[Samba] Replication is broken due to Bind DNS resolution
Zombie Ryushu
zombie_ryushu at yahoo.com
Wed Jun 8 09:59:33 UTC 2022
On 6/8/22 05:53, L. van Belle via samba wrote:
> Which server is the best of the 3?
> move the FSMO roles (* for now) to that server. I suggest SERENITY.
>
> Test in order, en repeat that in every test, exact same order..
> 1) SERENITY
> 2) OLYMPIA
> 3) KEFA
>
> This is I think the best server order.
>
> How is the replication between SERENITY and OLYMPIA, are these good.
> if these don’t show errors then that’s your new base.
>
> so, most looks ok, do the following.
>
> Remove KEFA from AD domain.
> Steps :
> https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
>
> After its removed, you need to verify/use ldapsearch to check if all A and PTR and names are gone.
> only and only your sure, its all going.
>
> Change the /etc/resolv.conf and point it to SERENITY
> now, Reprovison it.
>
> That should do it.
>
> The key thing, be sure all old entries are gone and removed and tripple checked.
>
> How that it helps for you.
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba<samba-bounces at lists.samba.org> Namens Zombie Ryushu via
>> samba
>> Verzonden: woensdag 8 juni 2022 11:09
>> Aan:samba at lists.samba.org
>> Onderwerp: Re: [Samba] Replication is broken due to Bind DNS resolution
>>
>> On 6/8/22 05:03, Zombie Ryushu via samba wrote:
>>> On 6/8/22 04:31, L. van Belle via samba wrote:
>>>> No, Samba Replication is not broken due to Bind DNS resolution.
>>>> its broken because of a outdated and/or failty setup, but your close
>>>> now to the fix.
>>>>
>>>> on all servers, run :
>>>> samba-tool drs showrepl
>>>> and
>>>> samba-tool dbcheck --cross-nc
>>>> and fix it all.
>>>>
>>>> this server : > c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey.
>>>> 900 IN CNAME kefka.pukey.
>>>> its missing in sites and services,
>>>>
>>>> * most probley due other servers being turned off, scaveing, don’t
>>>> know, your thread is hard to follow you need to readd it.
>>>>
>>>> So, I don’t know if you use the RSAT windows tools, goto "Active
>>>> Directry Sites and Services"
>>>> Your missing a server there, re-add it, I don’t know the CLI for
>>>> that, never used it.
>>>>
>>>> Then as last, find the best "working server, and then push that
>>>> database to the other DC's.
>>>> reboot the other server ( not the best working ) and check
>>>> replication again.
>>>>
>>>> I hope this helps a bit.
>>>>
>>>> Greetz,
>>>>
>>>> Louis
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> -----Oorspronkelijk bericht-----
>>>>> Van: samba<samba-bounces at lists.samba.org> Namens Zombie Ryushu
>> via
>>>>> samba
>>>>> Verzonden: woensdag 8 juni 2022 03:33
>>>>> Aan:samba at lists.samba.org
>>>>> Onderwerp: [Samba] Replication is broken due to Bind DNS resolution
>>>>>
>>>>> _msdcs.pukey. 900 IN NS
>>>>> kefka.pukey.
>>>>> 602bdd9f-a9a0-411d-9f1b-04a63ea93653._msdcs.pukey. 900 IN CNAME
>>>>> serenity.pukey.
>>>>> c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. 900 IN CNAME
>>>>> kefka.pukey.
>>>>> d02fb6d3-feec-46ec-bcb1-dad7bdd64e27._msdcs.pukey. 900 IN CNAME
>>>>> olympia.pukey.
>>>>>
>>>>> dig CNAME c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey.
>>>>>
>>>>> ; <<>> DiG 9.16.6 <<>> CNAME
>>>>> c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey.
>>>>> ;; global options: +cmd
>>>>> ;; Got answer:
>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22640 ;; flags:
>>>>> qr rd
>>>>> ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>>>
>>>>> ;; OPT PSEUDOSECTION:
>>>>> ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE:
>>>>> 95959d4651f663c701000000629ffbe2c34562879fb6e153 (good) ;;
>> QUESTION
>>>>> SECTION:
>>>>> ;c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. IN CNAME
>>>>>
>>>>> ;; Query time: 31 msec
>>>>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>>>>> ;; WHEN: Tue Jun 07 21:31:14 EDT 2022 ;; MSG SIZE rcvd: 106
>>>>>
>>>>> This problem recently showed up.
>>>>>
>>>>>
>>>>> DC=pukey
>>>>> Default-First-Site-Name\KEFKA via RPC
>>>>> DSA object GUID:
>>>>> c0ad4d18-ce25-4198-8e21-694c0727fecf
>>>>> Last attempt @ Tue Jun 7 21:30:34 2022 EDT failed,
>>>>> result 2
>>>>> (WERR_FILE_NOT_FOUND)
>>>>> 173 consecutive failure(s).
>>>>> Last success @ Tue Jun 7 07:08:36 2022 EDT
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions:https://lists.samba.org/mailman/options/samba
>>> I did manage to fix the errors but replication and wbinfo isn't
>>> working still.
>>>
>>>
>> There are no Windows PCs on my network.
>>
>> # samba-tool drs showrepl
>> Default-First-Site-Name\KEFKA
>> DSA Options: 0x00000001
>> DSA object GUID: c0ad4d18-ce25-4198-8e21-694c0727fecf
>> DSA invocationId: 1d62f06e-5929-482d-8daf-2e0e9c720498
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> DC=DomainDnsZones,DC=pukey
>> Default-First-Site-Name\SERENITY via RPC
>> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653
>> Last attempt @ Wed Jun 8 05:04:35 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 207 consecutive failure(s).
>> Last success @ Sun Jun 5 20:46:34 2022 EDT
>>
>> DC=DomainDnsZones,DC=pukey
>> Default-First-Site-Name\OLYMPIA via RPC
>> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27
>> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 508 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=pukey
>> Default-First-Site-Name\SERENITY via RPC
>> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653
>> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 207 consecutive failure(s).
>> Last success @ Sun Jun 5 20:46:35 2022 EDT
>>
>> DC=pukey
>> Default-First-Site-Name\OLYMPIA via RPC
>> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27
>> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 505 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=pukey
>> Default-First-Site-Name\SERENITY via RPC
>> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653
>> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 207 consecutive failure(s).
>> Last success @ Sun Jun 5 20:46:35 2022 EDT
>>
>> DC=ForestDnsZones,DC=pukey
>> Default-First-Site-Name\OLYMPIA via RPC
>> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27
>> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 506 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=pukey
>> Default-First-Site-Name\SERENITY via RPC
>> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653
>> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 206 consecutive failure(s).
>> Last success @ Sun Jun 5 20:46:35 2022 EDT
>>
>> CN=Configuration,DC=pukey
>> Default-First-Site-Name\OLYMPIA via RPC
>> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27
>> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 506 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=pukey
>> Default-First-Site-Name\SERENITY via RPC
>> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653
>> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 206 consecutive failure(s).
>> Last success @ Sun Jun 5 20:46:36 2022 EDT
>>
>> CN=Schema,CN=Configuration,DC=pukey
>> Default-First-Site-Name\OLYMPIA via RPC
>> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27
>> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 511 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> DC=DomainDnsZones,DC=pukey
>> Default-First-Site-Name\SERENITY via RPC
>> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653
>> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 12112 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=pukey
>> Default-First-Site-Name\SERENITY via RPC
>> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653
>> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 12106 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=pukey
>> Default-First-Site-Name\SERENITY via RPC
>> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653
>> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 12111 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=pukey
>> Default-First-Site-Name\SERENITY via RPC
>> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653
>> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 12105 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=pukey
>> Default-First-Site-Name\SERENITY via RPC
>> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653
>> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2
>> (WERR_FILE_NOT_FOUND)
>> 12101 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> ==== KCC CONNECTION OBJECTS ====
>>
>> Connection --
>> Connection name: 4e81be67-ab19-482d-8985-c420b4003b32
>> Enabled : TRUE
>> Server DNS name : olympia.pukey
>> Server DN name : CN=NTDS
>> Settings,CN=OLYMPIA,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=pukey
>> TransportType: RPC
>> options: 0x00000001
>> Warning: No NC replicated for Connection!
>> Connection --
>> Connection name: 1242565f-0730-4a91-992e-cf62266af8fb
>> Enabled : TRUE
>> Server DNS name : serenity.pukey
>> Server DN name : CN=NTDS
>> Settings,CN=SERENITY,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=pukey
>> TransportType: RPC
>> options: 0x00000001
>> Warning: No NC replicated for Connection!
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:https://lists.samba.org/mailman/options/samba
>
#samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey
# samba-tool domain demote
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using olympia.pukey as partner server for the demotion
Using binding ncacn_ip_tcp:olympia.pukey[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name olympia.pukey<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name olympia.pukey<0x20>
Deactivating inbound replication
Asking partner server olympia.pukey to synchronize from us
Error while replicating out last local changes from
'CN=Schema,CN=Configuration,DC=pukey' for demotion, re-enabling inbound
replication
ERROR(<class 'samba.WERRORError'>): Error while sending a DsReplicaSync
for partition 'CN=Schema,CN=Configuration,DC=pukey' - (2,
'WERR_FILE_NOT_FOUND')
File "/usr/lib64/python3.6/site-packages/samba/netcmd/domain.py",
line 826, in run
drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1)
Samba does not handle DNS, Bind does.
More information about the samba
mailing list