[Samba] Replication failing with Win 2012 R2 (maybe)
gabben
gabbenx at gmail.com
Tue Feb 25 20:21:07 UTC 2020
Hello All,
WIndows DC reports (not for the entire directory, just a portion. See outputs below).
"The replication operation failed because of a schema mismatch between the servers involved.”
I suspect the error is a red herring.
Running several Samba DCs at multiple sites.
Version 4.11.6-Debian from Louis’s repo (on Ubuntu 18)
“vdcw00” is the Windows 2012 R2 server
“cdcx15” is the Samba Domain Controller
Schema version is 69
Command: (on cdcx15)
sudo /usr/bin/samba-tool ldapcmp -d9 --filter="whenChanged,dc,DC,cn,CN" ldap://cdcx15 ldap://vdcw00 -Umyadminuser
Errors:
ERROR(<class 'KeyError'>): uncaught exception - 'managedObjects'
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 957, in run
if b1.diff(b2):
File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 781, in diff
if object1 == object2:
File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 549, in __eq__
return self.cmp_attrs(other)
File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 590, in cmp_attrs
if isinstance(self.attributes[x], list) and isinstance(other.attributes[x], list):
Command: (on cdcx15)
sudo samba-tool drs replicate vdcw00 cdcx15 DC=MY,DC=ORGNAME,DC=TLD --sync-all --full-sync -d9
Error:
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
out: struct drsuapi_DsReplicaSync
result : WERR_DS_DRA_INVALID_PARAMETER
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (8437, 'WERR_DS_DRA_INVALID_PARAMETER')
File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 577, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
=====
smb.conf
[global]
idmap_ldb:use rfc2307 = True
log level = dsdb_audit:4 acls:4 dsdb_json_audit:4@/var/log/samba/sam_audit.json dsdb_password_audit:5 dsdb_password_json_audit:5@/var/log/samba/passwd_change.json auth_audit:5 auth_json_audit:3@/var/log/samba/auth_audit.json auth:3 passdb:4 winbind:2
logging = syslog at 2 file:2
netbios name = CDCX15
realm = MY.ORGNAME.TLD
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
tls cafile = tls/int_ca.pem
tls certfile = tls/cert.pem
tls enabled = True
tls keyfile = tls/cert.key
workgroup = ORGNAME
[netlogon]
path = /var/lib/samba/sysvol/my.orgname.tld/scripts
read only = False
[sysvol]
path = /var/lib/samba/sysvol
read only = False
=====
repadmin /showrepl (on the Windows DC “vdcw00”)
C:\Windows\system32>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
sv2\VDCW00
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 8061349d-41dc-48d6-b782-d30b7bf9627d
DSA invocationID: 82dd2ddf-1f5f-4dd6-acfd-4fa18fc8c4f0
==== INBOUND NEIGHBORS ======================================
DC=my,DC=orgname,DC=tld
sv2\CDCX17 via RPC
DSA object GUID: 79f10c50-b533-4718-a949-c6d3ac018526
Last attempt @ 2020-02-25 11:25:17 was delayed for a normal reason, result 8418 (0x20e2):
The replication operation failed because of a schema mismatch between the servers involved.
Last success @ 2020-02-17 19:01:07.
sv2\CDCX15 via RPC
DSA object GUID: 8d7427e1-bb65-44db-a046-32037823805f
Last attempt @ 2020-02-25 11:25:18 was delayed for a normal reason, result 8418 (0x20e2):
The replication operation failed because of a schema mismatch between the servers involved.
Last success @ 2020-02-17 19:01:06.
CN=Configuration,DC=my,DC= orgname,DC= tld
sv2\CDCX15 via RPC
DSA object GUID: 8d7427e1-bb65-44db-a046-32037823805f
Last attempt @ 2020-02-25 11:23:31 was successful.
sv2\CDCX17 via RPC
DSA object GUID: 79f10c50-b533-4718-a949-c6d3ac018526
Last attempt @ 2020-02-25 11:23:37 was successful.
CN=Schema,CN=Configuration,DC=my,DC= orgname,DC=tld
sv2\CDCX17 via RPC
DSA object GUID: 79f10c50-b533-4718-a949-c6d3ac018526
Last attempt @ 2020-02-25 11:25:18 was successful.
sv2\CDCX15 via RPC
DSA object GUID: 8d7427e1-bb65-44db-a046-32037823805f
Last attempt @ 2020-02-25 11:25:18 was successful.
DC=ForestDnsZones,DC=my,DC= orgname,DC= tld
sv2\CDCX17 via RPC
DSA object GUID: 79f10c50-b533-4718-a949-c6d3ac018526
Last attempt @ 2020-02-25 10:55:25 was successful.
sv2\CDCX15 via RPC
DSA object GUID: 8d7427e1-bb65-44db-a046-32037823805f
Last attempt @ 2020-02-25 10:55:29 was successful.
DC=DomainDnsZones,DC=my,DC= orgname,DC= tld
sv2\CDCX15 via RPC
DSA object GUID: 8d7427e1-bb65-44db-a046-32037823805f
Last attempt @ 2020-02-25 11:25:17 was successful.
sv2\CDCX17 via RPC
DSA object GUID: 79f10c50-b533-4718-a949-c6d3ac018526
Last attempt @ 2020-02-25 11:25:17 was successful.
=====
from cdcx15 “samba-tool drs showrepl"
==== INBOUND NEIGHBORS ====
.
.
.
DC=na,DC=joby,DC=aero
sv2\VDCW00 via RPC
DSA object GUID: 8061349d-41dc-48d6-b782-d30b7bf9627d
Last attempt @ Tue Feb 25 20:15:22 2020 UTC was successful
0 consecutive failure(s).
Last success @ Tue Feb 25 20:15:22 2020 UTC
==== OUTBOUND NEIGHBORS ====
DC=na,DC=joby,DC=aero
sv2\VDCW00 via RPC
DSA object GUID: 8061349d-41dc-48d6-b782-d30b7bf9627d
Last attempt @ Tue Feb 25 20:17:30 2020 UTC was successful
0 consecutive failure(s).
Last success @ Tue Feb 25 20:17:30 2020 UTC
More information about the samba
mailing list