[Samba] problems with sysvol after fsmo transfer

Thorsten Marquardt Marquardt at koehler-bracht.de
Thu Jan 12 10:53:20 UTC 2023


Thank you so far. But unfortunately I could not fix the problems. So I 
decided to start over again at a situation where all the fsmo roles 
resides on the old controller.

Here is a transcript of what I did and the errors reported:

The inititial position

srv-kb-dc1:~ # samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
InfrastructureMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
RidAllocationMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
PdcEmulationMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
DomainNamingMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
DomainDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
ForestDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...

srv-kb-dc1:~ # nslookup -querytype=srv _ldap._tcp.pdc._msdcs.my.local.dom
Server:         192.168.1.243
Address:        192.168.1.243#53

_ldap._tcp.pdc._msdcs.my.local.dom  service = 0 100 389 
srv-kb-primdc.my.local.dom.


Attempt no. 1

srv-kb-dc1:~ # samba-tool fsmo transfer --role=all -k yes -Uadministrator

FSMO transfer of 'rid' role successful
ERROR: Transfer of 'pdc' role failed: Failed FSMO transfer: 
NT_STATUS_IO_TIMEOUT

srv-kb-dc1:~ # nslookup -querytype=srv _ldap._tcp.pdc._msdcs.my.local.dom
Server:         192.168.1.243
Address:        192.168.1.243#53

_ldap._tcp.pdc._msdcs.my.local.dom  service = 0 100 389 
srv-kb-primdc.my.local.dom.

srv-kb-dc1:~ # samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
InfrastructureMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
RidAllocationMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
PdcEmulationMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
DomainNamingMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
DomainDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
ForestDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...

Although I get the timeout error the pdc role appears to have been 
transferred.

So I tried again

Attempt no. 2

srv-kb-dc1:~ # samba-tool fsmo transfer --role=all -k yes -Uadministrator
This DC already has the 'rid' FSMO role
This DC already has the 'pdc' FSMO role
FSMO transfer of 'naming' role successful
ERROR: Transfer of 'infrastructure' role failed: Failed FSMO transfer: 
NT_STATUS_IO_TIMEOUT

srv-kb-dc1:~ # nslookup -querytype=srv _ldap._tcp.pdc._msdcs.my.local.dom
Server:         192.168.1.243
Address:        192.168.1.243#53

_ldap._tcp.pdc._msdcs.my.local.dom  service = 0 100 389 
srv-kb-primdc.my.local.dom.
_ldap._tcp.pdc._msdcs.my.local.dom  service = 0 100 389 
srv-kb-dc1.my.local.dom.

srv-kb-dc1:~ # samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
InfrastructureMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
RidAllocationMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
PdcEmulationMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
DomainNamingMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
DomainDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...
ForestDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...

This time I get a second entry for _ldap._tcp.pdc._msdcs.my.local.dom 
and again despite of the timeout the role seams to have been transferred.

The next attempt:

srv-kb-dc1:~ # samba-tool fsmo transfer --role=all -k yes -Uadministrator
This DC already has the 'rid' FSMO role
This DC already has the 'pdc' FSMO role
This DC already has the 'naming' FSMO role
This DC already has the 'infrastructure' FSMO role
FSMO transfer of 'schema' role successful
Password for [KOBRA\administrator]:
ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'module' 
object has no attribute 'drs_utils'
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", 
line 176, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/fsmo.py", line 
515, in run
     "domaindns", samdb)
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/fsmo.py", line 
129, in transfer_dns_role
     except samba.drs_utils.drsException, e:

srv-kb-dc1:~ # samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
InfrastructureMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
RidAllocationMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
PdcEmulationMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
DomainNamingMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
DomainDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
ForestDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...



After this run only the ForestDnsZonesMasterRole stays on the old server

The final attempt

srv-kb-dc1:~ # samba-tool fsmo transfer --role=all -k yes -Uadministrator
This DC already has the 'rid' FSMO role
This DC already has the 'pdc' FSMO role
This DC already has the 'naming' FSMO role
This DC already has the 'infrastructure' FSMO role
This DC already has the 'schema' FSMO role
This DC already has the 'domaindns' FSMO role
Password for [KOBRA\administrator]:
ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'module' 
object has no attribute 'drs_utils'
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", 
line 176, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/fsmo.py", line 
517, in run
     samdb)
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/fsmo.py", line 
129, in transfer_dns_role
     except samba.drs_utils.drsException, e:
srv-kb-dc1:~ # samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
InfrastructureMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
RidAllocationMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
PdcEmulationMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
DomainNamingMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
DomainDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...
ForestDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Fi...

Seemingly all looks fine now but obviously it isn't. Perhaps I should 
have stumbled over the timeouts I got.


I don't wont to run a

samba-tool fsmo seize

bevor I have a running environment with the new domain controller doing 
its job.




More information about the samba mailing list