[Samba] synchronization problem between DC

Marcio Demetrio Bacci marciobacci at gmail.com
Mon Aug 5 19:31:48 UTC 2019 

Hi,

Messages Checked in Windows Server 2008 Event Log:

Description:
Computer session configuration 'COMP010' failed because the security
database does not contain a trust account 'COMP010$' referenced by the
specified computer.

USER ACTION
If this is the first occurrence of this event for the specified computer
and account, it may be a transient issue that requires no action at this
time. Otherwise, the following steps can be performed to resolve the issue:

If 'COMP010 $' is a legitimate computer account for computer 'COMP010',
'COMP010' must rejoin the domain.

If 'COMP010 $' is a legitimate cross-domain trust account, the trust must
be re-created.

Otherwise, assuming that 'COMP010$' is not a legitimate account, the
following action should be taken against 'COMP010':

If 'COMP010' is a domain controller, the reliability associated with
'COMP010$' must be excluded.

If 'COMP010' is not a domain controller, it must be removed from the domain.


Description:
Authentication of the COMP010 computer session configuration failed. Error:
Access denied.

Regards,

Márcio Bacci

Em seg, 5 de ago de 2019 às 14:10, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:

> Hi,
>
> I have noticed that there are problems synchronizing between DC Primary
> Samba 4 and DC Secondary Windows Server 2008. I have already fixed the
> issue with the ldbedit command and everything was fine. Over time
> inconsistencies occur between the DCs again, as shown below:
>
> samba-tool ldapcmp ldap://WIN-DC1 ldap://SAMBA4-DC -UAdministrator
> Password for [EMPRESA\Administrator]:
>
> Comparing:
> 'CN=joao,CN=Users,DC=empresa,DC=com,DC=br' [ldap://WIN-DC1]
> 'CN=joao,CN=Users,DC=empresa,DC=com,DC=br' [ldap://SAMBA4-DC]
>     Difference in attribute values:
>         lastLogonTimestamp =>
> ['132085404533315712']
> ['132094843457427790']
>     FAILED
>
> Comparing:
> 'CN=jose,CN=Users,DC=empresa,DC=com,DC=br' [ldap://WIN-DC1]
> 'CN=jose,CN=Users,DC=empresa,DC=com,DC=br' [ldap://SAMBA4-DC]
>     Difference in attribute values:
>         lastLogonTimestamp =>
> ['132085555683152615']
> ['132094821763074670']
>     FAILED
>
>
> Comparing:
> 'DC=COMP101,DC=empresa.com.br,CN=MicrosoftDNS,DC=DomainDnsZones,DC=empresa,DC=com,DC=br'
> [ldap://WIN-DC1]
> 'DC=COMP101,DC=empresa.com.br,CN=MicrosoftDNS,DC=DomainDnsZones,DC=empresa,DC=com,DC=br'
> [ldap://SAMBA4-DC]
>     Difference in attribute values:
>         dnsRecord =>
>
> ['\x04\x00\x01\x00\x05\xf0\x00\x00\xdd\x05Yx\x00\x00\x00<\x00\x00\x00\x005\xfd7\x00\xac\x15\xa0\x01']
>
> ['\x04\x00\x01\x00\x05\xf0\x00\x00\xdb\x05Yx\x00\x00\x00<\x00\x00\x00\x005\xfd7\x00\xac\x15\xa0\x01']
>     FAILED
>
> * Result for [DNSDOMAIN]: FAILURE
>
> Does this problem occur because of the Windows Server 2008 server?
>
> Would anyone know why this loss of synchronization occurs?
>
> Regards,
>
> Márcio Bacci
>

More information about the samba mailing list