[Samba] Unable to "rejoin" existing DC after upgrade (infamous WERR_FILE_NOT_FOUND)
Fabrizio Rompani
fabrizio.rompani at yetopen.com
Thu Mar 9 14:09:56 UTC 2023
----- Messaggio originale -----
Da: "Rowland Penny via samba" <samba at lists.samba.org>
A: "samba" <samba at lists.samba.org>
Cc: "Rowland Penny" <rpenny at samba.org>
Inviato: Mercoledì, 8 marzo 2023 18:39:22
Oggetto: Re: [Samba] Unable to "rejoin" existing DC after upgrade (infamous WERR_FILE_NOT_FOUND)
On 08/03/2023 17:09, Fabrizio Rompani via samba wrote:
>
> yes , after join completed .
> error is trigged with the command :
>
> root at landc:~# samba-tool drs showrepl --summary
> There are failing connections
> Failing outbound connections:
> CN=Configuration,DC=domain,DC=lan
> Default-First-Site-Name\NEXTCLOUD via RPC
> DSA object GUID: 3fa4ff9a-7fdc-4912-ad73-08b98f6bf347
> Last attempt @ Wed Mar 8 17:30:23 2023 CET failed, result 2 (WERR_FILE_NOT_FOUND)
> 4 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=domain,DC=lan
> Default-First-Site-Name\NEXTCLOUD via RPC
> DSA object GUID: 3fa4ff9a-7fdc-4912-ad73-08b98f6bf347
> Last attempt @ Wed Mar 8 17:30:23 2023 CET failed, result 2 (WERR_FILE_NOT_FOUND)
> 4 consecutive failure(s).
> Last success @ NTTIME(0)
>
>
>
> Is each DC using its own ipaddress as its first nameserver in
> /etc/resolv.conf ?
>
> yes but one of them has 127.0.0.1 can make any difference ?
There have been problems in the past when '127.0.0.1' has been used, I
don't think it will help much, but I would change it to the DC's
ipaddress, you never know your luck.
>
>
> Have you checked replication with:
> samba-tool drs relication
> yes, OK
>
> Have you checked each DC's database with:
> samba-tool dbcheck
> yes, OK
>
>
> have you tried to replicate from the DC that holds the PDC_Emulator FSMO
> role to the other two
> yes
>
> Have you checked replication with:
> samba-tool ldapcmp
>
> there' s error:
>
> samba-tool ldapcmp ldap://landc ldap://nextcloud domain -U administrator
>
> * Comparing [DOMAIN] context...
>
> * Objects to be compared: 309
>
> Comparing:
> 'CN=NEXTCLOUD,OU=DOMAIN CONTROLLERS,DC=DOMAIN,DC=LAN' [ldap://landc]
> 'CN=NEXTCLOUD,OU=DOMAIN CONTROLLERS,DC=DOMAIN,DC=LAN' [ldap://nextcloud]
> Difference in attribute values:
> servicePrincipalName =>
> [b'E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fa4ff9a-7fdc-4912-ad73-08b98f6bf347/domain.lan', b'GC/nextcloud.domain.lan/domain.lan', b'HOST/NEXTCLOUD', b'HOST/nextcloud.domain.lan']
> [b'E3514235-4B06-11D1-AB04-00C04FC2DCD2/3fa4ff9a-7fdc-4912-ad73-08b98f6bf347/domain.lan', b'GC/nextcloud.domain.lan/domain.lan', b'HOST/NEXTCLOUD', b'HOST/nextcloud.domain.lan', b'HOST/nextcloud.domain.lan/WORKGROUP', b'HOST/nextcloud.domain.lan/domain.lan', b'RestrictedKrbHost/NEXTCLOUD', b'RestrictedKrbHost/nextcloud.domain.lan', b'ldap/3fa4ff9a-7fdc-4912-ad73-08b98f6bf347._msdcs.domain.lan', b'ldap/NEXTCLOUD', b'ldap/nextcloud.domain.lan', b'ldap/nextcloud.domain.lan/DomainDnsZones.domain.lan', b'ldap/nextcloud.domain.lan/WORKGROUP', b'ldap/nextcloud.domain.lan/ForestDnsZones.domain.lan', b'ldap/nextcloud.domain.lan/domain.lan']
>
> FAILED
>
> * Result for [DOMAIN]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes with different values:
>
> servicePrincipalName
> ERROR: Compare failed: -1
You have a serious problem there, there are 4 SPN's on landc and 15 on
the other, there seems to something going wrong and, at the moment, it
is escaping me.
You could try a forced sync from nextcloud with 'samba-tool drs
replicate' using the '--sync-forced' switch
Rowland
I tryied --sync-forced : got some error , but also say Replicate Succesful
root at nextcloud:/var/lib/samba# samba-tool drs replicate nextcloud landc dc=domain,dc=lan --sync-all --sync-forced
GSS client Update(krb5)(1) Update failed: Miscellaneous failure (see text): FAST fast response is missing FX-FAST (ldap/NEXTCLOUD at DOMAIN.LAN)
GSS client Update(krb5)(1) Update failed: Miscellaneous failure (see text): FAST fast response is missing FX-FAST (ldap/nextcloud at DOMAIN.LAN)
Replicate from landc to nextcloud was successful.
what can I do now?
we 've already removed samba and the whole /var/lib/samba on nextcloud DC and reinstalled .... no luck ! any suggestion?
thank's
rf
Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com | Phone +1 919-817-8106 - info.us at yetopen.com
Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary
-------- D.Lgs. 196/2003 e GDPR 679/2016 --------
Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario.
Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini
del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata.
Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile.
Grazie.
Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information;
pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible.
Thank you.
More information about the samba
mailing list