[Samba] How to determine DNS anomaly
Hakim Liso
liso at frauenarzt.gmbh
Tue May 10 14:51:51 UTC 2022
I am replying to the list aint i?
Okay thats it. I’ve properly rejoined – but i had to remove some dc02 entries by Hand after demoting, trying to get guid also threw errors – and now its working. Demoted, Removed NS, Joined samba, reboot.
samba-tool domain join my.domain DC -U"MY\administrator" --dns-backend=SAMBA_INTERNAL --option="dns forwarder=8.8.8.8" --site=Location2 --option='idmap_ldb:use rfc2307 = yes'
Actually had the case that site2 Clients got an error while trying to gpupdate but a dbcheck –cross-nc –fix got that Right as im typing.
Up and Running.
Thanks for your Support
Greetings
Von: L. van Belle via samba
Gesendet: Dienstag, 10. Mai 2022 09:34
An: samba at lists.samba.org
Betreff: Re: [Samba] How to determine DNS anomaly
Good morning,
* replied on previous messag below also.. and last mail..
----------------------------------------------
trying to repl the dcs with ldap, tells me that there is no ldap entry for
dc02
confirmed by
user at dc01:~$ nslookup
> set type=SRV
> _ldap._tcp.my.domain
Server: 192.168.50.11
Address: 192.168.50.11#53
_ldap._tcp.my.domain service = 0 100 389 dc01.my.domain.
Both dcs reply with NXDOMAIN on
administrator at dc02:~$ nslookup 10.0.1.9
if that narrows down the source of the error.
Can i simply manually add the entry and zone?
Greetings
----------------------------------------------
you can do that, but you might miss more here.
I recommend you remove that server from DNS and AD and re-add it.
Before you re-add it, make sure you set the DNS name server of the other DC
first.
after a join, reboot and check, you switch these entries again.
Yes, you can manualy add them also, you and try and see if it works, but it
can bite you later on.
Like, I don’t know but somehow I lost my PDC record..
_ldap._tcp.pdc._msdcs.my.domain.tld
I have re-added it, after a very good cleanup dns tool and ADUC and with
ADSi editor.
but I do notice, that, if I now want to move the FSMO role PDC.. its not
moved.
I have todo that manually atm, but not that its needed..
So, try above, and see of that works for you.
Greetz,
Louis
And, please, reply to the list.
> -----Oorspronkelijk bericht-----
> Van: samba Namens Hakim Liso via samba
> Verzonden: maandag 9 mei 2022 15:20
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] How to determine DNS anomaly
>
> Hello im not sure if the mail arrived. So here i go.
>
> Good Morning,
>
> luckily there is the delete empty lines option in np++.
> The Network config you mentioned is the same exact i had when i contacted
> the list actually.
> I really felt that „yeah, again..“.
> Looking at the 192.168.50.1 (Site1 Gateway) as Default route for both, im
> guessing you copied it?
yes, I copied that..
> Im actually not sure if the Default route is supposed or required anyways.
required, No, only if you need it.
> I’ve done the mentioned changes and a dbcheck doesnt throw any Errors.
> The replication still doesnt seem to be working properly though.
>
> DC01 Showrepl
>
> Location1\dc01
> DSA Options: 0x00000001
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> DSA invocationId: 4acdfe5f-21fc-44cb-92df-e2ce461b2594
> ==== INBOUND NEIGHBORS ====
> DC=DomainDnsZones,DC=my,DC=domain
> Location2\dc02 via RPC
> DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
> Last attempt @ Wed May 4 13:06:12 2022 CEST failed,
result 64
> (WERR_NETNAME_DELETED)
> 1 consecutive failure(s).
> Last success @ NTTIME(0) CN=Configuration,DC=my,DC=domain
> Location2\dc02 via RPC
> DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
> Last attempt @ Fri May 6 15:49:39 2022 CEST failed,
result 64
> (WERR_NETNAME_DELETED)
> 1 consecutive failure(s).
> Last success @ NTTIME(0) CN=Configuration,DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ Mon May 9 08:49:06 2022 CEST was
successful
> 0 consecutive failure(s).
> Last success @ Mon May 9 08:49:06 2022 CEST
> DC=ForestDnsZones,DC=my,DC=domain
> Location2\dc02 via RPC
> DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0) DC=ForestDnsZones,DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ Mon May 9 08:47:46 2022 CEST was
successful
> 0 consecutive failure(s).
> Last success @ Mon May 9 08:47:46 2022 CEST
> CN=Schema,CN=Configuration,DC=my,DC=domain
> Location2\dc02 via RPC
> DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
> CN=Schema,CN=Configuration,DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ Mon May 9 08:50:22 2022 CEST was
successful
> 0 consecutive failure(s).
> Last success @ Mon May 9 08:50:22 2022 CEST
DC=my,DC=domain
> Location2\dc02 via RPC
> DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0) DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ Mon May 9 08:51:21 2022 CEST was
successful
> 0 consecutive failure(s).
> Last success @ Mon May 9 08:51:21 2022 CEST ==== OUTBOUND
> NEIGHBORS ==== ==== KCC CONNECTION OBJECTS ==== Connection --
> Connection name: 1c2e8f02-9175-4e72-aef0-e9c5f1644072
> Enabled : TRUE
> Server DNS name : dc02.my.domain
> Server DN name : CN=NTDS
> Settings,CN=dc02,CN=Servers,CN=Location2,CN=Sites,CN=Configuration,DC
> =my,DC=domain
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
> DC02 Showrepl
>
> Location1\dc01
> DSA Options: 0x00000001
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> DSA invocationId: 4acdfe5f-21fc-44cb-92df-e2ce461b2594
> ==== INBOUND NEIGHBORS ====
> DC=DomainDnsZones,DC=my,DC=domain
> Location2\dc02 via RPC
> DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
> Last attempt @ Fri May 6 15:16:35 2022 CEST failed,
result 2
> (WERR_FILE_NOT_FOUND)
> 1 consecutive failure(s).
> Last success @ NTTIME(0) CN=Configuration,DC=my,DC=domain
> Location2\dc02 via RPC
> DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
> Last attempt @ Fri May 6 15:17:15 2022 CEST failed,
result 2
> (WERR_FILE_NOT_FOUND)
> 1 consecutive failure(s).
> Last success @ NTTIME(0) CN=Configuration,DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ Mon May 9 08:45:26 2022 CEST failed,
result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 2 consecutive failure(s).
> Last success @ Mon May 9 08:45:26 2022 CEST
> DC=ForestDnsZones,DC=my,DC=domain
> Location2\dc02 via RPC
> DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
> Last attempt @ Fri May 6 15:16:55 2022 CEST failed,
result 2
> (WERR_FILE_NOT_FOUND)
> 1 consecutive failure(s).
> Last success @ NTTIME(0)
> CN=Schema,CN=Configuration,DC=my,DC=domain
> Location2\dc02 via RPC
> DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
> CN=Schema,CN=Configuration,DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ Mon May 9 08:45:54 2022 CEST failed,
result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 1 consecutive failure(s).
> Last success @ Mon May 9 08:45:54 2022 CEST
DC=my,DC=domain
> Location2\dc02 via RPC
> DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0) DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ Mon May 9 08:46:21 2022 CEST failed,
result 8453
> (WERR_DS_DRA_ACCESS_DENIED)
> 1 consecutive failure(s).
> Last success @ Mon May 9 08:46:21 2022 CEST ==== OUTBOUND
> NEIGHBORS ==== DC=DomainDnsZones,DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0) CN=Configuration,DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0) DC=ForestDnsZones,DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
> CN=Schema,CN=Configuration,DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0) DC=my,DC=domain
> Location1\dc01 via RPC
> DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS ====
> Connection --
> Connection name: 1c2e8f02-9175-4e72-aef0-e9c5f1644072
> Enabled : TRUE
> Server DNS name : dc02.my.domain
> Server DN name : CN=NTDS
> Settings,CN=dc02,CN=Servers,CN=Location2,CN=Sites,CN=Configuration,DC
> =my,DC=domain
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection
>
> drs replicate dc02 dc01 dc=my, DC=domain gives
>
> sudo samba-tool drs replicate dc02 dc01 DC=my,DC=domain ldb_wrap open
> of secrets.ldb GENSEC backend 'gssapi_spnego' registered GENSEC backend
> 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-
> EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend
> 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate'
> registered GENSEC backend 'krb5' registered GENSEC backend
> 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:dc02[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (8453, 'WERR_DS_DRA_ACCESS_DENIED')
> File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 577, in
> run
> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
> File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92, in
> sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
>
> Thanks in Advance
>
> Greetings
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list