[Samba] How to determine DNS anomaly
Hakim Liso
liso at frauenarzt.gmbh
Tue May 10 07:29:48 UTC 2022
Hello
Ldapcmd got me Closer.
resolve_lmhosts: Attempting lmhosts lookup for name dc01<0x20>
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Password for [my\administrator]:
resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
* Comparing [CONFIGURATION] context...
* DNs found only in ldap://dc01:
CN=dc02,CN=NTDS SETTINGS,CN=dc01,CN=SERVERS,CN=loc1,CN=SITES,CN=CONFI
* DNs found only in ldap://dc02:
CN=1C2E8F02-9175-4E72-AEF0-E9C5F1644072,CN=NTDS SETTINGS,CN=dc01,CN=SERVERS,
* Objects to be compared: 1629
Comparing:
'CN=NTDS SITE SETTINGS,CN=loc2,CN=SITES,CN=CONFIGURATION,DC=my,DC=domain'
'CN=NTDS SITE SETTINGS,CN=loc2,CN=SITES,CN=CONFIGURATION,DC=my,DC=domain'
Difference in attribute values:
interSiteTopologyGenerator =>
[b'CN=NTDS Settings\\0ADEL:4bbda5e7-f07e-4748-9f01-3742c9839bda,CN=dc02\\0ADEL:0ntern']
[b'CN=NTDS Settings,CN=dc02,CN=Servers,CN=loc2,CN=Sites,CN=Configuration,
FAILED
* Result for [CONFIGURATION]: FAILURE
SUMMARY
---------
Attributes with different values:
interSiteTopologyGenerator
ERROR: Compare failed: -1
Those seem to be the source of error.
Can i manually update them? Im worried i’ll end up worse if i try.
Greetings
Von: Hakim Liso via samba
Gesendet: Montag, 9. Mai 2022 15:25
An: samba at lists.samba.org
Betreff: Re: [Samba] How to determine DNS anomaly
Hello im not sure if the mail arrived. So here i go.
Good Morning,
luckily there is the delete empty lines option in np++.
The Network config you mentioned is the same exact i had when i contacted the list actually.
I really felt that „yeah, again..“.
Looking at the 192.168.50.1 (Site1 Gateway) as Default route for both, im guessing you copied it?
Im actually not sure if the Default route is supposed or required anyways.
I’ve done the mentioned changes and a dbcheck doesnt throw any Errors. The replication still doesnt seem to be working properly though.
DC01 Showrepl
Location1\dc01
DSA Options: 0x00000001
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
DSA invocationId: 4acdfe5f-21fc-44cb-92df-e2ce461b2594
==== INBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=my,DC=domain
Location2\dc02 via RPC
DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
Last attempt @ Wed May 4 13:06:12 2022 CEST failed, result 64 (WERR_NETNAME_DELETED)
1 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
Location2\dc02 via RPC
DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
Last attempt @ Fri May 6 15:49:39 2022 CEST failed, result 64 (WERR_NETNAME_DELETED)
1 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ Mon May 9 08:49:06 2022 CEST was successful
0 consecutive failure(s).
Last success @ Mon May 9 08:49:06 2022 CEST
DC=ForestDnsZones,DC=my,DC=domain
Location2\dc02 via RPC
DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ Mon May 9 08:47:46 2022 CEST was successful
0 consecutive failure(s).
Last success @ Mon May 9 08:47:46 2022 CEST
CN=Schema,CN=Configuration,DC=my,DC=domain
Location2\dc02 via RPC
DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ Mon May 9 08:50:22 2022 CEST was successful
0 consecutive failure(s).
Last success @ Mon May 9 08:50:22 2022 CEST
DC=my,DC=domain
Location2\dc02 via RPC
DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ Mon May 9 08:51:21 2022 CEST was successful
0 consecutive failure(s).
Last success @ Mon May 9 08:51:21 2022 CEST
==== OUTBOUND NEIGHBORS ====
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 1c2e8f02-9175-4e72-aef0-e9c5f1644072
Enabled : TRUE
Server DNS name : dc02.my.domain
Server DN name : CN=NTDS Settings,CN=dc02,CN=Servers,CN=Location2,CN=Sites,CN=Configuration,DC=my,DC=domain
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
DC02 Showrepl
Location1\dc01
DSA Options: 0x00000001
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
DSA invocationId: 4acdfe5f-21fc-44cb-92df-e2ce461b2594
==== INBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=my,DC=domain
Location2\dc02 via RPC
DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
Last attempt @ Fri May 6 15:16:35 2022 CEST failed, result 2 (WERR_FILE_NOT_FOUND)
1 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
Location2\dc02 via RPC
DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
Last attempt @ Fri May 6 15:17:15 2022 CEST failed, result 2 (WERR_FILE_NOT_FOUND)
1 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ Mon May 9 08:45:26 2022 CEST failed, result 8453 (WERR_DS_DRA_ACCESS_DENIED)
2 consecutive failure(s).
Last success @ Mon May 9 08:45:26 2022 CEST
DC=ForestDnsZones,DC=my,DC=domain
Location2\dc02 via RPC
DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
Last attempt @ Fri May 6 15:16:55 2022 CEST failed, result 2 (WERR_FILE_NOT_FOUND)
1 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
Location2\dc02 via RPC
DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ Mon May 9 08:45:54 2022 CEST failed, result 8453 (WERR_DS_DRA_ACCESS_DENIED)
1 consecutive failure(s).
Last success @ Mon May 9 08:45:54 2022 CEST
DC=my,DC=domain
Location2\dc02 via RPC
DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ Mon May 9 08:46:21 2022 CEST failed, result 8453 (WERR_DS_DRA_ACCESS_DENIED)
1 consecutive failure(s).
Last success @ Mon May 9 08:46:21 2022 CEST
==== OUTBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=my,DC=domain
Location1\dc01 via RPC
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 1c2e8f02-9175-4e72-aef0-e9c5f1644072
Enabled : TRUE
Server DNS name : dc02.my.domain
Server DN name : CN=NTDS Settings,CN=dc02,CN=Servers,CN=Location2,CN=Sites,CN=Configuration,DC=my,DC=domain
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection
drs replicate dc02 dc01 dc=my, DC=domain gives
sudo samba-tool drs replicate dc02 dc01 DC=my,DC=domain
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:dc02[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (8453, 'WERR_DS_DRA_ACCESS_DENIED')
File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 577, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
Thanks in Advance
Greetings
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list