[Samba] Replication and KCC problems on upgrade

Rowland Penny rpenny at samba.org
Fri Mar 1 09:35:16 UTC 2019

On Thu, 28 Feb 2019 18:04:50 -0600 (CST)
Mike Ray via samba <samba at lists.samba.org> wrote:

> Hello all-
> I am trying to upgrade a old domain to a newer version. The old DCs
> are a custom compiled version of Samba, so instead of upgrading the
> DCs in place, the plan is to upgrade by joining new DCs to the
> domain, replicating data and then shutting down the old ones after
> transferring the FSMO roles.
> I had the new DC (dc3, version 4.9.4-12) replicating to the other DCs
> (dc0, versions 4.0.6-12 and dc1 and dc2, version 4.0.6-8) with no
> known issues. Specifically, "samba-tool dbcheck --cross-ncs" reported
> no issues on any DCs, "samba-tool drs showrepl" reported no issues on
> any DCs and "samba-tool ldapcmp" returned without errors on dc0
> compared to all other DCs.
> Clients and all functions seemed to be behaving appropriately.
> At that point, I demoted dc1 and dc2. The demote command did not
> return errors.
> However, now dc0 and dc3 are having issues. Specifically, "samba-tool
> ldapcmp" run on dc0 compared to dc3 returns:
> Comparing:
> 'CN=6a8bca7c-3069-4ada-be59-100c970d59fd,CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com' [dc0]
> 'CN=6a8bca7c-3069-4ada-be59-100c970d59fd,CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com' [dc3]
> Attributes found only in dc3: fromServer FAILED
> This error is NOT shown when comparing dc3 to dc0.
> While poking around at this, I also found that "samba-tool drs kcc
> dc3" (run on dc0) returns no errors, but "samba-tool drs kcc
> dc0" (run on dc3) fails with:
> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
> ncacn_ip_tcp:::1[49152,seal,target_hostname=dc0,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=::1]
> NT_STATUS_UNSUCCESSFUL ERROR(<call 'samba.drs_utils.drsException'>):
> DRS connection to dc0 failed - drsException: DRS connection to dc0
> failed: (3221225473, '{Operation Failed} The requested operation was
> unsuccessful.')
> Anyone have more information one why the errors are one-sided and
> what I can do about this?
> Thanks,
> Mike Ray

I wonder if this has anything to do with the 'you cannot upgrade
directly from 4.7.x to 4.9.x' bug ? 
I know this might seem strange, but try running ldbedit on your new DC.


More information about the samba mailing list