[Samba] Replication between Samba DCs (on different sites)?
Michael Tokarev
mjt at tls.msk.ru
Mon Nov 14 20:21:05 UTC 2022
14.11.2022 20:45, Kris Lou via samba пишет:
>>> I'm trying to create another VM, with a 3rd DC, to see if having a
>>> DC in the same site will help...
>>
>> So, I created a second DC on the same Site as our first DC. And
>> it instantly enabled and activated replication, samba-tool drs showrepl
>> shows active connections between the two DCs, and changes made on one
>> of the DCs becomes immediately visible on the other.
>>
>> But the replication between two DCs in diferent sites does not seem to
>> be enabled. What is the way to enable it?
>
> Are AD Sites configured? If so, I believe that individual links also need
> to be specified between the sites.
Ok. It looks like the transport works, or appears to. But the replication doesn't.
On one side/site, it shows:
SVDCP# samba-tool drs showrepl
Pereslavl-Office\SVDCP
DSA Options: 0x00000001
DSA object GUID: 59c9c7d7-d099-4191-a322-7f03403988a4
DSA invocationId: 843ecc66-03a4-43dd-816e-b9d242b4a3d9
==== INBOUND NEIGHBORS ====
DC=tls,DC=msk,DC=ru
Moscow-Office\AI via RPC
DSA object GUID: 91a56cbe-38b3-493c-b132-d1042d0aa021
Last attempt @ Mon Nov 14 23:07:31 2022 MSK was successful
0 consecutive failure(s).
Last success @ Mon Nov 14 23:07:31 2022 MSK
...
==== OUTBOUND NEIGHBORS ====
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: AI
Enabled : TRUE
Server DNS name : ai.tls.msk.ru
Server DN name : CN=NTDS Settings,CN=AI,CN=Servers,CN=Moscow-Office,CN=Sites,CN=Configuration,DC=tls,DC=msk,DC=ru
TransportType: RPC
options: 0x00000000
Warning: No NC replicated for Connection!
Connection --
Connection name: be0ce147-739a-4725-aaa2-33686eee44cb
Enabled : TRUE
Server DNS name : ai.tls.msk.ru
Server DN name : CN=NTDS Settings,CN=AI,CN=Servers,CN=Moscow-Office,CN=Sites,CN=Configuration,DC=tls,DC=msk,DC=ru
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
which looks promising (the dots ".." shows similar entries for 4 other
partitions).
But on the other side, it does not:
AI# samba-tool drs showrepl
Moscow-Office\AI
DSA Options: 0x00000001
DSA object GUID: 91a56cbe-38b3-493c-b132-d1042d0aa021
DSA invocationId: 1cf73086-45c7-434e-a078-775c7f52bb0a
==== INBOUND NEIGHBORS ====
DC=tls,DC=msk,DC=ru
Pereslavl-Office\SVDCP via RPC
DSA object GUID: 59c9c7d7-d099-4191-a322-7f03403988a4
Last attempt @ Mon Nov 14 23:09:48 2022 MSK failed, result 2 (WERR_FILE_NOT_FOUND)
6 consecutive failure(s).
Last success @ NTTIME(0)
...
==== OUTBOUND NEIGHBORS ====
DC=tls,DC=msk,DC=ru
Pereslavl-Office\SVDCP via RPC
DSA object GUID: 59c9c7d7-d099-4191-a322-7f03403988a4
Last attempt @ Mon Nov 14 23:12:34 2022 MSK failed, result 2 (WERR_FILE_NOT_FOUND)
1 consecutive failure(s).
Last success @ NTTIME(0)
...
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: SVDCP
Enabled : TRUE
Server DNS name : svdcp.tls.msk.ru
Server DN name : CN=NTDS Settings,CN=SVDCP,CN=Servers,CN=Pereslavl-Office,CN=Sites,CN=Configuration,DC=tls,DC=msk,DC=ru
TransportType: RPC
options: 0x00000000
Warning: No NC replicated for Connection!
It is interesting the first one shows only inbound connections, all
successful, while the other shows both, and all unsuccessful.
I don't see what to do with these now..
Which file it can't find, where to look for any clues?
I tried 'samba-tool drs replicate' manually on AI, but it also shows this
error:
AI# samba-tool drs replicate ai svdcp 'CN=Configuration,DC=tls,DC=msk,DC=ru'
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND')
File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
Re-creating the second DC gives the same results.
Where to come from here, how to debug this?
Thanks!
/mjt
More information about the samba
mailing list