[Samba] WERR_BAD_NET_RESP on replication

Rowland penny rpenny at samba.org
Sun Sep 20 08:16:46 UTC 2020 

On 20/09/2020 00:30, Elias Pereira via samba wrote:
> hi,
>
> I listed the 0ADEL entries with the command below and didn't find the
> object.
> # ldbsearch --cross-ncs --show-deleted -H /var/lib/samba/private/sam.ldb |
> grep "\0ADEL"
>
> I tried to delete using the command below, but it says it doesn't exist.
> # ldbdel -H /var/lib/samba/private/sam.ldb
> "<GUID=44b7fb44-1a88-42a4-854b-60bddd391577>" --show-deleted --relax
> delete of '' failed - (No such object) Base-DN
> '<GUID=44b7fb44-1a88-42a4-854b-60bdddd391577>' not found
>
> But, if I run the samba-tool dbcheck --cross-ncs --reset-well-known-acls
> --fix --yes command, the entry appear and in the samba log
> shows:
>
> Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19
> 20:18:58.104688,  0] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]:   ldb: No
> objectClass found in replPropertyMetaData for
> CN=ISAIAS\0ADEL:44b7fb44-1a88-42a4-854b-60bddd391577,CN=Deleted
> Objects,DC=mycompany,DC=net!
> Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]:
> Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19
> 20:18:58.108351,  0]
> ../../source4/dsdb/repl/drepl_out_helpers.c:1184(dreplsrv_op_pull_source_apply_changes_trigger)
> Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]:   Failed to commit
> objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
> Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19
> 20:23:58.057693,  0] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]:   ldb: No
> objectClass found in replPropertyMetaData for
> CN=ISAIAS\0ADEL:44b7fb44-1a88-42a4-854b-60bddd391577,CN=Deleted
> Objects,DC=mycompany,DC=net!
> Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]:
> Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19
> 20:23:58.059666,  0]
> ../../source4/dsdb/repl/drepl_out_helpers.c:1184(dreplsrv_op_pull_source_apply_changes_trigger)
> Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]:   Failed to commit
> objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>
> Any idea?
>
>
> On Sat, Sep 19, 2020 at 2:27 AM Elias Pereira <empbilly at gmail.com> wrote:
>
>> hello,
>>
>> There is a group in my AD that has a user that does not exist. I can see
>> it via RSAT.
>>
>> By running the command:
>> samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes
>>
>> The following error occurs:
>> Checking 10016 objects
>> WARNING: no target object found for GUID component for one-way forward
>> link member in object CN=ALUNOS,OU=GRUPOS,OU=CAMPUS,DC=mycompany,DC=net -
>> <GUID=44b7fb44-1a88-42a4-854b-60bddd391577>;<RMD_ADDTIME=132010533870000000>;<RMD_CHANGETIME=132449656310000000>;<RMD_FLAGS=1>;<RMD_INVOCID=d6e94e28-0706-4604-8ab8-b22e62fd2a8c>;<RMD_LOCAL_USN=5547941>;<RMD_ORIGINATING_USN=5547941>;<RMD_VERSION=2>;<SID=S-1-5-21-2137976744-3574706186-1594704298-6995>;CN=ISAIAS,OU=ALUNOS,OU=USUARIOS,OU=CAMPUS,DC=mycompany,DC=net
>>
>> If I try to force the synchronization between the 2 ADDC I have, the
>> following error occurs:
>> samba-tool drs replicate DC3 DC4 DC=mycompany,DC=net --full-sync
>>
>> error:
>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
>>
>> Via ldbdel can I remove this "link"?
>>
>> --
>> Elias Pereira
>>
>
Well, you wouldn't be able to delete it, how can you delete something 
that has already been deleted :-)

Try running this:

samba-tool domain tombstones expunge --tombstone-lifetime=1

Rowland

More information about the samba mailing list