[Samba] Problems with sysrepl

L.P.H. van Belle belle at bazuin.nl
Fri Sep 11 09:29:32 UTC 2020 

> I think all is clean fine.
You "think"..??   .. You must verify this !  

Asumption is the mother of all fuckups an old boss of me always said.. 
And he is right. 

Run :  samba-tool fsmo show 

And verify both servers. 
https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record#The_objectGUID_CNAME_Record


And go through : 
https://wiki.samba.org/index.php/Active_Directory_Sites#Setting_up_a_new_Site

Sorry, but im pretty sure your problem is in this area..
And you can only fix it by verifying it all. 

Its not 1 problem your haveing. 
Its 2 or 3 at the same time..
One problem is the cause of the other problems. 

Like, this part. (your latest mail) 

samba-tool drs replicate DC1 DC2 dc=samdom,dc=example,dc=com
--full-sync
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (31, 'WERR_GEN_FAILURE')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 568,
in run
    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 88,
in sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)

Will never work if you dont check and fixed the objectGUID .

Mail before that one :

host -t CNAME d5faff53-a2ef-4449-86ad-e5a55acffa3a._msdcs.samdom.example.com

I hope its more clear now where to look first. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> basti via samba
> Verzonden: vrijdag 11 september 2020 11:09
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Problems with sysrepl
> 
> I have try "list". without suggess.
> 
> I think all is clean fine.
> after rejoin the sync connection in (Default-First-Site-Name) from dc2
> to dc1 is missing and i still geht this error:
> 
> Sep 11 11:04:14 dc1 samba[528]: task[dreplsrv][528]: [2020/09/11
> 11:04:14.336276,  0]
> ../source4/librpc/rpc/dcerpc_util.c:737(dcerpc_pipe_auth_recv)
> Sep 11 11:04:14 dc1 samba[528]: task[dreplsrv][528]:   Failed 
> to bind to
> uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
> ncacn_ip_tcp:193.137.1.135[49152,seal,krb5,target_hostname=d5f
> aff53-a2ef-4449-86ad-e5a55acffa3a._msdcs.samdom.example.com,ta
rget_principal=GC/dc2.samdom.example.com/samdom.example.com,abstract_syntax=e3514235-4b06-11d1-> ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.1.133]
> NT_STATUS_UNSUCCESSFUL
> 
> On 11.09.20 10:28, L.P.H. van Belle via samba wrote:
> > 
> > DC2 need IP DC1 first in the DNS, yes, BUT, the sites GUID 
> needs to be corrected first. 
> > 
> > Then, reboot, things should sync.
> > Then, correct IP in resolv.conf. 
> > 
> > If this goes wrong, you and up with 2 zones on both server 
> that are off sync.
> > I had this ones.. And yes, its always fixable. 
> > 
> > In worst cased, down DC2 again. 
> > Sieze FSMO roles to DC1. 
> > Clean AD and DNS, (and dont forget to clean sites) 
> > All needs to be checked before a re-join. 
> > 
> > The order in this fix attempt is most important. 
> > Dont rush it, take the time to clean the AD and DNS. 
> > 
> > Not needed to re-install DC2, its basilcy.
> > 
> > Cleanup /var/lib/samba (and subfolders.)
> > Cleanup /var/cache/samba (and subfolders.)
> > Resolv.conf to DC1 IP first, join, reboot.
> > Resolv.conf to DC2 IP first 
> > Down samba DC2, 
> > copy Idmap DC1 to DC2
> > Start samba DC2
> > 
> > 
> > Greetz, 
> > 
> > Louis
> > 
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> >> Rowland penny via samba
> >> Verzonden: vrijdag 11 september 2020 10:18
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Problems with sysrepl
> >>
> >> On 11/09/2020 09:00, basti via samba wrote:
> >>> Hello,
> >>>
> >>> after demote and rejoun my dc2 i have problems with replication.
> >>> First of all some srv records on dc1 are missing, on dc2 
> >> they are exist.
> >>>
> >>>
> >>>
> >> Start by ensuring that the nameserver in /etc/resolv.conf on 
> >> dc2 points to its own ipaddress, then reboot.
> >>
> >> Rowland
> >>
> >>
> >>
> >> -- 
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >>
> > 
> > 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list