[Samba] DRS error after DC reboot

Giuseppe Arvati giuseppe.arvati at gmail.com
Tue Sep 21 06:35:10 UTC 2021 

Hello Rowland,
thank you for your support

Il 20/09/2021 17:49, Rowland Penny via samba ha scritto:

> On Mon, 2021-09-20 at 16:10 +0200, Giuseppe Arvati via samba wrote:
>> hello,
>>
>> after a DC reboot now I have a lot of problem
> Why did you reboot the DC ?
I had to shutdown due to work on power supply cabin. No power for 4 hour 
and my UPS do no stay on for so long time
> Was it updated in some way ?
No. samba was buit from source and no update was made
>
>> The
>> # samba-tool drs showrepl
>> ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
>> dc1piopp.apam-ad.apam.it failed - drsException: DRS connection to
>> dc1piopp.apam-ad.apam.it failed: (32212
>> 25653,
>> '{Device Timeout} The specified I/O operation on %hs was not
>> completed
>> before the time-out period expired.')
>>     File
>> "/usr/local/samba/lib64/python2.7/site-
>> packages/samba/netcmd/drs.py",
>> line 44, in drsuapi_connect
>>       (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions)
>> =
>> drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
>>     File
>> "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py",
>> line 58, in drsuapi_connect
>>       raise drsException("DRS connection to %s failed: %s" % (server,
>> e))
>> failed
>>
>>
>>
>> in the log files there are a lot of NT_STATUS_OBJECT_NAME_NOT_FOUND
>> messages
>>
>> [2021/08/25 03:44:43.332582,  1]
>> ../source3/lib/messages.c:870(send_all_fn)
>>     send_all_fn: messaging_send_buf to 18869 failed:
>> NT_STATUS_OBJECT_NAME_NOT_FOUND
>> [2021/08/25 04:59:43.480768,  1]
>> ../source3/lib/messages.c:870(send_all_fn)
>>     send_all_fn: messaging_send_buf to 22232 failed:
>> NT_STATUS_OBJECT_NAME_NOT_FOUND
>> [2021/08/25 06:14:43.868957,  1]
>> ../source3/lib/messages.c:870(send_all_fn)
>>     send_all_fn: messaging_send_buf to 25739 failed:
>> NT_STATUS_OBJECT_NAME_NOT_FOUND
>> [2021/08/25 06:21:16.457329,  1]
>> ../source3/smbd/oplock.c:382(lease_timeout_handler)
>>     lease break timed out for file
>> apam-ad.apam.it/Policies/{EC3ED1BC-4318-4D0D-B4F6-
>> 8BECB33A8E9F}/Machine/Preferences/Registry/Registry.xml
>> -- replying anyway
>> [2021/08/25 07:29:44.218367,  1]
>> ../source3/lib/messages.c:870(send_all_fn)
>>     send_all_fn: messaging_send_buf to 29242 failed:
>> NT_STATUS_OBJECT_NAME_NOT_FOUND
>> [2021/08/25 08:44:44.650308,  1]
>> ../source3/lib/messages.c:870(send_all_fn)
>>     send_all_fn: messaging_send_buf to 2662 failed:
>> NT_STATUS_OBJECT_NAME_NOT_FOUND
>> [2021/08/25 09:59:44.935850,  1]
>> ../source3/lib/messages.c:870(send_all_fn)
>>     send_all_fn: messaging_send_buf to 8879 failed:
>> NT_STATUS_OBJECT_NAME_NOT_FOUND
>> [2021/08/25 11:14:45.217819,  1]
>> ../source3/lib/messages.c:870(send_all_fn)
>>     send_all_fn: messaging_send_buf to 15966 failed:
>> NT_STATUS_OBJECT_NAME_NOT_FOUND
>> [2021/08/25 12:29:45.624329,  1]
>> ../source3/lib/messages.c:870(send_all_fn)
>>     send_all_fn: messaging_send_buf to 23472 failed:
>> NT_STATUS_OBJECT_NAME_NOT_FOUND
>> [2021/08/25 13:44:45.915203,  1]
>> ../source3/lib/messages.c:870(send_all_fn)
>>     send_all_fn: messaging_send_buf to 30746 failed:
>> NT_STATUS_OBJECT_NAME_NOT_FOUND
>> log.smbd
>>
>> # samba-tool dbcheck
>> Checking 582 objects
>> NOTE: old (due to rename or delete) DN string component for
>> rIDSetReferences in object CN=APAMFS2,CN=Computers,DC=apam-ad,D
>> C=apam,DC=it - CN=RID Set,CN=APAMFS2,OU=Domain
>> Controllers,DC=apam-ad,DC=apam,DC=it
>> Not fixing old string component
>> Checked 582 objects (0 errors)
> You can ignore that, it is appears to refer to a DC that has been
> removed.
True, apamfs2 was demoted some months ago
>
>>
>> After reboot I needed to run a sysvolreset otherwise the logon share
>> was
>> not visible
>>
>> to the client and logon script did not run
>>
>> I think there is something dirty someware but I do not know how to
I think there's something dirty somewhere  but I do not know how to
>> discover it
>>
>> I have two DC but the second one wasn't shut down
>>
>> samba 4.8.8  centoOS 7
> Samba 4.8.8 is very old and is EOL from the Samba point of view.
>
>> smb.conf
>>
>> # Global parameters
>> [global]
>>           dns forwarder = 10.1.1.5
>>           log level = 1
>>           netbios name = DC1PIOPP
>>           realm = APAM-AD.APAM.IT
>>           server role = active directory domain controller
>>           server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>>           username map = /usr/local/samba/etc/user.map
> Why have you got the 'username map' parameter in a DC smb.conf ? What
> does it contain ?
!root = APAM-AD\Administrator
>
>>           workgroup = APAM-AD
>>           idmap_ldb:use rfc2307 = yes
>>
>> [netlogon]
>>           path = /usr/local/samba/var/locks/sysvol/apam-
>> ad.apam.it/scripts
>>           read only = No
>>
>> [sysvol]
>>           path = /usr/local/samba/var/locks/sysvol
>>           read only = No
>>
What can I check ?

Because the DC is a VM I can restore a backup of some days before.

Can be the restore a solution faster/better to solve the problem ?

Thank you

More information about the samba mailing list