Re: [Samba] Made a join with a netbios name, which already existed, now replication errors
- Date: Mon, 31 Jul 2017 19:23:16 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Made a join with a netbios name, which already existed, now replication errors
On Mon, 31 Jul 2017 20:06:34 +0200
gizmo via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > When you joined samba4 named as samba3, you removed the account for
> > samba3. So the server that thought of itself as samba3 can't operate
> > any more, essentially it has been force-demoted.
> > I guess you need to remove them both and start again from samba1 and
> > samba2.
> I let the samba1 and samba2 untouched. They are still working with
> SLES 11 and samba 4.3.11 from sernet. Since I broke samba3 with the
> installation of samba4, I installed a samba5 with SLES 12 and samba
> 4.6.6 (sernet), so that I could demote samba3/samba4 with "samba-tool
> domain demote --remove-other-dead-server=" executed on samba5. The
> first try with the name "samba3" or "samba4" didnt work, but with the
> GUID I could successfully demote.
> samba1, samba2 and samba5 seem to work perfect. Then I made a new
> installation of samba3 (SLES 12 and samba 4.6.6) and also joined that
> one. Now there are replication-errors on samba3.
> While samba1, samba2 and samba5 seem to replicate with each other,
> even with the samba3, so samba3 has the following error with samba2:
> Default-First-Site-Name\SAMBA2 via RPC
> DSA object GUID: 9455b34f-a395-449e-b7bb-9a900d59fdfe
> Last attempt @ Mon Jul 31 19:24:03 2017 CEST failed,
> result 8453 (WERR_DS_DRA_ACCESS_DENIED) 58 consecutive failure(s).
> Last success @ Mon Jul 31 19:24:03 2017 CEST
> On samba3 all entries under "INBOUND NEIGHBORS" have this error
> (WERR_DS_DRA_ACCESS_DENIED) with samba2. The entries under "OUTBOUND
> NEIGHBORS" are all with success. Under "KCC CONNECTION OBJECTS"
> samba1 is missing.
> samba2 has a lot of entries in the "log.samba" like that:
> [2017/07/31 19:59:02.987782,
> 0] ../source4/rpc_server/drsuapi/updaterefs.c:276(dcesrv_drsuapi_DsReplicaUpdateRefs) ../source4/rpc_server/drsuapi/updaterefs.c:276:
> Refusing DsReplicaUpdateRefs for sid
> S-1-5-21-492433167-3996512854-4160196905-8869 with GUID
> This is the GUID from samba3.
Get rid of samba3 by demoting it again as you did last time, search
through sam.ldb for any mention of samba3 and samba4 (you will
probably have to use '--cross-ncs' with ldbsearch or lbdedit), then
Now start again with a new DC, but this time, call it anything but
samba3 or samba4.
To unsubscribe from this list go to the following URL and read the