[Samba] Replication issue after upgrade - 3221225524 / WERR_FILE_NOT_FOUND

Alexandros Karypidis akarypid at yahoo.gr
Sun May 28 10:43:26 UTC 2023 

Hello,
I have a domain with two controllers (DC1/DC2) based on Turnkey Linux domain controller V16.2 (Samba v4.9.5). I just finished upgrading toV17.1 (Samba v4.17.3) using a new temporary controller DC3.
Things seem to have worked, I have DC1/DC2 running the new version and can login to the domain (computer accounts are present, users/groups seem fine, etc). HOWEVER, when I try replication now I get the following errors:
ERROR 1: Try sync from DC1 to DC2 - error 3221225524 (some object not found):
root at dc1 ~# samba-tool drs replicate DC2 DC1 DC=ad,DC=home,DC=lan --full-sync
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to DC2 failed - drsException: DRS connection to DC2 failed: (3221225524, 'The object name is not found.')  File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 55, in drsuapi_connect    (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)  File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 71, in drsuapi_connect    raise drsException("DRS connection to %s failed: %s" % (server, e))
ERROR 2: Try sync from DC2 to DC1 - error  WERR_FILE_NOT_FOUND:
root at dc1 ~# samba-tool drs replicate DC1 DC2 DC=ad,DC=home,DC=lan --full-sync
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND')  File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570, in run    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)  File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 100, in sendDsReplicaSync    raise drsException("DsReplicaSync failed %s" % estr)
Any idea why replication now fails? Logging in with RSAT's "Active Directory Users and Computers" seem to show the contents fine on both controllers.
------------------- The process used to perform the upgrade is below:
- Create a third DC3 using V17.1 and transfer all FSMO to it- Demote/remove DC1- Demote/remove DC2- Recreate DC1 with V17.1 and rejoin domain- Recreate DC2 with V17.1 and rejoin domain- Transfer all FSMO to DC1- Demote/remove DC3
Now, one thing I noticed is that when demoting a DC it was still a member of the domain, so to completely remove it I used the RSAT app on WIndows to delete the computer (including subtree). That was the only "quirk" during the process. After removing the DC I ran a "dbcheck" to fix any references to the removed name...

More information about the samba mailing list