Web lists-archives.com

Re: [Samba] DC site replication issue ?




On 3/6/2017 12:53 PM, Mircea Husz wrote:
--------------------------------------------
On Mon, 3/6/17, lingpanda101 via samba <samba@xxxxxxxxxxxxxxx> wrote:

  Subject: Re: [Samba] DC site replication issue ?
  To: samba@xxxxxxxxxxxxxxx
  Date: Monday, March 6, 2017, 9:20 AM
On 3/6/2017 9:56 AM,
  Mircea Husz via samba wrote:
  > All,
  >
  > I'm migrating a
  samba3 domain to a new samba4 AD version 4.5.5. Did a fair
  amount of testing on isolated vlans including two sites and
  replication between two domain controllers.
  >
  > I'm now rolling
  out DCs intended to become production shortly. One is in
  Chicago, the other in NY, and each is configured in its own
  timezone with NTP synching up.
  >
  > I am looking at a potential replication
  issue and want to know if the message from 'samba-tool
  drs showrepl' is indicative of trouble.
  >
  > The 'Inbound
  neighbors' list looks correct on both CH and NY DCs. The
  'Outbound neighbors' list on both DCs shows
  'Last attempt @ NTTIME(0) was successful'. I listed
  the full output at the bottom of this post.
  >
  > The logs don't
  have overt error messages, although I admit I don't
  understand everything that gets logged. I looked at levels
  3, 5, and 10.
  >
  > I
  tested replication by adding a DNS entry, adding an account,
  then deleting the test account, and all that gets replicated
  to the other DC. So it seems to work fine.
  >
  > Also I used the
  ldapcmp tool, which came back with the only difference being
  the uppercase vs lowercase bug between cn and CN, dc and DC
  as per this report:
  > https://bugzilla.samba.org/show_bug.cgi?id=12399
  >
  > Forcing replication
  returns with success: 'Replicate from CH1-AD-V01 to
  NY4-AD-V01 was successful.'
  >
  > So my questions are:
  >
  1 - Do others with DCs in multiple sites get an actual time
  entry in the Outbound neighbors list instead of '@
  NTTIME(0)' ?
  >
  > 2
  - Is replication used in production with three or more sites
  and timezones and is it reliable ? I'd like to know if
  going to production with such a setup is generally
  recommended based on real-life deployments.
  >
  > Thank you for all
  input.
  >
  > The output
  from 'samba-tool drs showrepl':
  >
  > CH1\CH1-AD-V01
  > DSA Options: 0x00000001
  > DSA object GUID:
  ae57ed96-5b4a-4d86-befd-027711adfe26
  >
  DSA invocationId: cf59ac10-c027-4a45-8df5-218c88433fdd
  >
  > ==== INBOUND
  NEIGHBORS ====
  >
  >
  DC=ForestDnsZones,DC=ad,DC=corp,DC=com
  >
  NY4\NY4-AD-V01 via RPC
  > DSA object GUID:
  b7aea0b6-f0fa-477c-a44d-96a8b005450d
  >
  Last attempt @ Fri Mar  3 11:23:46 2017 CST was
  successful
  > 0 consecutive failure(s).
  > Last success @ Fri Mar  3 11:23:46 2017
  CST
  >
  >
  DC=DomainDnsZones,DC=ad,DC=corp,DC=com
  >
  NY4\NY4-AD-V01 via RPC
  > DSA object GUID:
  b7aea0b6-f0fa-477c-a44d-96a8b005450d
  >
  Last attempt @ Fri Mar  3 11:23:46 2017 CST was
  successful
  > 0 consecutive failure(s).
  > Last success @ Fri Mar  3 11:23:46 2017
  CST
  >
  >
  DC=ad,DC=corp,DC=com
  > NY4\NY4-AD-V01 via
  RPC
  > DSA object GUID:
  b7aea0b6-f0fa-477c-a44d-96a8b005450d
  >
  Last attempt @ Fri Mar  3 11:23:46 2017 CST was
  successful
  > 0 consecutive failure(s).
  > Last success @ Fri Mar  3 11:23:46 2017
  CST
  >
  >
  CN=Schema,CN=Configuration,DC=ad,DC=corp,DC=com
  > NY4\NY4-AD-V01 via RPC
  > DSA object GUID:
  b7aea0b6-f0fa-477c-a44d-96a8b005450d
  >
  Last attempt @ Fri Mar  3 11:23:47 2017 CST was
  successful
  > 0 consecutive failure(s).
  > Last success @ Fri Mar  3 11:23:47 2017
  CST
  >
  >
  CN=Configuration,DC=ad,DC=corp,DC=com
  >
  NY4\NY4-AD-V01 via RPC
  > DSA object GUID:
  b7aea0b6-f0fa-477c-a44d-96a8b005450d
  >
  Last attempt @ Fri Mar  3 11:23:47 2017 CST was
  successful
  > 0 consecutive failure(s).
  > Last success @ Fri Mar  3 11:23:47 2017
  CST
  >
  > ==== OUTBOUND
  NEIGHBORS ====
  >
  >
  DC=ForestDnsZones,DC=ad,DC=corp,DC=com
  >
  NY4\NY4-AD-V01 via RPC
  > DSA object GUID:
  b7aea0b6-f0fa-477c-a44d-96a8b005450d
  >
  Last attempt @ NTTIME(0) was successful
  >
  0 consecutive failure(s).
  > Last success
  @ NTTIME(0)
  >
  >
  DC=DomainDnsZones,DC=ad,DC=corp,DC=com
  >
  NY4\NY4-AD-V01 via RPC
  > DSA object GUID:
  b7aea0b6-f0fa-477c-a44d-96a8b005450d
  >
  Last attempt @ NTTIME(0) was successful
  >
  0 consecutive failure(s).
  > Last success
  @ NTTIME(0)
  >
  >
  DC=ad,DC=corp,DC=com
  > NY4\NY4-AD-V01 via
  RPC
  > DSA object GUID:
  b7aea0b6-f0fa-477c-a44d-96a8b005450d
  >
  Last attempt @ NTTIME(0) was successful
  >
  0 consecutive failure(s).
  > Last success
  @ NTTIME(0)
  >
  >
  CN=Schema,CN=Configuration,DC=ad,DC=corp,DC=com
  > NY4\NY4-AD-V01 via RPC
  > DSA object GUID:
  b7aea0b6-f0fa-477c-a44d-96a8b005450d
  >
  Last attempt @ NTTIME(0) was successful
  >
  0 consecutive failure(s).
  > Last success
  @ NTTIME(0)
  >
  >
  CN=Configuration,DC=ad,DC=corp,DC=com
  >
  NY4\NY4-AD-V01 via RPC
  > DSA object GUID:
  b7aea0b6-f0fa-477c-a44d-96a8b005450d
  >
  Last attempt @ NTTIME(0) was successful
  >
  0 consecutive failure(s).
  > Last success
  @ NTTIME(0)
  >
  > ====
  KCC CONNECTION OBJECTS ====
  >
  > Connection --
  >
  Connection name: 2ab1b199-31a6-48d9-a87e-4aa10e8a2594
  > Enabled        : TRUE
  > Server DNS name :
  ny4-ad-v01.ad.corp.com
  > Server DN name
  : CN=NTDS
  Settings,CN=NY4-AD-V01,CN=Servers,CN=NY4,CN=Sites,CN=Configuration,DC=ad,DC=corp,DC=com
  > TransportType: RPC
  >
  options: 0x00000001
  > Warning: No NC
  replicated for Connection!
  >
  > Thanks,
  > -Mike
  >
I can
  only answer number 1.  I have the same behavior with no
  reporting
  of the time stamp on Outbound
  Neighbors.
--
  - James
Aside from the lack of timestamp, how long has replication worked in your setup ?

Thanks,
-Mike
  --
  To unsubscribe from this
  list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/options/samba

I have been using Samba since 2012 version 4.0 as a DC. Replication has never been a issue aside from my own misunderstanding of how Samba operates. My replication partners are contained within a MAN and not a WAN. My network consists of 6 DC's across 3 sites. I can't comment on time zone concerns however. The only issue I see if any is Sysvol replication. Make sure not to forget this step.

https://wiki.samba.org/index.php/SysVol_replication_(DFS-R)

--
- James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba