Re: [Samba] DRS Replication between two DC's Failing

Hi Harsh,

The DRS sync between two Domain Controllers connected on one network is
failing. I have enabled the log level 9.

samba-tool drs replicate iumsvrpdc DC=iumnet,DC=edu,DC=na
--full-sync -UAdministrator
INFO: Current debug levels:
   all: 9
   tdb: 9
   printdrivers: 9
                            0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
      drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
         out: struct drsuapi_DsReplicaSync
             result                   : WERR_BAD_NET_RESP
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
386, in
     drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
   File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
85, in
     raise drsException("DsReplicaSync failed %s" % estr)

Not sure what your issue is but have you tried using the fqdn for DC1
and DC2? I've experienced issues with manual replication when using a IP
and not the dns or fqdn name.

Indeed, domain controllers will use Kerberos for authentication during replication. If you are using IP address, you cannot use Kerberos since the client computer won't be able to build up a SPN to known which AD account it should ask a ticket for.



