[Samba] RODC DomainDnsZones

cn at brain-biotech.de cn at brain-biotech.de
Fri Oct 8 14:26:53 UTC 2021


A view months ago I joind a RODC to our domain. From the commands I have 
run like "samba-tool drs ..." Everything seemed fine:

DC=DomainDnsZones,DC=hq,DC=domain,DC=de
	DMZ\RODC via RPC
		DSA object GUID: 50e4a341-c677-4562-a055-cefd7686ce68
		Last attempt @ Fri Oct  8 15:51:56 2021 CEST was successful
		0 consecutive failure(s).
		Last success @ Fri Oct  8 15:51:56 2021 CEST


 From the DC replicating to the rodc. ALso on the rodc there was nothing 
that continuously failed when running those commands.

In the logs however I see these:

Okt 08 15:53:06 rodc.hq.domain.de samba[1573]:   Failed to apply 
records: Conflict adding object 
'DC=LX-SV-02,DC=hq.domain.de,CN=MicrosoftDNS,DC=DomainDnsZones,DC=hq,DC=domain,DC=de' 
from incoming replication but we are read only for the partition.

But since the commands to check replication where OK I didn't think 
about it much.

Now I looked at it some more and noticed that the whole DomainDnsZones 
partition is out of sync. The other partitions are fine.

If I try to force replication I see this:


samba-tool drs replicate rodc dc2 
DC=DomainDnsZones,DC=hq,DC=domain,DC=de --full-sync
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - 
drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
   File "/usr/lib64/python3.6/site-packages/samba/netcmd/drs.py", line 
571, in run
     drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, 
source_dsa_guid, NC, req_options)
   File "/usr/lib64/python3.6/site-packages/samba/drs_utils.py", line 
92, in sendDsReplicaSync
     raise drsException("DsReplicaSync failed %s" % estr)


And on the rodc I see the above "Conflict adding object " error again. 
Does anyone how the resync from scratch?

I also have abut 2000 expired tombstones on the RODC that won't go away.

Regards

Christian

-- 
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

BRAIN Biotech AG
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen



More information about the samba mailing list