[Samba] Problems with sysrepl

basti mailinglist at unix-solution.de
Fri Sep 11 09:44:24 UTC 2020 

I have check, the cleanup !! I have nothing found about dc2 or the
objectGUID in LDAP using ldapvi.

fsom are on dc1

The cname /dns etc i have check multiple times.

A, CNAME, objectGUID records are done.
SRV records like LDAP etc. are not.

On 11.09.20 11:29, L.P.H. van Belle via samba wrote:
>> I think all is clean fine.
> You "think"..??   .. You must verify this !  
> 
> Asumption is the mother of all fuckups an old boss of me always said.. 
> And he is right. 
> 
> Run :  samba-tool fsmo show 
> 
> And verify both servers. 
> https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record#The_objectGUID_CNAME_Record
> 
> 
> And go through : 
> https://wiki.samba.org/index.php/Active_Directory_Sites#Setting_up_a_new_Site
> 
> Sorry, but im pretty sure your problem is in this area..
> And you can only fix it by verifying it all. 
> 
> Its not 1 problem your haveing. 
> Its 2 or 3 at the same time..
> One problem is the cause of the other problems. 
> 
> Like, this part. (your latest mail) 
> 
> samba-tool drs replicate DC1 DC2 dc=samdom,dc=example,dc=com
> --full-sync
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (31, 'WERR_GEN_FAILURE')
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 568,
> in run
>     drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
>   File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 88,
> in sendDsReplicaSync
>     raise drsException("DsReplicaSync failed %s" % estr)
> 
> Will never work if you dont check and fixed the objectGUID .
> 
> Mail before that one :
> 
> host -t CNAME d5faff53-a2ef-4449-86ad-e5a55acffa3a._msdcs.samdom.example.com
> 
> I hope its more clear now where to look first. 
> 
> Greetz, 
> 
> Louis
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>> basti via samba
>> Verzonden: vrijdag 11 september 2020 11:09
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Problems with sysrepl
>>
>> I have try "list". without suggess.
>>
>> I think all is clean fine.
>> after rejoin the sync connection in (Default-First-Site-Name) from dc2
>> to dc1 is missing and i still geht this error:
>>
>> Sep 11 11:04:14 dc1 samba[528]: task[dreplsrv][528]: [2020/09/11
>> 11:04:14.336276,  0]
>> ../source4/librpc/rpc/dcerpc_util.c:737(dcerpc_pipe_auth_recv)
>> Sep 11 11:04:14 dc1 samba[528]: task[dreplsrv][528]:   Failed 
>> to bind to
>> uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>> ncacn_ip_tcp:193.137.1.135[49152,seal,krb5,target_hostname=d5f
>> aff53-a2ef-4449-86ad-e5a55acffa3a._msdcs.samdom.example.com,ta
> rget_principal=GC/dc2.samdom.example.com/samdom.example.com,abstract_syntax=e3514235-4b06-11d1-> ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.1.133]
>> NT_STATUS_UNSUCCESSFUL
>>
>> On 11.09.20 10:28, L.P.H. van Belle via samba wrote:
>>>
>>> DC2 need IP DC1 first in the DNS, yes, BUT, the sites GUID 
>> needs to be corrected first. 
>>>
>>> Then, reboot, things should sync.
>>> Then, correct IP in resolv.conf. 
>>>
>>> If this goes wrong, you and up with 2 zones on both server 
>> that are off sync.
>>> I had this ones.. And yes, its always fixable. 
>>>
>>> In worst cased, down DC2 again. 
>>> Sieze FSMO roles to DC1. 
>>> Clean AD and DNS, (and dont forget to clean sites) 
>>> All needs to be checked before a re-join. 
>>>
>>> The order in this fix attempt is most important. 
>>> Dont rush it, take the time to clean the AD and DNS. 
>>>
>>> Not needed to re-install DC2, its basilcy.
>>>
>>> Cleanup /var/lib/samba (and subfolders.)
>>> Cleanup /var/cache/samba (and subfolders.)
>>> Resolv.conf to DC1 IP first, join, reboot.
>>> Resolv.conf to DC2 IP first 
>>> Down samba DC2, 
>>> copy Idmap DC1 to DC2
>>> Start samba DC2
>>>
>>>
>>> Greetz, 
>>>
>>> Louis
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>>>> Rowland penny via samba
>>>> Verzonden: vrijdag 11 september 2020 10:18
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] Problems with sysrepl
>>>>
>>>> On 11/09/2020 09:00, basti via samba wrote:
>>>>> Hello,
>>>>>
>>>>> after demote and rejoun my dc2 i have problems with replication.
>>>>> First of all some srv records on dc1 are missing, on dc2 
>>>> they are exist.
>>>>>
>>>>>
>>>>>
>>>> Start by ensuring that the nameserver in /etc/resolv.conf on 
>>>> dc2 points to its own ipaddress, then reboot.
>>>>
>>>> Rowland
>>>>
>>>>
>>>>
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>
>>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
> 
>

More information about the samba mailing list