[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Stefan G. Weichinger
lists at xunil.at
Thu Nov 24 08:32:24 UTC 2022
Am 24.11.22 um 09:12 schrieb Stefan G. Weichinger via samba:
> Should I demote adc1 again?
>
> The procedure with "samba-tool domain demote" failed before .. maybe I
> have to demote it from adc2 again.
>
> # samba-tool domain demote -U Administrator
> Using adc2.arbeitsgruppe.my.tld as partner server for the demotion
> Password for [ARBEITSGRUPPE\Administrator]:
> Deactivating inbound replication
> Asking partner server adc2.arbeitsgruppe.my.tld to synchronize from us
> Error while replicating out last local changes from
> 'CN=Schema,CN=Configuration,DC=arbeitsgruppe,DC=ikw-amstetten,DC=at' for
> demotion, re-enabling inbound replication
> ERROR(<class 'samba.WERRORError'>): Error while sending a DsReplicaSync
> for partition
> 'CN=Schema,CN=Configuration,DC=arbeitsgruppe,DC=ikw-amstetten,DC=at' -
> (31, 'WERR_GEN_FAILURE')
> File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line
> 860, in run
> drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1)
seeing this on adc1:
# tail log.samba
[2022/11/24 09:31:35.847095, 1]
../../source4/auth/gensec/gensec_gssapi.c:791(gensec_gssapi_update_internal)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Decrypt integrity check failed for checksum type
hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
[2022/11/24 09:31:35.906647, 1]
../../source4/auth/gensec/gensec_gssapi.c:791(gensec_gssapi_update_internal)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Decrypt integrity check failed for checksum type
hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
More information about the samba
mailing list