[Samba] DsReplicaGetInfo() failed with status 8453

Marcio Demetrio Bacci marciobacci at gmail.com
Sun Aug 4 12:53:20 UTC 2019


Hi,

I have started getting the following error message when I run the repadmin
showreps command on the Windows Server 2008 server that is my primary DC:

DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access has been denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
   Replication access has been denied.


My scenario has a Windows Server 2008 as the primary DC and a Samba 4
Server installed on Debian 9.9 as a secondary server.

Following is the complete result of the repadmin command:

C:\Users\administrator>repadmin /showreps
Default-First-Site-Name\WIN-DC1
DC Options: IS_GC
Site Options: (none)
DC object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
DC invocationID: 71c305c7-564f-44dc-bdc7-c03ee501bd52

==== INBOUND NEIGHBORS ======================================

DC=empresa,DC=com,DC=br
    Default-First-Site-Name\SAMBA4-DC via RPC
        DC object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
        Last attempt @ 2019-08-04 08:52:07 was successful.

CN=Configuration,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\SAMBA4-DC via RPC
        DC object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
        Last attempt @ 2019-08-04 08:52:07 was successful.

CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\SAMBA4-DC via RPC
        DC object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
        Last attempt @ 2019-08-04 08:52:07 was successful.

DC=DomainDnsZones,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\SAMBA4-DC via RPC
        DC object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
        Last attempt @ 2019-08-04 08:52:07 was successful.

DC=ForestDnsZones,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\SAMBA4-DC via RPC
        DC object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
        Last attempt @ 2019-08-04 08:52:07 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access has been denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access has been denied.


I notice that recurrently differences arise between the bases of my
servers, as follows:

 ldap://WIN-DC1 ldap://SAMBA4-DC -UAdministrator
Password for [EMPRESA\Administrator]:

* Comparing [DOMAIN] context...

* Objects to be compared: 1788

* Result for [DOMAIN]: SUCCESS

* Comparing [CONFIGURATION] context...

* Objects to be compared: 1640

* Result for [CONFIGURATION]: SUCCESS

* Comparing [SCHEMA] context...

* Objects to be compared: 1518

* Result for [SCHEMA]: SUCCESS

* Comparing [DNSDOMAIN] context...

* Objects to be compared: 540

Comparing:
'DC=CMC03,DC=empresa.com.br,CN=MicrosoftDNS,DC=DomainDnsZones,DC=empresa,DC=com,DC=br'
[ldap://WIN-DC1]
'DC= CMC03  ,DC=empresa.com.br,CN=MicrosoftDNS,DC=DomainDnsZones,DC=empresa,DC=com,DC=br'
[ldap://SAMBA4-DC]
    Difference in attribute values:
        dnsRecord =>
['\x04\x00\x01\x00\x05\xf0\x00\x00\xd2\xeeXx\x00\x00\x00<\x00\x00\x00\x00\x1c\xfd7\x00\xac\x15\xa0\x01']
['\x04\x00\x01\x00\x05\xf0\x00\x00\xd0\xeeXx\x00\x00\x00<\x00\x00\x00\x00\x1c\xfd7\x00\xac\x15\xa0\x01']
    FAILED

* Result for [DNSDOMAIN]: FAILURE

SUMMARY
---------

Attributes with different values:

    dnsRecord

* Comparing [DNSFOREST] context...

* Objects to be compared: 35

* Result for [DNSFOREST]: SUCCESS
ERROR: Compare failed: -1

I had already fixed the above error before.

How can I solve this problem?


More information about the samba mailing list