[Samba] WERR_DS_DRA_SCHEMA_MISMATCH against a W2008R2 DC
Rowland penny
rpenny at samba.org
Fri Jun 19 14:16:33 UTC 2020
On 19/06/2020 14:53, Marcio Merlone via samba wrote:
> Hi,
>
> I have two Samba 4.12.3 DCs (eucalipto and aroeira) on a Debian Buster
> and a Windows 2008R2 DC (antares). Replication got broken:
>
> root at eucalipto:~# samba-tool drs replicate antares eucalipto
> DC=ad,DC=a1,DC=ind,DC=br
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH')
> File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 577,
> in run
> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
> File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92,
> in sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
> root at eucalipto:~#
>
> root at eucalipto:~# samba-tool ldapcmp ldap://eucalipto ldap://antares
> configuration
>
> * Comparing [CONFIGURATION] context...
>
> * Objects to be compared: 1695
>
> Comparing:
> 'CN=AROEIRA,CN=SERVERS,CN=ABL-CURITIBA-IGUACU,CN=SITES,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR'
> [ldap://eucalipto]
> 'CN=AROEIRA,CN=SERVERS,CN=ABL-CURITIBA-IGUACU,CN=SITES,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR'
> [ldap://antares]
> Difference in attribute values:
> serverReference =>
> [b'CN=AROEIRA,OU=Domain Controllers,DC=ad,DC=a1,DC=ind,DC=br']
> [b'CN=AROEIRA\\0ACNF:0a341e37-f3e4-486d-9d96-ced9adbcb2ee,OU=Domain
> Controllers,DC=ad,DC=a1,DC=ind,DC=br']
The '\\OACNF' means this is a collision, two things tried to create the
record at the same time, so it might be an idea to demote the DC, then
ensure that AD is okay and rejoin the DC.
Rowland
More information about the samba
mailing list