[Samba] DRS error after DC reboot

Rowland Penny rpenny at samba.org
Mon Sep 20 15:49:16 UTC 2021 

On Mon, 2021-09-20 at 16:10 +0200, Giuseppe Arvati via samba wrote:
> hello,
> 
> after a DC reboot now I have a lot of problem

Why did you reboot the DC ?
Was it updated in some way ?

> 
> The
> # samba-tool drs showrepl
> ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to 
> dc1piopp.apam-ad.apam.it failed - drsException: DRS connection to 
> dc1piopp.apam-ad.apam.it failed: (32212                          
> 25653, 
> '{Device Timeout} The specified I/O operation on %hs was not
> completed 
> before the time-out period expired.')
>    File 
> "/usr/local/samba/lib64/python2.7/site-
> packages/samba/netcmd/drs.py", 
> line 44, in drsuapi_connect
>      (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions)
> = 
> drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
>    File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", 
> line 58, in drsuapi_connect
>      raise drsException("DRS connection to %s failed: %s" % (server,
> e))
> failed
> 
> 
> 
> in the log files there are a lot of NT_STATUS_OBJECT_NAME_NOT_FOUND
> messages
> 
> [2021/08/25 03:44:43.332582,  1]
> ../source3/lib/messages.c:870(send_all_fn)
>    send_all_fn: messaging_send_buf to 18869 failed: 
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> [2021/08/25 04:59:43.480768,  1]
> ../source3/lib/messages.c:870(send_all_fn)
>    send_all_fn: messaging_send_buf to 22232 failed: 
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> [2021/08/25 06:14:43.868957,  1]
> ../source3/lib/messages.c:870(send_all_fn)
>    send_all_fn: messaging_send_buf to 25739 failed: 
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> [2021/08/25 06:21:16.457329,  1] 
> ../source3/smbd/oplock.c:382(lease_timeout_handler)
>    lease break timed out for file 
> apam-ad.apam.it/Policies/{EC3ED1BC-4318-4D0D-B4F6-
> 8BECB33A8E9F}/Machine/Preferences/Registry/Registry.xml 
> -- replying anyway
> [2021/08/25 07:29:44.218367,  1]
> ../source3/lib/messages.c:870(send_all_fn)
>    send_all_fn: messaging_send_buf to 29242 failed: 
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> [2021/08/25 08:44:44.650308,  1]
> ../source3/lib/messages.c:870(send_all_fn)
>    send_all_fn: messaging_send_buf to 2662 failed: 
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> [2021/08/25 09:59:44.935850,  1]
> ../source3/lib/messages.c:870(send_all_fn)
>    send_all_fn: messaging_send_buf to 8879 failed: 
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> [2021/08/25 11:14:45.217819,  1]
> ../source3/lib/messages.c:870(send_all_fn)
>    send_all_fn: messaging_send_buf to 15966 failed: 
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> [2021/08/25 12:29:45.624329,  1]
> ../source3/lib/messages.c:870(send_all_fn)
>    send_all_fn: messaging_send_buf to 23472 failed: 
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> [2021/08/25 13:44:45.915203,  1]
> ../source3/lib/messages.c:870(send_all_fn)
>    send_all_fn: messaging_send_buf to 30746 failed: 
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> log.smbd
> 
> # samba-tool dbcheck
> Checking 582 objects
> NOTE: old (due to rename or delete) DN string component for 
> rIDSetReferences in object CN=APAMFS2,CN=Computers,DC=apam-ad,D 
> C=apam,DC=it - CN=RID Set,CN=APAMFS2,OU=Domain 
> Controllers,DC=apam-ad,DC=apam,DC=it
> Not fixing old string component
> Checked 582 objects (0 errors)

You can ignore that, it is appears to refer to a DC that has been
removed.

> 
> 
> After reboot I needed to run a sysvolreset otherwise the logon share
> was 
> not visible
> 
> to the client and logon script did not run
> 
> I think there is something dirty someware but I do not know how to 
> discover it
> 
> I have two DC but the second one wasn't shut down
> 
> samba 4.8.8  centoOS 7

Samba 4.8.8 is very old and is EOL from the Samba point of view.

> 
> smb.conf
> 
> # Global parameters
> [global]
>          dns forwarder = 10.1.1.5
>          log level = 1
>          netbios name = DC1PIOPP
>          realm = APAM-AD.APAM.IT
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>          username map = /usr/local/samba/etc/user.map

Why have you got the 'username map' parameter in a DC smb.conf ? What
does it contain ?

>          workgroup = APAM-AD
>          idmap_ldb:use rfc2307 = yes
> 
> [netlogon]
>          path = /usr/local/samba/var/locks/sysvol/apam-
> ad.apam.it/scripts
>          read only = No
> 
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
> 

Rowland

More information about the samba mailing list