[Samba] Problems with sysrepl

L.P.H. van Belle belle at bazuin.nl
Fri Sep 11 09:55:11 UTC 2020 

Get this, 

https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh  
Run it, anonymize it and post it. 
For both AD-DC's. 

I want to see a full check on the base setup of the server. 
If you dont mind ;-) 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> basti via samba
> Verzonden: vrijdag 11 september 2020 11:44
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Problems with sysrepl
> 
> I have check, the cleanup !! I have nothing found about dc2 or the
> objectGUID in LDAP using ldapvi.
> 
> fsom are on dc1
> 
> The cname /dns etc i have check multiple times.
> 
> A, CNAME, objectGUID records are done.
> SRV records like LDAP etc. are not.
> 
> On 11.09.20 11:29, L.P.H. van Belle via samba wrote:
> >> I think all is clean fine.
> > You "think"..??   .. You must verify this !  
> > 
> > Asumption is the mother of all fuckups an old boss of me 
> always said.. 
> > And he is right. 
> > 
> > Run :  samba-tool fsmo show 
> > 
> > And verify both servers. 
> > 
> https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_D
> NS_Record#The_objectGUID_CNAME_Record
> > 
> > 
> > And go through : 
> > 
> https://wiki.samba.org/index.php/Active_Directory_Sites#Settin
> g_up_a_new_Site
> > 
> > Sorry, but im pretty sure your problem is in this area..
> > And you can only fix it by verifying it all. 
> > 
> > Its not 1 problem your haveing. 
> > Its 2 or 3 at the same time..
> > One problem is the cause of the other problems. 
> > 
> > Like, this part. (your latest mail) 
> > 
> > samba-tool drs replicate DC1 DC2 dc=samdom,dc=example,dc=com
> > --full-sync
> > ERROR(<class 'samba.drs_utils.drsException'>): 
> DsReplicaSync failed -
> > drsException: DsReplicaSync failed (31, 'WERR_GEN_FAILURE')
> >   File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 568,
> > in run
> >     drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> > source_dsa_guid, NC, req_options)
> >   File 
> "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 88,
> > in sendDsReplicaSync
> >     raise drsException("DsReplicaSync failed %s" % estr)
> > 
> > Will never work if you dont check and fixed the objectGUID .
> > 
> > Mail before that one :
> > 
> > host -t CNAME 
> d5faff53-a2ef-4449-86ad-e5a55acffa3a._msdcs.samdom.example.com
> > 
> > I hope its more clear now where to look first. 
> > 
> > Greetz, 
> > 
> > Louis
> > 
> > 
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> >> basti via samba
> >> Verzonden: vrijdag 11 september 2020 11:09
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Problems with sysrepl
> >>
> >> I have try "list". without suggess.
> >>
> >> I think all is clean fine.
> >> after rejoin the sync connection in 
> (Default-First-Site-Name) from dc2
> >> to dc1 is missing and i still geht this error:
> >>
> >> Sep 11 11:04:14 dc1 samba[528]: task[dreplsrv][528]: [2020/09/11
> >> 11:04:14.336276,  0]
> >> ../source4/librpc/rpc/dcerpc_util.c:737(dcerpc_pipe_auth_recv)
> >> Sep 11 11:04:14 dc1 samba[528]: task[dreplsrv][528]:   Failed 
> >> to bind to
> >> uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
> >> ncacn_ip_tcp:193.137.1.135[49152,seal,krb5,target_hostname=d5f
> >> aff53-a2ef-4449-86ad-e5a55acffa3a._msdcs.samdom.example.com,ta
> > 
> rget_principal=GC/dc2.samdom.example.com/samdom.example.com,ab
> stract_syntax=e3514235-4b06-11d1-> 
> ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.1.133]
> >> NT_STATUS_UNSUCCESSFUL
> >>
> >> On 11.09.20 10:28, L.P.H. van Belle via samba wrote:
> >>>
> >>> DC2 need IP DC1 first in the DNS, yes, BUT, the sites GUID 
> >> needs to be corrected first. 
> >>>
> >>> Then, reboot, things should sync.
> >>> Then, correct IP in resolv.conf. 
> >>>
> >>> If this goes wrong, you and up with 2 zones on both server 
> >> that are off sync.
> >>> I had this ones.. And yes, its always fixable. 
> >>>
> >>> In worst cased, down DC2 again. 
> >>> Sieze FSMO roles to DC1. 
> >>> Clean AD and DNS, (and dont forget to clean sites) 
> >>> All needs to be checked before a re-join. 
> >>>
> >>> The order in this fix attempt is most important. 
> >>> Dont rush it, take the time to clean the AD and DNS. 
> >>>
> >>> Not needed to re-install DC2, its basilcy.
> >>>
> >>> Cleanup /var/lib/samba (and subfolders.)
> >>> Cleanup /var/cache/samba (and subfolders.)
> >>> Resolv.conf to DC1 IP first, join, reboot.
> >>> Resolv.conf to DC2 IP first 
> >>> Down samba DC2, 
> >>> copy Idmap DC1 to DC2
> >>> Start samba DC2
> >>>
> >>>
> >>> Greetz, 
> >>>
> >>> Louis
> >>>
> >>>> -----Oorspronkelijk bericht-----
> >>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> >>>> Rowland penny via samba
> >>>> Verzonden: vrijdag 11 september 2020 10:18
> >>>> Aan: samba at lists.samba.org
> >>>> Onderwerp: Re: [Samba] Problems with sysrepl
> >>>>
> >>>> On 11/09/2020 09:00, basti via samba wrote:
> >>>>> Hello,
> >>>>>
> >>>>> after demote and rejoun my dc2 i have problems with replication.
> >>>>> First of all some srv records on dc1 are missing, on dc2 
> >>>> they are exist.
> >>>>>
> >>>>>
> >>>>>
> >>>> Start by ensuring that the nameserver in /etc/resolv.conf on 
> >>>> dc2 points to its own ipaddress, then reboot.
> >>>>
> >>>> Rowland
> >>>>
> >>>>
> >>>>
> >>>> -- 
> >>>> To unsubscribe from this list go to the following URL 
> and read the
> >>>> instructions:  https://lists.samba.org/mailman/options/samba
> >>>>
> >>>>
> >>>
> >>>
> >>
> >> -- 
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >>
> > 
> > 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list