Error 8418: The replication operation failed because of a schema mismatch between the servers involved
Sinelnikov Evgeniy
Sinelnikov.E at digdes.com
Sat Feb 20 18:42:55 UTC 2016
Hello,
I tried to investigate SCHEMA_MISMATCH replication problem deeper using
Wireshark and GDB. And will be glad to share current results:
* test14: https://goo.gl/BSStsW (Problem with Samba DsGetNCChanges response on Windows request after DsReplicaSync)
* test13: https://goo.gl/2cr8xj (Original work between Windows DC's)
Original behavior between Windows DC's looks like:
- DsReplicaSync request (call_id: 3)
- DsGetNCChanges request (call_id: 4)
- DsGetNCChanges response(call_id: 4)
- DsReplicaSync response (call_id: 3)
NC in response is same as in request.
Samba behavior with Windows DC looks:
- DsReplicaSync request (call_id: 3) - to Windows DC
- DsGetNCChanges request (call_id: 31) - from Windows DC to Samba DC
- DsGetNCChanges response(call_id: 29) - response from Samba DC looks like wrong
- DsReplicaSync response (call_id: 3) - return 0x20e2 = 8418 - WERR_DS_DRA_SCHEMA_MISMATCH.
NC in response may not the same as in request. One time I got strange answer with nca_s_fault_context_mismatch.
This problem reproduced after join and replicate Samba DC to domain based on
Windows 2003 R2 x64 Domain controller extended with Exchange 2003/2010 schema.
All DC servers are 64bit. But not dedicated server with Exchange.
# samba-tool drs replicate dc01 dc02 dc=company3,dc=dd
Start replicating for source GUID 28c2a0c4-d9d0-46ff-b659-3f179b632355.
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH')
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line 349, in run
drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, source_dsa_guid, NC, req_options)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
Also I want to note that there are a difference in replica flags sets to Samba DC:
- highest_usn : 0x000000000000cf51 (53073)
- replica_flags : 0x00000070 (112)
+ highest_usn : 0x000000000000cfbc (53180)
+ replica_flags : 0x00201070 (2101360)
0: DRSUAPI_DRS_ASYNC_OP.....
0: DRSUAPI_DRS_GETCHG_CHECK.
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
@@ -55,8 +55,8 @@
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
- 0: DRSUAPI_DRS_GET_NC_SIZE
- 0: DRSUAPI_DRS_LOCAL_ONLY
+ 1: DRSUAPI_DRS_GET_NC_SIZE
+ 1: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
@@ -68,7 +68,7 @@
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
- 0: DRSUAPI_DRS_NEVER_SYNCED
+ 1: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
> -----Original Message-----
> From: samba-technical [mailto:samba-technical-bounces at lists.samba.org]
> On Behalf Of Matthieu Patou
> Sent: Monday, February 15, 2016 9:57 AM
> To: Stefan Metzmacher <metze at samba.org>; samba-
> technical at lists.samba.org
> Subject: Re: Error 8418: The replication operation failed because of a schema
> mismatch between the servers involved
>
> On 02/13/2016 12:21 AM, Stefan Metzmacher wrote:
> > Hi Matthieu,
> >
> >>> Main strange in decrypted response is:
> >>> attid: UNKNOWN_ENUM_VALUE (0x200F4)
> >> My script showattid for a 2010 exchange schema seems to indicate that
> >> it's homeMDB attribute:
> >>
> >> scripts/showattid.py -s ~/workspace/samba/exchange2010/etc/smb.conf
> >> 0x200F4 Unknown parameter encountered: "dns recursive queries"
> >> Ignoring unknown parameter "dns recursive queries"
> >> CN=MSMQ-NT4-
> FLAGS,CN=SCHEMA,CN=CONFIGURATION,DC=EXCHANGE,DC=HOME,DC=M
> >> ATWS,DC=NET
> >>
> >> 1.2.840.113556.1.2.244
> >> Attid 0x200F4(131316) is attribute homeMDB
> >>
> >> Can you check the definition of this attribute in the schema NC for
> >> Windows and Samba DC ?
> > Does this have the msDS-IntID attribute set?
> Yes:
> dn:
> CN=ms-Exch-Home-
> MDB,CN=Schema,CN=Configuration,DC=exchange,DC=home,DC=matws,DC
> =net
> cn: ms-Exch-Home-MDB
> attributeID: 1.2.840.113556.1.2.244
> msDS-IntId: -2096876625
>
> >
> > If so it could be related to Andrew's fixes here:
> > http://git.catalyst.net.nz/gw?p=samba.git;a=commitdiff;h=8007f1df75cfb
> > cc44815a368f661317d8dbc0f3e
> > http://git.catalyst.net.nz/gw?p=samba.git;a=commitdiff;h=5ae622c076c56
> > f7adaf8eeed0cfdaf657cb91beb
> > in
> > http://git.catalyst.net.nz/gw?p=samba.git;a=shortlog;h=refs/heads/repl
> > MetaData-attid
> >
> > An older version is available here:
> > https://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=ef3a56
> > 5a47d2dbc07208ca5239d83d367eb133b2
> > https://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=9fc9a3
> > 123101977435b90d6778c7033c5d907d99
> > in
> > https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/hea
> > ds/replMetaData-attid
> I think it's worth a try, obviously it should be tested on some non critical
> environment to avoid any suprises !
> > See
> > https://lists.samba.org/archive/samba-technical/2016-January/thread.ht
> > ml#111361
> > for the discussion.
> I'll have a closer look
> >
> > Checking the prefixMap attribute is good, but note that this is not a
> > replicated attribute and the content may not have the same format on
> > Windows vs. Samba.
> Yes I agree, still despite a different representation we should insure that we
> have the same data.
> > It would be interesting to see the struct drsuapi_DsGetNCChanges
> > messages in the other direction too, where we replicate from Windows.
> > We need to compare the drsuapi_DsReplicaOIDMapping_Ctr arrays.
> Would be much easier if my PIDL patches were accepted at the moment
> where I was active at doing them :-)
> >
> > metze
> >
>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 020-test14-DsGetNCChanges-request-call_id_31.txt
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160220/ee88202f/020-test14-DsGetNCChanges-request-call_id_31-0001.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 030-test14-DsGetNCChanges-response-call_id_29.txt.gz
Type: application/x-gzip
Size: 14327 bytes
Desc: 030-test14-DsGetNCChanges-response-call_id_29.txt.gz
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160220/ee88202f/030-test14-DsGetNCChanges-response-call_id_29.txt-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test14-dcerpc-with-comments.png
Type: image/png
Size: 230466 bytes
Desc: test14-dcerpc-with-comments.png
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160220/ee88202f/test14-dcerpc-with-comments-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test14-frames.txt.gz
Type: application/x-gzip
Size: 21788 bytes
Desc: test14-frames.txt.gz
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160220/ee88202f/test14-frames.txt-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test13-test14-DsGetNCChanges-request-call_id_31.diff
Type: application/octet-stream
Size: 4476 bytes
Desc: test13-test14-DsGetNCChanges-request-call_id_31.diff
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160220/ee88202f/test13-test14-DsGetNCChanges-request-call_id_31-0001.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 020-test13-DsGetNCChanges-request-call_id_4.txt
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160220/ee88202f/020-test13-DsGetNCChanges-request-call_id_4-0001.txt>
More information about the samba-technical
mailing list