[Samba] Problems with sysrepl

basti mailinglist at unix-solution.de
Fri Sep 11 08:00:53 UTC 2020


Hello,

after demote and rejoun my dc2 i have problems with replication.
First of all some srv records on dc1 are missing, on dc2 they are exist.



root at dc2:~# dig srv _ldap._tcp.ForestDnsZones.samdom.example.com
@dc2.samdom.example.com.

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> srv
_ldap._tcp.ForestDnsZones.samdom.example.com @dc2.samdom.example.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24006
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 02673acd16cc5898631a26895f5b2dc871b581bdeff30034 (good)
;; QUESTION SECTION:
;_ldap._tcp.ForestDnsZones.samdom.example.com. IN SRV

;; ANSWER SECTION:
_ldap._tcp.ForestDnsZones.samdom.example.com. 900 IN SRV 0 100 389
dc1.samdom.example.com.
_ldap._tcp.ForestDnsZones.samdom.example.com. 900 IN SRV 0 100 389
dc2.samdom.example.com.

;; AUTHORITY SECTION:
samdom.example.com.	900	IN	NS	dc1.samdom.example.com.
samdom.example.com.	900	IN	NS	dc2.samdom.example.com.


root at dc2:~# dig srv _ldap._tcp.ForestDnsZones.samdom.example.com
@dc1.samdom.example.com.

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> srv
_ldap._tcp.ForestDnsZones.samdom.example.com @dc1.samdom.example.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27953
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: ac11efdc0079349e6f510d165f5b2d77d220607c8b2be893 (good)
;; QUESTION SECTION:
;_ldap._tcp.ForestDnsZones.samdom.example.com. IN SRV

;; ANSWER SECTION:
_ldap._tcp.ForestDnsZones.samdom.example.com. 900 IN SRV 0 100 389
dc1.samdom.example.com.

;; AUTHORITY SECTION:
samdom.example.com.	900	IN	NS	dc2.samdom.example.com.
samdom.example.com.	900	IN	NS	dc1.samdom.example.com.


In the journal I get also get relocation erros.

task[dcesrv][520]: [2020/09/11 09:48:40.728120,  0]
../source4/rpc_server/drsuapi/updaterefs.c:374(dcesrv_drsuapi_DsReplicaUpdateRefs)
Sep 11 09:48:40 dc1 samba[520]: task[dcesrv][520]:
../source4/rpc_server/drsuapi/updaterefs.c:374: Refusing
DsReplicaUpdateRefs for sid
S-1-5-21-1732978637-3172972945-805327809-1180 with GUID
6397e622-4305-4a6e-ba1b-8adbbbd5eace

or

Sep 11 09:50:22 dc1 samba[528]: task[dreplsrv][528]: [2020/09/11
09:50:22.081293,  0]
../source4/librpc/rpc/dcerpc_util.c:737(dcerpc_pipe_auth_recv)
Sep 11 09:50:22 dc1 samba[528]: task[dreplsrv][528]:   Failed to bind to
uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.1.135[49152,seal,krb5,target_hostname=1d4c0c04-1fa8-4873-9987-212af8558bfb._msdcs.samdom.example.com,target_principal=GC/dc2.samdom.example.com/samdom.example.com,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.1.133]
NT_STATUS_UNSUCCESSFUL


Is there a way to fix it without reinstall the whole domain forest?



More information about the samba mailing list