[Samba] FSMO problems with my 2 DCs
Pierre, BRIEC
pierre.briec at stetherese.net
Fri Dec 4 08:38:59 UTC 2020
Le ven. 4 déc. 2020 à 09:22, L.P.H. van Belle <belle at bazuin.nl> a écrit :
> Hai,
>
> OS, samba versions, 2 things we always need. Or at least very handy to
> know.
> But i think this will fix it.
>
>
> Since replication works and run it on YODA2
>
> kinit Administrator
> samba-tool fsmo seize --role=all
> samba-tool dbcheck --fix
> samba-tool dbcheck --fix --cross-nc
>
> samba-tool drs showrepl
> All ok? Now check the other server.
> All ok, reboot ANAKIN2.
> Check again..
>
Thanks Louis !
it's ok now. I have transferred the fsmo to anakin2 as it's the master for
the sysvol replication
>
> For GPE MMC.
> File, options, cleanup.
> Now Try again with GPE MC editor.
>
It's ok without doing anything.
Have a nice day.
Pierre
>
> Did this help?
> Of not, you can push the full AD-DB from YODA2 to ANAKIN2.
> But before you do that, first above steps.
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Pierre, BRIEC via samba
> > Verzonden: vrijdag 4 december 2020 8:22
> > Aan: samba at lists.samba.org
> > Onderwerp: [Samba] FSMO problems with my 2 DCs
> >
> > Hi everybody,
> >
> > I have a strange thing on my 2 DC servers
> > could you perhaps someone can help me?
> > The faulty server seems to be anakin2.
> > I have 2 DCs (anakin2 and yoda2), one on each site.
> > Replication seems to
> > work fine
> >
> > Here are some commands
> >
> > root at anakin2:~# samba-tool fsmo show
> > SchemaMasterRole owner: CN=NTDS
> > Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > InfrastructureMasterRole owner: CN=NTDS
> > Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > RidAllocationMasterRole owner: CN=NTDS
> > Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > PdcEmulationMasterRole owner: CN=NTDS
> > Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > DomainNamingMasterRole owner: CN=NTDS
> > Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > DomainDnsZonesMasterRole owner: CN=NTDS
> > Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > ForestDnsZonesMasterRole owner: CN=NTDS
> > Settings,CN=YODA2,CN=Servers,CN=college,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > root at anakin2:~#
> >
> > root at yoda2:~# samba-tool fsmo show
> > SchemaMasterRole owner: CN=NTDS
> > Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > InfrastructureMasterRole owner: CN=NTDS
> > Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > RidAllocationMasterRole owner: CN=NTDS
> > Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > PdcEmulationMasterRole owner: CN=NTDS
> > Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > DomainNamingMasterRole owner: CN=NTDS
> > Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > DomainDnsZonesMasterRole owner: CN=NTDS
> > Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > ForestDnsZonesMasterRole owner: CN=NTDS
> > Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > root at yoda2:~#
> >
> > root at anakin2:~# samba-tool fsmo transfer --role=forestdns -Upierre
> > Password for [STETHERESE\pierre]:
> > ERROR: Failed to add role 'forestdns': LDAP error 16
> > LDAP_NO_SUCH_ATTRIBUTE
> > - <attribute 'fSMORoleOwner': no matching attribute value
> > while deleting
> > attribute on
> > 'CN=Infrastructure,DC=ForestDnsZones,DC=stetherese,DC=lan'> <>
> > root at anakin2:~#
> >
> > root at anakin2:~# samba-tool fsmo transfer --role=all -Upierre
> > ERROR: Transfer of 'rid' role failed: Failed FSMO transfer:
> > WERR_GEN_FAILURE
> >
> > root at yoda2:~# samba-tool drs showrepl
> > college\YODA2
> > DSA Options: 0x00000001
> > DSA object GUID: a3ce80b6-dac6-46ec-ab66-ea8e9fbecde2
> > DSA invocationId: b37ad4c3-343e-469e-ace8-9e0f4cfd8e35
> >
> > ==== INBOUND NEIGHBORS ====
> >
> > DC=ForestDnsZones,DC=stetherese,DC=lan
> > lycee\ANAKIN2 via RPC
> > DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> > Last attempt @ Thu Dec 3 20:14:58 2020 CET
> > was successful
> > 0 consecutive failure(s).
> > Last success @ Thu Dec 3 20:14:58 2020 CET
> >
> > DC=DomainDnsZones,DC=stetherese,DC=lan
> > lycee\ANAKIN2 via RPC
> > DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> > Last attempt @ Thu Dec 3 20:16:34 2020 CET
> > was successful
> > 0 consecutive failure(s).
> > Last success @ Thu Dec 3 20:16:34 2020 CET
> >
> > DC=stetherese,DC=lan
> > lycee\ANAKIN2 via RPC
> > DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> > Last attempt @ Thu Dec 3 20:14:58 2020 CET
> > was successful
> > 0 consecutive failure(s).
> > Last success @ Thu Dec 3 20:14:58 2020 CET
> >
> > CN=Schema,CN=Configuration,DC=stetherese,DC=lan
> > lycee\ANAKIN2 via RPC
> > DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> > Last attempt @ Thu Dec 3 20:14:58 2020 CET
> > was successful
> > 0 consecutive failure(s).
> > Last success @ Thu Dec 3 20:14:58 2020 CET
> >
> > CN=Configuration,DC=stetherese,DC=lan
> > lycee\ANAKIN2 via RPC
> > DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> > Last attempt @ Thu Dec 3 20:14:59 2020 CET
> > was successful
> > 0 consecutive failure(s).
> > Last success @ Thu Dec 3 20:14:59 2020 CET
> >
> > ==== OUTBOUND NEIGHBORS ====
> >
> > DC=ForestDnsZones,DC=stetherese,DC=lan
> > lycee\ANAKIN2 via RPC
> > DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > DC=DomainDnsZones,DC=stetherese,DC=lan
> > lycee\ANAKIN2 via RPC
> > DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > DC=stetherese,DC=lan
> > lycee\ANAKIN2 via RPC
> > DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > CN=Schema,CN=Configuration,DC=stetherese,DC=lan
> > lycee\ANAKIN2 via RPC
> > DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > CN=Configuration,DC=stetherese,DC=lan
> > lycee\ANAKIN2 via RPC
> > DSA object GUID: 4ea157a5-208c-44df-832f-c4eb156ffcb5
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > ==== KCC CONNECTION OBJECTS ====
> >
> > Connection --
> > Connection name: 8eaa70a4-cef6-48d9-a7af-40d0863404bf
> > Enabled : TRUE
> > Server DNS name : anakin2.stetherese.lan
> > Server DN name : CN=NTDS
> > Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > TransportType: RPC
> > options: 0x00000001
> > Warning: No NC replicated for Connection!
> > Connection --
> > Connection name: 522c37ba-6fdc-4705-8892-4d7b4a67ebed
> > Enabled : TRUE
> > Server DNS name : anakin2.stetherese.lan
> > Server DN name : CN=NTDS
> > Settings,CN=ANAKIN2,CN=Servers,CN=lycee,CN=Sites,CN=Configurat
> > ion,DC=stetherese,DC=lan
> > TransportType: RPC
> > options: 0x00000001
> > Warning: No NC replicated for Connection!
> > root at yoda2:~#
> >
> > If i run Group Policy MMC, it doesn't see any DC.
> > Users&Computers MMC work
> > well
> > People can connect to computers without problems. All seems to work
> > correctly
> >
> > Is it possible to rejoin a DC if it is already joined?
> > What is the best way to solve this problem?
> >
> > thanks for your answer if someonecan help me.
> > Pierre
> >
> > --
> >
> >
> > *Pierre BRIEC*
> >
> > *Responsable informatique*
> >
> > *Ensemble Scolaire Sainte-Thérèse QUIMPER*
> >
> > informatique at sainte-therese-quimper.org
> >
> > Collège 02 98 64 44 24 / Lycée 02 98 64 44 34
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
--
*Pierre BRIEC*
*Responsable informatique*
*Ensemble Scolaire Sainte-Thérèse QUIMPER*
informatique at sainte-therese-quimper.org
Collège 02 98 64 44 24 / Lycée 02 98 64 44 34
More information about the samba
mailing list