[Samba] FSMO problems with my 2 DCs
L.P.H. van Belle
belle at bazuin.nl
Fri Dec 4 08:22:36 UTC 2020
Hai,
OS, samba versions, 2 things we always need. Or at least very handy to know.
But i think this will fix it.
Since replication works and run it on YODA2
kinit Administrator
samba-tool fsmo seize --role=all
samba-tool dbcheck --fix
samba-tool dbcheck --fix --cross-nc
samba-tool drs showrepl
All ok? Now check the other server.
All ok, reboot ANAKIN2.
Check again..
For GPE MMC.
File, options, cleanup.
Now Try again with GPE MC editor.
Did this help?
Of not, you can push the full AD-DB from YODA2 to ANAKIN2.
But before you do that, first above steps.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Pierre, BRIEC via samba
> Verzonden: vrijdag 4 december 2020 8:22
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] FSMO problems with my 2 DCs
>
> Hi everybody,
>
> I have a strange thing on my 2 DC servers
> could you perhaps someone can help me?
> The faulty server seems to be anakin2.
> I have 2 DCs (anakin2 and yoda2), one on each site.
> Replication seems to
> work fine
>
> Here are some commands
>
> root at anakin2:~# samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> root at anakin2:~#
>
> root at yoda2:~# samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> root at yoda2:~#
>
> root at anakin2:~# samba-tool fsmo transfer --role=forestdns -Upierre
> Password for [STETHERESE\pierre]:
> ERROR: Failed to add role 'forestdns': LDAP error 16
> LDAP_NO_SUCH_ATTRIBUTE
> - <attribute 'fSMORoleOwner': no matching attribute value
> while deleting
> attribute on
> 'CN=Infrastructure,DC=ForestDnsZones,DC=stetherese,DC=lan'> <>
> root at anakin2:~#
>
> root at anakin2:~# samba-tool fsmo transfer --role=all -Upierre
> ERROR: Transfer of 'rid' role failed: Failed FSMO transfer:
> WERR_GEN_FAILURE
>
> root at yoda2:~# samba-tool drs showrepl
> college\YODA2
> DSA Options: 0x00000001
> DSA object GUID: a3ce80b6-dac6-46ec-ab66-ea8e9fbecde2
> DSA invocationId: b37ad4c3-343e-469e-ace8-9e0f4cfd8e35
>
> ==== INBOUND NEIGHBORS ====
>
> DC=ForestDnsZones,DC=stetherese,DC=lan
> lycee\ANAKIN2 via RPC
> DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> Last attempt @ Thu Dec 3 20:14:58 2020 CET
> was successful
> 0 consecutive failure(s).
> Last success @ Thu Dec 3 20:14:58 2020 CET
>
> DC=DomainDnsZones,DC=stetherese,DC=lan
> lycee\ANAKIN2 via RPC
> DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> Last attempt @ Thu Dec 3 20:16:34 2020 CET
> was successful
> 0 consecutive failure(s).
> Last success @ Thu Dec 3 20:16:34 2020 CET
>
> DC=stetherese,DC=lan
> lycee\ANAKIN2 via RPC
> DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> Last attempt @ Thu Dec 3 20:14:58 2020 CET
> was successful
> 0 consecutive failure(s).
> Last success @ Thu Dec 3 20:14:58 2020 CET
>
> CN=Schema,CN=Configuration,DC=stetherese,DC=lan
> lycee\ANAKIN2 via RPC
> DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> Last attempt @ Thu Dec 3 20:14:58 2020 CET
> was successful
> 0 consecutive failure(s).
> Last success @ Thu Dec 3 20:14:58 2020 CET
>
> CN=Configuration,DC=stetherese,DC=lan
> lycee\ANAKIN2 via RPC
> DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> Last attempt @ Thu Dec 3 20:14:59 2020 CET
> was successful
> 0 consecutive failure(s).
> Last success @ Thu Dec 3 20:14:59 2020 CET
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=ForestDnsZones,DC=stetherese,DC=lan
> lycee\ANAKIN2 via RPC
> DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=stetherese,DC=lan
> lycee\ANAKIN2 via RPC
> DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=stetherese,DC=lan
> lycee\ANAKIN2 via RPC
> DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=stetherese,DC=lan
> lycee\ANAKIN2 via RPC
> DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=stetherese,DC=lan
> lycee\ANAKIN2 via RPC
> DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: 8eaa70a4-cef6-48d9-a7af-40d0863404bf
> Enabled : TRUE
> Server DNS name : anakin2.stetherese.lan
> Server DN name : CN=NTDS
> Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
> Connection name: 522c37ba-6fdc-4705-8892-4d7b4a67ebed
> Enabled : TRUE
> Server DNS name : anakin2.stetherese.lan
> Server DN name : CN=NTDS
> Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> ion,DC=stetherese,DC=lan
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
> root at yoda2:~#
>
> If i run Group Policy MMC, it doesn't see any DC.
> Users&Computers MMC work
> well
> People can connect to computers without problems. All seems to work
> correctly
>
> Is it possible to rejoin a DC if it is already joined?
> What is the best way to solve this problem?
>
> thanks for your answer if someonecan help me.
> Pierre
>
> --
>
>
> *Pierre BRIEC*
>
> *Responsable informatique*
>
> *Ensemble Scolaire Sainte-Thérèse QUIMPER*
>
> informatique at sainte-therese-quimper.org
>
> Collège 02 98 64 44 24 / Lycée 02 98 64 44 34
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list