Web lists-archives.com

Re: [Samba] DRS Replication between two DC's Failing

Hi Harsh,

The DRS sync between two Domain Controllers connected on one network is
failing. I have enabled the log level 9.

samba-tool drs replicate iumsvrpdc DC=iumnet,DC=edu,DC=na
--full-sync -UAdministrator
INFO: Current debug levels:
   all: 9
   tdb: 9
   printdrivers: 9
                            0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
      drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
         out: struct drsuapi_DsReplicaSync
             result                   : WERR_BAD_NET_RESP
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
386, in
     drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
   File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
85, in
     raise drsException("DsReplicaSync failed %s" % estr)

*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail:
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA

Not sure what your issue is but have you tried using the fqdn for DC1
and DC2? I've experienced issues with manual replication when using a IP
and not the dns or fqdn name.

Indeed, domain controllers will use Kerberos for authentication during replication. If you are using IP address, you cannot use Kerberos since the client computer won't be able to build up a SPN to known which AD account it should ask a ticket for.



Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0)

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba