Web lists-archives.com

Re: [Samba] DRS Replication between two DC's Failing




On 1/11/2018 10:39 AM, Harsh Kukreja via samba wrote:
Hi

The DRS sync between two Domain Controllers connected on one network is
failing. I have enabled the log level 9.

samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na
--full-sync -UAdministrator
INFO: Current debug levels:
   all: 9
   tdb: 9
   printdrivers: 9
   lanman: 9
   smb: 9
   rpc_parse: 9
   rpc_srv: 9
   rpc_cli: 9
   passdb: 9
   sam: 9
   auth: 9
   winbind: 9
   vfs: 9
   idmap: 9
   quota: 9
   acls: 9
   locking: 9
   msdfs: 9
   dmapi: 9
   registry: 9
   scavenger: 9
   dns: 0
   ldb: 9
   tevent: 9
   auth_audit: 9
   auth_json_audit: 9
   kerberos: 9
   drs_repl: 9
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[softshare]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:172.16.10.5[,seal,print]
Mapped to DCERPC endpoint 135
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_SEAL
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_TARGET_TYPE_DOMAIN
   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
   NTLMSSP_NEGOTIATE_TARGET_INFO
   NTLMSSP_NEGOTIATE_VERSION
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
Password for [IUMNET\Administrator]:
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_SEAL
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
   NTLMSSP_NEGOTIATE_VERSION
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_SEAL
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
   NTLMSSP_NEGOTIATE_VERSION
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_SEAL
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
   NTLMSSP_NEGOTIATE_VERSION
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
      drsuapi_DsBind: struct drsuapi_DsBind
         in: struct drsuapi_DsBind
             bind_guid                : *
                 bind_guid                :
e24d201a-4fd6-11d1-a3da-0000f875ae0d
             bind_info                : *
                 bind_info: struct drsuapi_DsBindInfoCtr
                     length                   : 0x0000001c (28)
                     __ndr_length             : 0x0000001c (28)
                     info                     : union
drsuapi_DsBindInfo(case 28)
                     info28: struct drsuapi_DsBindInfo28
                         supported_extensions     : 0x0fefff7f (267386751)
                                1: DRSUAPI_SUPPORTED_EXTENSION_BASE
                                1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
                                1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
                                1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
                                1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
                                1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
                                0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
                                1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
                                1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
                                1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
                                1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
                                1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
                                1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
                                1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
                                1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
                                1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
                                1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
                                0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
                                1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
                                1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
                                1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
                                1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
                                0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
                                0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
                                0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
                                0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
                         site_guid                :
00000000-0000-0000-0000-000000000000
                         pid                      : 0x00000000 (0)
                         repl_epoch               : 0x00000000 (0)
      drsuapi_DsBind: struct drsuapi_DsBind
         out: struct drsuapi_DsBind
             bind_info                : *
                 bind_info: struct drsuapi_DsBindInfoCtr
                     length                   : 0x0000001c (28)
                     __ndr_length             : 0x0000001c (28)
                     info                     : union
drsuapi_DsBindInfo(case 28)
                     info28: struct drsuapi_DsBindInfo28
                         supported_extensions     : 0x2fffff6f (805306223)
                                1: DRSUAPI_SUPPORTED_EXTENSION_BASE
                                1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
                                1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
                                1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
                                0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
                                1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
                                0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
                                1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
                                1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
                                1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
                                1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
                                1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
                                1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
                                1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
                                1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
                                1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
                                1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
                                1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
                                1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
                                1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
                                1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
                                0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
                                0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
                                0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
                         site_guid                :
29e318da-d660-4a24-94d9-81e86b5a1e82
                         pid                      : 0x00000000 (0)
                         repl_epoch               : 0x00000000 (0)
             bind_handle              : *
                 bind_handle: struct policy_handle
                     handle_type              : 0x00000000 (0)
                     uuid                     :
2cb3f3b5-b29a-4958-a912-51a0881976da
             result                   : WERR_OK
lpcfg_servicenumber: couldn't find ldb
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_SEAL
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_TARGET_TYPE_DOMAIN
   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
   NTLMSSP_NEGOTIATE_TARGET_INFO
   NTLMSSP_NEGOTIATE_VERSION
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_SEAL
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
   NTLMSSP_NEGOTIATE_VERSION
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_SEAL
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
   NTLMSSP_NEGOTIATE_VERSION
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_SEAL
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
   NTLMSSP_NEGOTIATE_VERSION
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
      drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
         in: struct drsuapi_DsReplicaSync
             bind_handle              : *
                 bind_handle: struct policy_handle
                     handle_type              : 0x00000000 (0)
                     uuid                     :
2cb3f3b5-b29a-4958-a912-51a0881976da
             level                    : 0x00000001 (1)
             req                      : *
                 req                      : union
drsuapi_DsReplicaSyncRequest(case 1)
                 req1: struct drsuapi_DsReplicaSyncRequest1
                     naming_context           : *
                         naming_context: struct
drsuapi_DsReplicaObjectIdentifier
                             __ndr_size               : 0x00000066 (102)
                             __ndr_size_sid           : 0x00000000 (0)
                             guid                     :
00000000-0000-0000-0000-000000000000
                             sid                      : S-0-0
                             __ndr_size_dn            : 0x00000016 (22)
                             dn                       :
'DC=iumnet,DC=edu,DC=na'
                     source_dsa_guid          :
27182378-a9c7-451e-bb95-7b2172a5f311
                     source_dsa_dns           : NULL
                     options                  : 0x00008010 (32784)
                            0: DRSUAPI_DRS_ASYNC_OP
                            0: DRSUAPI_DRS_GETCHG_CHECK
                            0: DRSUAPI_DRS_UPDATE_NOTIFICATION
                            0: DRSUAPI_DRS_ADD_REF
                            0: DRSUAPI_DRS_SYNC_ALL
                            0: DRSUAPI_DRS_DEL_REF
                            1: DRSUAPI_DRS_WRIT_REP
                            0: DRSUAPI_DRS_INIT_SYNC
                            0: DRSUAPI_DRS_PER_SYNC
                            0: DRSUAPI_DRS_MAIL_REP
                            0: DRSUAPI_DRS_ASYNC_REP
                            0: DRSUAPI_DRS_IGNORE_ERROR
                            0: DRSUAPI_DRS_TWOWAY_SYNC
                            0: DRSUAPI_DRS_CRITICAL_ONLY
                            0: DRSUAPI_DRS_GET_ANC
                            0: DRSUAPI_DRS_GET_NC_SIZE
                            0: DRSUAPI_DRS_LOCAL_ONLY
                            0: DRSUAPI_DRS_NONGC_RO_REP
                            0: DRSUAPI_DRS_SYNC_BYNAME
                            0: DRSUAPI_DRS_REF_OK
                            1: DRSUAPI_DRS_FULL_SYNC_NOW
                            1: DRSUAPI_DRS_NO_SOURCE
                            0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
                            0: DRSUAPI_DRS_FULL_SYNC_PACKET
                            0: DRSUAPI_DRS_SYNC_REQUEUE
                            0: DRSUAPI_DRS_SYNC_URGENT
                            0: DRSUAPI_DRS_REF_GCSPN
                            0: DRSUAPI_DRS_NO_DISCARD
                            0: DRSUAPI_DRS_NEVER_SYNCED
                            0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
                            0: DRSUAPI_DRS_INIT_SYNC_NOW
                            0: DRSUAPI_DRS_PREEMPTED
                            0: DRSUAPI_DRS_SYNC_FORCED
                            0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
                            0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
                            0: DRSUAPI_DRS_USE_COMPRESSION
                            0: DRSUAPI_DRS_NEVER_NOTIFY
                            0: DRSUAPI_DRS_SYNC_PAS
                            0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
      drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
         out: struct drsuapi_DsReplicaSync
             result                   : WERR_BAD_NET_RESP
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 386, in
run
     drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
   File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, in
sendDsReplicaSync
     raise drsException("DsReplicaSync failed %s" % estr)

*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA

Not sure what your issue is but have you tried using the fqdn for DC1 and DC2? I've experienced issues with manual replication when using a IP and not the dns or fqdn name.

--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba