INBOUND NEIGHBORS ====

CN=Configuration,DC=credativ,DC=de
        Default-First-Site-Name\DC-WIN via RPC
                DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
                Last attempt @ Thu Oct 18 08:02:22 2018 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu Oct 18 08:02:22 2018 CEST

DC=credativ,DC=de
        Default-First-Site-Name\DC-WIN via RPC
                DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
                Last attempt @ Thu Oct 18 08:05:46 2018 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu Oct 18 08:05:46 2018 CEST

CN=Schema,CN=Configuration,DC=credativ,DC=de
        Default-First-Site-Name\DC-WIN via RPC
                DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
                Last attempt @ Thu Oct 18 08:02:22 2018 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu Oct 18 08:02:22 2018 CEST

DC=DomainDnsZones,DC=credativ,DC=de
        Default-First-Site-Name\DC-WIN via RPC
                DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
                Last attempt @ Thu Oct 18 08:05:49 2018 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu Oct 18 08:05:49 2018 CEST

DC=ForestDnsZones,DC=credativ,DC=de
        Default-First-Site-Name\DC-WIN via RPC
                DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
                Last attempt @ Thu Oct 18 08:02:22 2018 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu Oct 18 08:02:22 2018 CEST

==== OUTBOUND NEIGHBORS ====

CN=Configuration,DC=credativ,DC=de
        Default-First-Site-Name\DC-WIN via RPC
                DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
                Last attempt @ Thu Oct 18 07:57:26 2018 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu Oct 18 07:57:26 2018 CEST

DC=credativ,DC=de
        Default-First-Site-Name\DC-WIN via RPC
                DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
                Last attempt @ Thu Oct 18 07:59:31 2018 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu Oct 18 07:59:31 2018 CEST

CN=Schema,CN=Configuration,DC=credativ,DC=de
        Default-First-Site-Name\DC-WIN via RPC
                DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
                Last attempt @ Thu Oct 18 06:07:12 2018 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu Oct 18 06:07:12 2018 CEST

DC=DomainDnsZones,DC=credativ,DC=de
        Default-First-Site-Name\DC-WIN via RPC
                DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
                Last attempt @ Thu Oct 18 08:05:37 2018 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu Oct 18 08:05:37 2018 CEST

DC=ForestDnsZones,DC=credativ,DC=de
        Default-First-Site-Name\DC-WIN via RPC
                DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
                Last attempt @ Thu Oct 18 06:07:12 2018 CEST was successful
                0 consecutive failure(s).
                Last success @ Thu Oct 18 06:07:12 2018 CEST

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: f34fb31f-32e9-42a4-af24-d305268446a5
        Enabled        : TRUE
        Server DNS name : dc-win.credativ.de
        Server DN name  : CN=NTDS Settings,CN=DC-WIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=credativ,DC=de
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!

Any hint how to solve this?

Thanks alot for your work.

-- 
Regards
        Noël Köthe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20181018/4ca930ee/signature.sig>

More information about the samba mailing list