[Samba] dns replication error due to deleted records

Rowland penny rpenny at samba.org
Fri Oct 11 14:12:48 UTC 2019 

On 11/10/2019 14:58, Luca Olivetti via samba wrote:
> El 10/10/19 a les 20:23, Luca Olivetti via samba ha escrit:
>> Today I noticed something that has been going on for some weeks:
>>
>> I have 2 dc, (dc1 and dc2) both debian buster with the distro 
>> provided samba (4.9.5), recently upgraded from stretch.
>>
>> samba-tool drs showrepl on dc2 says
>>
>> DC=DomainDnsZones,DC=samba,DC=wetron,DC=es
>>          Default-First-Site-Name\DC1 via RPC
>>                  DSA object GUID: 89812346-9037-43b0-86ab-c5052f55125d
>>                  Last attempt @ Thu Oct 10 20:05:28 2019 CEST failed, 
>> result 58 (WERR_BAD_NET_RESP)
>>                  273 consecutive failure(s).
>>                  Last success @ Thu Oct 10 12:05:27 2019 CEST
>>
>> (the rest of the incoming replications are fine, only the 
>> DomainDnsZone fails).
>>
>> It turns out that dc2 chokes on "\0ADEL" dns records, supposedly 
>> deleted objects.
>>
>> I found a "solution" here:
>>
>> https://www.dotnetcatch.com/2018/06/19/samba-replication-failures/
>>
>> The procedure to solve it is not exactly the same but it put me on 
>> the, hopefully, right track. I scripted it since it got tiresome and 
>> it solved the replication problem, for a while, but now it reappeared 
>> (that's the message above).
>>
>> This started on September 25, when I upgraded dc2 from stretch to 
>> buster. A few days later I also upgraded dc1 (it was still running 
>> jessie).
>>
>> I'm using internal dns and the dhcp server talks to dc1 to update the 
>> dns records, that would explain why there are records to replicate 
>> but doesn't explain why samba fails (when it didn't before).
>
> The problem persists :-(
>
> DC=DomainDnsZones,DC=samba,DC=wetron,DC=es
>         Default-First-Site-Name\DC1 via RPC
>                 DSA object GUID: 89812346-9037-43b0-86ab-c5052f55125d
>                 Last attempt @ Fri Oct 11 15:50:30 2019 CEST failed, 
> result 58 (WERR_BAD_NET_RESP)
>                 283 consecutive failure(s).
>                 Last success @ Fri Oct 11 08:35:30 2019 CEST
>
> samba-tool dbcheck --cross-ncs gives no error on both DCs (though dc1 
> is reporting 20276 objects and dc2 20180, after cleaning the bad 
> entries the count is 20272 on dc1 and 20208 on dc2)
>
>
> The strange thing is that this is happening now with both DCs running 
> buster with the same samba version and never happened when dc1 was 
> running jessie and dc2 stretch.
>
> Bye

Try running this on a DC:

samba-tool ldapcmp ldap://DC1 ldap://DC2 
--filter='whenChanged,dc,DC,cn,CN,ou,OU'

Replace 'DC1' and 'DC2' with your actual DC short hostnames

It should tell you the differences.

Rowland

More information about the samba mailing list