[Samba] Replication fails with (WERR_GEN_FAILURE)
Stefan Kania
stefan at kania-online.de
Wed Oct 21 17:02:25 UTC 2020
Hello,
I set up a domain with two DCs (dns-backend is BIND9_DLZ) on a Debian 10
system. I used either the Debian-packages or the Packages from Louis
(4.12.8). I created an Ansible-role to setup everything, starting from
installing the packages over doing the provision/join up to change the
settings for bind9. The first DC runs fine. After the reboot services
are all present, allthe SRV Record for the first DC are present.
Then I do the join with the second DC. The join worked fine I find the
DC in the DNS I can see the account for the DC. On the second DC I see
all SRV-Records for both DCs, BUT on the first DC I only see the
SRV-Records for the first DC. When I check replication I see:
------------------
root at addc-01:~# samba-tool drs showrepl --summary
There are failing connections
Failing inbound connection:
DC=ForestDnsZones,DC=example,DC=net
Default-First-Site-Name\ADDC-02 via RPC
DSA object GUID: 3394efb8-7f31-48f9-aa11-2791c2426be8
Last attempt @ Wed Oct 21 18:47:05 2020 CEST failed,
result 31 (WERR_GEN_FAILURE)
11 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=example,DC=net
Default-First-Site-Name\ADDC-02 via RPC
DSA object GUID: 3394efb8-7f31-48f9-aa11-2791c2426be8
Last attempt @ Wed Oct 21 18:47:06 2020 CEST failed,
result 31 (WERR_GEN_FAILURE)
11 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=example,DC=net
Default-First-Site-Name\ADDC-02 via RPC
DSA object GUID: 3394efb8-7f31-48f9-aa11-2791c2426be8
Last attempt @ Wed Oct 21 18:47:06 2020 CEST failed,
result 31 (WERR_GEN_FAILURE)
11 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=example,DC=net
Default-First-Site-Name\ADDC-02 via RPC
DSA object GUID: 3394efb8-7f31-48f9-aa11-2791c2426be8
Last attempt @ Wed Oct 21 18:47:06 2020 CEST failed,
result 31 (WERR_GEN_FAILURE)
11 consecutive failure(s).
Last success @ NTTIME(0)
DC=example,DC=net
Default-First-Site-Name\ADDC-02 via RPC
DSA object GUID: 3394efb8-7f31-48f9-aa11-2791c2426be8
Last attempt @ Wed Oct 21 18:47:06 2020 CEST failed,
result 31 (WERR_GEN_FAILURE)
14 consecutive failure(s).
Last success @ NTTIME(0)
------------------
On DC2 the same only with "ADCD-01" as servername.
If I do a replication from dc1 to dc2 everything seems to work:
-------------
root at addc-01:~# samba-tool drs replicate addc-02 addc-01 dc=example,dc=net
Replicate from addc-01 to addc-02 was successful.
-------------
But in the other direction I get:
-------------
root at addc-01:~# samba-tool drs replicate addc-01 addc-02 dc=example,dc=net
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (31, 'WERR_GEN_FAILURE')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 568,
in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 88,
in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
-------------
On the second DC I got an errormessage in both directions:
-------------
root at addc-02:~# samba-tool drs replicate addc-02 addc-01 dc=example,dc=net
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (31, 'WERR_GEN_FAILURE')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 568,
in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 88,
in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
root at addc-02:~# samba-tool drs replicate addc-01 addc-02 dc=example,dc=net
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:10.0.2.15[49152,seal,target_hostname=addc-01,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.0.2.15]
NT_STATUS_UNSUCCESSFUL
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to addc-01
failed - drsException: DRS connection to addc-01 failed: (3221225473,
'{Operation Failed} The requested operation was unsuccessful.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 47,
in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) =
drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 59,
in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server, e))
-------------
No changes where made to smb.conf all default.
samba_updatedns --verbose --all-names
is running on both DCs without any error.
Time is exactly the same on both DCs.
These are the packages I installed via Ansible:
--------------
#Installing all needed packages for Samba-DC with bind9
- name: install samba- and bind9-package for ADDC
apt:
name:
- samba
- libpam-heimdal
- heimdal-clients
- ldb-tools
- winbind
- libpam-winbind
- smbclient
- libnss-winbind
- bind9
- dnsutils
--------------
This is the provision:
--------------
# Provison the first DC with bind9 als DNS-backend
- name: Do the provision if first DC
command: samba-tool domain provision --dns-backend=BIND9_DLZ
--realm={{kerberos_realm}} --domain={{domain_name}}
--adminpass={{admin_password}} --server-role=dc
when:
- is_dc.stdout == "0" and
group_first_dc in group_names
--------------
And this ist the join:
--------------
# Join DC to existing domain with bind9 as DNS-backend
- name: Do the join all other DC
command: samba-tool domain join {{dns_name}} --dns-backend=BIND9_DLZ
DC --realm={{kerberos_realm}} -U administrator
--password={{admin_password}}
when:
- is_dc.stdout == "0" and
group_other_dc in group_names
--------------
I'm out of any idea :-( Need help :-)
Stefan
More information about the samba
mailing list