[Samba] FSMO problems with my 2 DCs

Pierre, BRIEC pierre.briec at stetherese.net
Fri Dec 4 07:22:06 UTC 2020 

Hi everybody,

I have a strange thing on my 2 DC servers
could you perhaps someone can help me?
The faulty server seems to be anakin2.
I have 2 DCs (anakin2 and yoda2), one on each site. Replication seems to
work fine

Here are some commands

root at anakin2:~# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
root at anakin2:~#

root at yoda2:~# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
root at yoda2:~#

root at anakin2:~# samba-tool fsmo transfer --role=forestdns -Upierre
Password for [STETHERESE\pierre]:
ERROR: Failed to add role 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE
-  <attribute 'fSMORoleOwner': no matching attribute value while deleting
attribute on 'CN=Infrastructure,DC=ForestDnsZones,DC=stetherese,DC=lan'> <>
root at anakin2:~#

root at anakin2:~# samba-tool fsmo transfer --role=all -Upierre
ERROR: Transfer of 'rid' role failed: Failed FSMO transfer: WERR_GEN_FAILURE

root at yoda2:~# samba-tool drs showrepl
college\YODA2
DSA Options: 0x00000001
DSA object GUID: a3ce80b6-dac6-46ec-ab66-ea8e9fbecde2
DSA invocationId: b37ad4c3-343e-469e-ace8-9e0f4cfd8e35

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=stetherese,DC=lan
        lycee\ANAKIN2 via RPC
                DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
                Last attempt @ Thu Dec  3 20:14:58 2020 CET was successful
                0 consecutive failure(s).
                Last success @ Thu Dec  3 20:14:58 2020 CET

DC=DomainDnsZones,DC=stetherese,DC=lan
        lycee\ANAKIN2 via RPC
                DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
                Last attempt @ Thu Dec  3 20:16:34 2020 CET was successful
                0 consecutive failure(s).
                Last success @ Thu Dec  3 20:16:34 2020 CET

DC=stetherese,DC=lan
        lycee\ANAKIN2 via RPC
                DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
                Last attempt @ Thu Dec  3 20:14:58 2020 CET was successful
                0 consecutive failure(s).
                Last success @ Thu Dec  3 20:14:58 2020 CET

CN=Schema,CN=Configuration,DC=stetherese,DC=lan
        lycee\ANAKIN2 via RPC
                DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
                Last attempt @ Thu Dec  3 20:14:58 2020 CET was successful
                0 consecutive failure(s).
                Last success @ Thu Dec  3 20:14:58 2020 CET

CN=Configuration,DC=stetherese,DC=lan
        lycee\ANAKIN2 via RPC
                DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
                Last attempt @ Thu Dec  3 20:14:59 2020 CET was successful
                0 consecutive failure(s).
                Last success @ Thu Dec  3 20:14:59 2020 CET

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=stetherese,DC=lan
        lycee\ANAKIN2 via RPC
                DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=stetherese,DC=lan
        lycee\ANAKIN2 via RPC
                DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=stetherese,DC=lan
        lycee\ANAKIN2 via RPC
                DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=stetherese,DC=lan
        lycee\ANAKIN2 via RPC
                DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=stetherese,DC=lan
        lycee\ANAKIN2 via RPC
                DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 8eaa70a4-cef6-48d9-a7af-40d0863404bf
        Enabled        : TRUE
        Server DNS name : anakin2.stetherese.lan
        Server DN name  : CN=NTDS
Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
        Connection name: 522c37ba-6fdc-4705-8892-4d7b4a67ebed
        Enabled        : TRUE
        Server DNS name : anakin2.stetherese.lan
        Server DN name  : CN=NTDS
Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configuration,DC=stetherese,DC=lan
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
root at yoda2:~#

If i run Group Policy MMC, it doesn't see any DC. Users&Computers MMC work
well
People can connect to computers without problems. All seems to work
correctly

Is it possible to rejoin a DC if it is already joined?
What is the best way to solve this problem?

thanks for your answer if someonecan help me.
Pierre

-- 


*Pierre BRIEC*

*Responsable informatique*

*Ensemble Scolaire Sainte-Thérèse QUIMPER*

informatique at sainte-therese-quimper.org

Collège 02 98 64 44 24 / Lycée 02 98 64 44 34

More information about the samba mailing list