[Samba] samba-tool hangs on one dc
Ray Klassen
ray.klassen at icloud.com
Tue Nov 21 17:22:36 UTC 2023
On Tue, 2023-11-21 at 10:33 -0500, James Atwell via samba wrote:
>
>
> > -----Original Message-----
> > From: samba <samba-bounces at lists.samba.org> On Behalf Of Thomas
> > Schachtner via samba
> > Sent: Tuesday, November 21, 2023 9:16 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] samba-tool hangs on one dc
> >
> > Hello,
> >
> > since some time (I don't remember since when) I have a strange
> > phenomenon
> > with one of my two samba4 DCs.
> > Both dc1 and dc2 seem to run pretty fine and when working with
> > Windows, I
> > do not see any issues.
> >
> > But when issuing the following command on dc1, the command does not
> > return but seems to be stuck.
> >
> > samba-tool drs showrepl
> >
> > When issuing the same command on dc2, it takes a second or so and
> > the result
> > is printed on the screen.
> > The same with other commands like "samba-tool dns add"
> >
> > I already checked the samba log files, but I did not find any log
> > entry.
> >
> > I know that it is difficult to provide a solution for a problem
> > that is described so
> > poorly, but I don't know how to further debug it.
> > Any hints on how to move forward here and/or how to get more
> > information?
> >
> > The output of samba-tool drs showrepl on dc2 does not show issues,
> > regardless of which dc is replicated to which one (i.e. dc1 to tc2
> > or vice-versa).
> > When executing repadmin /replsummary on a Windows client, also no
> > errors
> > are shown.
> >
> > Here's the output:
> >
> > root at dc2:/var/lib/samba# samba-tool drs showrepl
> > Default-First-Site-Name\DC2
> > DSA Options: 0x00000001
> > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> > DSA invocationId: 0e649cb7-efc8-47ad-a841-4453973dbcec
> >
> > ==== INBOUND NEIGHBORS ====
> >
> > DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC1 via RPC
> > DSA object GUID: 4872003f-2bd7-4393-9eed-
> > 1ceaeecf92eb
> > Last attempt @ Tue Nov 21 12:26:25 2023 CET was
> > successful
> > 0 consecutive failure(s).
> > Last success @ Tue Nov 21 12:26:25 2023 CET
> >
> > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC1 via RPC
> > DSA object GUID: 4872003f-2bd7-4393-9eed-
> > 1ceaeecf92eb
> > Last attempt @ Tue Nov 21 12:26:25 2023 CET was
> > successful
> > 0 consecutive failure(s).
> > Last success @ Tue Nov 21 12:26:25 2023 CET
> >
> > CN=Configuration,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC1 via RPC
> > DSA object GUID: 4872003f-2bd7-4393-9eed-
> > 1ceaeecf92eb
> > Last attempt @ Tue Nov 21 12:26:25 2023 CET was
> > successful
> > 0 consecutive failure(s).
> > Last success @ Tue Nov 21 12:26:25 2023 CET
> >
> > DC=DomainDnsZones,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC1 via RPC
> > DSA object GUID: 4872003f-2bd7-4393-9eed-
> > 1ceaeecf92eb
> > Last attempt @ Tue Nov 21 12:26:25 2023 CET was
> > successful
> > 0 consecutive failure(s).
> > Last success @ Tue Nov 21 12:26:25 2023 CET
> >
> > DC=ForestDnsZones,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC1 via RPC
> > DSA object GUID: 4872003f-2bd7-4393-9eed-
> > 1ceaeecf92eb
> > Last attempt @ Tue Nov 21 12:26:25 2023 CET was
> > successful
> > 0 consecutive failure(s).
> > Last success @ Tue Nov 21 12:26:25 2023 CET
> >
> > ==== OUTBOUND NEIGHBORS ====
> >
> > DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC1 via RPC
> > DSA object GUID: 4872003f-2bd7-4393-9eed-
> > 1ceaeecf92eb
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC1 via RPC
> > DSA object GUID: 4872003f-2bd7-4393-9eed-
> > 1ceaeecf92eb
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > CN=Configuration,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC1 via RPC
> > DSA object GUID: 4872003f-2bd7-4393-9eed-
> > 1ceaeecf92eb
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > DC=DomainDnsZones,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC1 via RPC
> > DSA object GUID: 4872003f-2bd7-4393-9eed-
> > 1ceaeecf92eb
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > DC=ForestDnsZones,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC1 via RPC
> > DSA object GUID: 4872003f-2bd7-4393-9eed-
> > 1ceaeecf92eb
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > ==== KCC CONNECTION OBJECTS ====
> >
> > Connection --
> > Connection name: 138dbf8f-16ef-406e-87aa-72a25b4e03b6
> > Enabled : TRUE
> > Server DNS name : dc1.local.example.de
> > Server DN name : CN=NTDS
> > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-
> > Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
> > TransportType: RPC
> > options: 0x00000001
> > Warning: No NC replicated for Connection!
> >
> > Now, after 10 minutes or so, also dc1 finished the command.
> > Here's the result:
> >
> > root at dc1:~# samba-tool drs showrepl
> > Default-First-Site-Name\DC1
> > DSA Options: 0x00000001
> > DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> > DSA invocationId: a1e3fc90-833a-476e-8c8a-0753b5593ae3
> >
> > ==== INBOUND NEIGHBORS ====
> >
> > DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > 00a0db86e6a8
> > Last attempt @ Tue Nov 21 12:41:42 2023 CET was
> > successful
> > 0 consecutive failure(s).
> > Last success @ Tue Nov 21 12:41:42 2023 CET
> >
> > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > 00a0db86e6a8
> > Last attempt @ Tue Nov 21 12:41:43 2023 CET was
> > successful
> > 0 consecutive failure(s).
> > Last success @ Tue Nov 21 12:41:43 2023 CET
> >
> > CN=Configuration,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > 00a0db86e6a8
> > Last attempt @ Tue Nov 21 12:41:43 2023 CET was
> > successful
> > 0 consecutive failure(s).
> > Last success @ Tue Nov 21 12:41:43 2023 CET
> >
> > DC=DomainDnsZones,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > 00a0db86e6a8
> > Last attempt @ Tue Nov 21 12:41:43 2023 CET was
> > successful
> > 0 consecutive failure(s).
> > Last success @ Tue Nov 21 12:41:43 2023 CET
> >
> > DC=ForestDnsZones,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > 00a0db86e6a8
> > Last attempt @ Tue Nov 21 12:41:41 2023 CET was
> > successful
> > 0 consecutive failure(s).
> > Last success @ Tue Nov 21 12:41:41 2023 CET
> >
> > ==== OUTBOUND NEIGHBORS ====
> >
> > DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > 00a0db86e6a8
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > 00a0db86e6a8
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > CN=Configuration,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > 00a0db86e6a8
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > DC=DomainDnsZones,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > 00a0db86e6a8
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > DC=ForestDnsZones,DC=local,DC=example,DC=de
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > 00a0db86e6a8
> > Last attempt @ NTTIME(0) was successful
> > 0 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > ==== KCC CONNECTION OBJECTS ====
> >
> > Connection --
> > Connection name: 85d23471-63cd-4bf1-9238-1ea493d07a95
> > Enabled : TRUE
> > Server DNS name : dc2.local.example.de
> > Server DN name : CN=NTDS
> > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-
> > Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
> > TransportType: RPC
> > options: 0x00000001
> > Warning: No NC replicated for Connection!
> >
> >
> >
> > Both servers (Ubuntu Server) have the latest updates installed.
> > The samba version is 4.15.13-Ubuntu.
> >
> > What could be the reason why one dc takes so long with samba-tool
> > commands while the other one is much faster?
> >
> > Best
> > Tom
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
> I've experienced this before and it's usually transient. If you want
> to see where in the process it's hanging, you can increase the debug
> level to something like 5.
>
> samba-tool drs showrepl -d 5
>
I've had the experience of samba-tool hanging when DNS is
misconfigured.
>
More information about the samba
mailing list