4.0.rc2 drs issue
Matthieu Patou
mat at samba.org
Wed Oct 17 23:43:39 MDT 2012
On 10/17/2012 12:53 PM, Gémes Géza wrote:
> Hi,
>
> I have a (production) domain created by a 3.5->4.0beta6(some git
> version)->4.0rc2 upgrade path, with the last upgrade executed as a
> join of a 4.0rc2 install (machine name dc1) and removal of the beta8
> install (machine name dc0). Immediately after the removal of beta8 (I
> wasn't able to demote it, however forcibly transfered the fsmo roles
> to rc2) I've installed another instance of rc2 (with the same IP
> address and name as beta8 had (dc0)) and joined it to rc2 (without
> removing anything related to dc0 from the directory). Unfortunately
> I've observed that drs is not working as expected (I had dc0 as an
> incoming and outgoing replica partner on dc1, but dc1 was only an
> incoming partner for dc0). Because of that I've decided to remove dc0
> from the domain entirely to rejoin it cleanly (also plan to upgrde
> both servers to rc3 in the process). Unfortunately dc0 won't demote as
> it claims to hold still two roles, but samba-tool fsmo show gives (on
> both servers) that all five roles are hold by dc1. Being stuck on it
> I've decided to forcibly remove it following:
> http://technet.microsoft.com/en-us/library/cc736378%28WS.10%29.aspx
> After removal I've checked that dc0 disappeared without trace (except
> dns where I've cleaned it out).
> After joining it back I still have:
> root at dc1:~# samba-tool drs showrepl
> Default-First-Site-Name\DC1
> DSA Options: 0x00000001
> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
> DSA invocationId: 574709d5-5de7-472a-ba15-fc7b5ca97da0
>
> ==== INBOUND NEIGHBORS ====
>
> DC=DomainDnsZones,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> Last attempt @ NTTIME(0) was successful
^^^^^^^^^^^^^^^^^^^ This means that it has never replicated from this server
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=DomainDnsZones,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> Last attempt @ NTTIME(0) was successful
^^^^^^^^^^^^^^^^^^^ in outgoing the nttime is always 0
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: c9f0627b-6d81-4817-adca-1849005d0d7c
> Enabled : TRUE
> Server DNS name : DC0.kzsdabas.hu
> Server DN name : CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=kzsdabas,DC=hu
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
> Which seems ok
no it's not
>
> and:
> root at dc0:~# samba-tool drs showrepl
> Default-First-Site-Name\DC0
> DSA Options: 0x00000001
> DSA object GUID: fa8ad1e1-f8e0-42ef-b8da-dfdb22141d5f
> DSA invocationId: c733b71a-c093-4a0e-b990-839d8b9ffaf2
>
> ==== INBOUND NEIGHBORS ====
>
> DC=DomainDnsZones,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
> Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Wed Oct 17 21:44:35 2012 CEST
>
> CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
> Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Wed Oct 17 21:44:35 2012 CEST
>
> DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
> Last attempt @ Wed Oct 17 21:44:36 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Wed Oct 17 21:44:36 2012 CEST
>
> DC=ForestDnsZones,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
> Last attempt @ Wed Oct 17 21:44:35 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Wed Oct 17 21:44:35 2012 CEST
>
> CN=Configuration,DC=kzsdabas,DC=hu
> Default-First-Site-Name\DC1 via RPC
> DSA object GUID: f5ea5559-534c-4341-9f63-c0d7a0019635
> Last attempt @ Wed Oct 17 21:44:36 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Wed Oct 17 21:44:36 2012 CEST
>
> ==== OUTBOUND NEIGHBORS ====
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: 4eb7c88b-62c9-46d1-817d-15b5be7b9e41
> Enabled : TRUE
> Server DNS name : DC1.kzsdabas.hu
> Server DN name : CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=kzsdabas,DC=hu
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
> Which seems less perfect
Well you should check the repsto and repsfrom, attributes (use ldbsearch
-H ldap://<ip> --cross-ncs --show-binary '(repsto=*) repsfrom repsto
Also check that on both host you can resolve the two following DNS names
<guid_ntds_server1>._msdcs.<domain>
<guid_ntds_server2>._msdcs.<domain>
Use this command:
./bin/ldbsearch -H ldap://<ip> '(invocationid=*)' --cross-ncs
objectguid to get the guid_ntds_server1 & guid_ntds_server2
Matthieu.
Matthieu
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba-technical
mailing list