Issue demoting s4 DC
Kristofer
kristofer at cybernetik.net
Thu Dec 13 21:11:40 MST 2012
Hello,
I am attempting to demote a domain controller, and am receiving the following error. On other servers I am receiving NT_STATUS_IO_TIMEOUT. It doesn't seem as though I can demote any of my DC's. Are there any workarounds to manually demote (for example, after a hard server crash where the server can't be recovered)?
root at pbads1:/usr/local/samba/bin# ./samba-tool domain demote --server=BRSAD.ad.bigrocksports.com -UAdministrator -d 8
INFO: Current debug levels:
all: 8
tdb: 8
printdrivers: 8
lanman: 8
smb: 8
rpc_parse: 8
rpc_srv: 8
rpc_cli: 8
passdb: 8
sam: 8
auth: 8
winbind: 8
vfs: 8
idmap: 8
quota: 8
acls: 8
locking: 8
msdfs: 8
dmapi: 8
registry: 8
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface eth0 ip=fe80::20c:29ff:fe00:345d%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.22.10.9 bcast=10.22.10.255 netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fe00:345d%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.22.10.9 bcast=10.22.10.255 netmask=255.255.255.0
lpcfg_servicenumber: couldn't find ldb
schema_fsmo_init: we are master[no] updates allowed[no]
Using BRSAD.ad.bigrocksports.com as partner server for the demotion
Using binding ncacn_ip_tcp:BRSAD.ad.bigrocksports.com[,seal,print]
Mapped to DCERPC endpoint 135
added interface eth0 ip=fe80::20c:29ff:fe00:345d%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.22.10.9 bcast=10.22.10.255 netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fe00:345d%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.22.10.9 bcast=10.22.10.255 netmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface eth0 ip=fe80::20c:29ff:fe00:345d%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.22.10.9 bcast=10.22.10.255 netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fe00:345d%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.22.10.9 bcast=10.22.10.255 netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [BRS\Administrator]:
Received smb_krb5 packet of length 291
Received smb_krb5 packet of length 1335
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
gensec_gssapi: credentials were delegated
GSSAPI Connection will be cryptographically sealed
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
drsuapi_DsBind: struct drsuapi_DsBind
in: struct drsuapi_DsBind
bind_guid : *
bind_guid : e24d201a-4fd6-11d1-a3da-0000f875ae0d
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
info : union drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x0fefff7f (267386751)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1: DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1: DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1: DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1: DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1: DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1: DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1: DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0: DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid : 00000000-0000-0000-0000-000000000000
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
drsuapi_DsBind: struct drsuapi_DsBind
out: struct drsuapi_DsBind
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
info : union drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x2fffff6f (805306223)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1: DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1: DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1: DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1: DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1: DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1: DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1: DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0: DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid : 58b14925-a189-4838-b42f-6f5724a6ba76
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 28329eee-71be-4c2b-a524-3a5b25fa360a
result : WERR_OK
Desactivating inbound replication
Sorting rpmd with attid exception 3 rDN=CN DN=CN=NTDS Settings,CN=PBADS1,CN=Servers,CN=PB,CN=Sites,CN=Configuration,DC=ad,DC=bigrocksports,DC=com
Asking partner server BRSAD.ad.bigrocksports.com to synchronize from us
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
in: struct drsuapi_DsReplicaSync
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 28329eee-71be-4c2b-a524-3a5b25fa360a
level : 0x00000001 (1)
req : *
req : union drsuapi_DsReplicaSyncRequest(case 1)
req1: struct drsuapi_DsReplicaSyncRequest1
naming_context : *
naming_context: struct drsuapi_DsReplicaObjectIdentifier
__ndr_size : 0x000000aa (170)
__ndr_size_sid : 0x00000000 (0)
guid : 00000000-0000-0000-0000-000000000000
sid : S-0-0
__ndr_size_dn : 0x00000038 (56)
dn : 'CN=Schema,CN=Configuration,DC=ad,DC=bigrocksports,DC=com'
source_dsa_guid : 5e768977-e67c-4f57-b722-56f0bd721719
source_dsa_dns : NULL
options : 0x00000010 (16)
0: DRSUAPI_DRS_ASYNC_OP
0: DRSUAPI_DRS_GETCHG_CHECK
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
0: DRSUAPI_DRS_ADD_REF
0: DRSUAPI_DRS_SYNC_ALL
0: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
0: DRSUAPI_DRS_INIT_SYNC
0: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
0: DRSUAPI_DRS_FULL_SYNC_NOW
0: DRSUAPI_DRS_NO_SOURCE
0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
0: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
0: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
0: DRSUAPI_DRS_USE_COMPRESSION
0: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
rpc fault: WERR_EPT_S_CANT_PERFORM_OP
Error while demoting, re-enabling inbound replication
Sorting rpmd with attid exception 3 rDN=CN DN=CN=NTDS Settings,CN=PBADS1,CN=Servers,CN=PB,CN=Sites,CN=Configuration,DC=ad,DC=bigrocksports,DC=com
ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a DsReplicaSync for partion CN=Schema,CN=Configuration,DC=ad,DC=bigrocksports,DC=com - drsException: DsReplicaSync failed (-1073610723, 'NT_STATUS_RPC_PROTOCOL_ERROR')
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 650, in run
sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part), drsuapi.DRSUAPI_DRS_WRIT_REP)
File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
root at pbads1:/usr/local/samba/bin#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4442 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121213/dd1c81b6/attachment.bin>
More information about the samba-technical
mailing list