[Samba] Replication issue after rejoining a DC

Rowland Penny rpenny at samba.org
Thu Oct 9 10:40:36 UTC 2025 

On Thu, 9 Oct 2025 11:19:42 +0200
Cedric Puchalver via samba <samba at lists.samba.org> wrote:

> Le 09/10/2025 à 10:50, Rowland Penny via samba a écrit :
> > On Thu, 9 Oct 2025 09:04:26 +0200
> > Cedric Puchalver via samba <samba at lists.samba.org> wrote:
> >
> >> Le 08/10/2025 à 16:50, Rowland Penny via samba a écrit :
> >>> To put it another way, if you rerun 'samba-tool drs showrepl', do
> >>> you still get the errors ?
> >>>
> >>>
> >> Hi Rowland,
> >>
> >> It was shortly after the new DC started.
> >>
> >> I manually ran the command samba_dnsupdate --verbose and it
> >> returned :
> >>
> > SNIP
> >
> >> No DNS updates needed
> >>
> > So it isn't the lack of dns records.
> >
> >> I ran the command samba-tool drs showrepl and here is the output :
> >>
> >> Chaos-Theory\DC2
> >> DSA Options: 0x00000001
> >> DSA object GUID: 2f2aee44-0eca-4ad1-9b77-d11d8d31e3eb
> >> DSA invocationId: a8f75274-c493-4b23-87d4-fcba4a7d9a2f
> >>
> >> ==== INBOUND NEIGHBORS ====
> >>
> >> DC=season-of-mist,DC=intranet
> >>           Default-First-Site-Name\DC3 via RPC
> >>                   DSA object GUID:
> >> e6af5447-965a-451b-8d60-3bef78100504 Last attempt @ Thu Oct  9
> >> 02:59:46 2025 EDT failed, result 31 (WERR_GEN_FAILURE)
> >>                   9 consecutive failure(s).
> >>                   Last success @ Wed Oct  8 07:17:15 2025 EDT
> > SNIP
> >
> > What is in /etc/resolv.conf ?
> > Is the first nameserver its own ipaddress ?
> >
> > Rowland
> >
> Yes /etc/resolv.conf is setup accordingly :
> 
> domain season-of-mist.intranet
> search season-of-mist.intranet
> nameserver 192.168.20.5
> nameserver 192.168.10.5
> 
> 

'domain' and 'search' used to be mutually exclusive and the last one
won, but it seems that 'domain' has now become obsolete and is just
another way of saying 'search'.
I normally just set the DCs IP as the only nameserver, working on that
if the nameserver isn't working, then it is highly likely the rest of
the AD DC isn't either and I don't want a failed DC replying to
anything.

You do not seem to be doing anything wrong, but after looking at your
output from 'samba-tool visualize uptodateness', it looks like not
everything has replicated correctly, you could try a forced replication,
see 'samba-tool drs replicate --help' for instructions.

Rowland

More information about the samba mailing list