Web lists-archives.com

[Samba] Replication problems - Logon failure




Hello,
 
I am once again having troubles with a setup of a samba 4 DC and a
Windows Server 2008R2 DC. Replication between these two stopped a few
days ago. Since then the logs on the samba server are flooded with:
 
Failed to bind to uuid e3514235-4b06-11d1-ab04-xxxxxxxxxxxx for
ncacn_ip_tcp:10.0.1.8[49155,seal,krb5,target_hostname=5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx._msdcs.my.domain,target_principal=GC/DC2008.my.domain/my.domain,abstract_syntax=e3514235-4b06-11d1-ab04-xxxxxxxxxxxx/0x00000004,localaddress=10.0.1.102]
NT_STATUS_LOGON_FAILURE
 
samba-tool drs showrepl shows:
 
Default-First-Site-Name\SERVER
DSA Options: 0x00000001
DSA object GUID: 32663ca8-8fd0-442f-8ee8-3be9e72ce3a2
DSA invocationId: 2a684553-b0ca-44fb-a4b8-6f4979c4c071
 
==== INBOUND NEIGHBORS ====
 
DC=ForestDnsZones,DC=my,DC=domain
        Default-First-Site-Name\DC2008 via RPC
                DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
                Last attempt @ Thu Mar 22 11:42:28 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
                2834 consecutive failure(s).
                Last success @ Mon Mar 12 15:05:14 2018 CET
 
DC=DomainDnsZones,DC=my,DC=domain
        Default-First-Site-Name\DC2008 via RPC
                DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
                Last attempt @ Thu Mar 22 11:42:30 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
                2838 consecutive failure(s).
                Last success @ Mon Mar 12 15:05:15 2018 CET
 
DC=my,DC=domain
        Default-First-Site-Name\DC2008 via RPC
                DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
                Last attempt @ Thu Mar 22 11:42:34 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
                2838 consecutive failure(s).
                Last success @ Mon Mar 12 15:05:17 2018 CET
 
CN=Schema,CN=Configuration,DC=my,DC=domain
        Default-First-Site-Name\DC2008 via RPC
                DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
                Last attempt @ Thu Mar 22 11:42:35 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
                2829 consecutive failure(s).
                Last success @ Mon Mar 12 15:05:16 2018 CET
 
CN=Configuration,DC=my,DC=domain
        Default-First-Site-Name\DC2008 via RPC
                DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
                Last attempt @ Thu Mar 22 11:42:37 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
                2834 consecutive failure(s).
                Last success @ Mon Mar 12 15:05:16 2018 CET
 
==== OUTBOUND NEIGHBORS ====
 
DC=ForestDnsZones,DC=my,DC=domain
        Default-First-Site-Name\DC2008 via RPC
                DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
                Last attempt @ Thu Mar 22 11:46:06 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
                127005 consecutive failure(s).
                Last success @ Thu Feb  8 13:49:38 2018 CET
 
DC=DomainDnsZones,DC=my,DC=domain
        Default-First-Site-Name\DC2008 via RPC
                DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
                Last attempt @ Thu Mar 22 11:45:51 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
                125829 consecutive failure(s).
                Last success @ Mon Mar 12 13:55:53 2018 CET
 
DC=my,DC=domain
        Default-First-Site-Name\DC2008 via RPC
                DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
                Last attempt @ Thu Mar 22 11:45:56 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
                150527 consecutive failure(s).
                Last success @ Mon Mar 12 12:10:05 2018 CET
 
CN=Schema,CN=Configuration,DC=my,DC=domain
        Default-First-Site-Name\DC2008 via RPC
                DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
                Last attempt @ Thu Mar 22 11:46:00 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
                111139 consecutive failure(s).
                Last success @ Thu Mar  8 11:45:40 2018 CET
 
CN=Configuration,DC=my,DC=domain
        Default-First-Site-Name\DC2008 via RPC
                DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
                Last attempt @ Thu Mar 22 11:46:04 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
                104308 consecutive failure(s).
                Last success @ Mon Mar 12 14:10:15 2018 CET
 
==== KCC CONNECTION OBJECTS ====
 
Connection --
        Connection name: 972cc207-61cd-4c8d-bc8a-d9ef94179c30
        Enabled        : TRUE
        Server DNS name : DC2008.my.domain
        Server DN name  : CN=NTDS
Settings,CN=DC2008,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain

                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
 
Tried a manual replication with samba-tool drs replicate
dc2008.my.domain server.my.domain "DC=my,DC=domain" and got:
 
Failed to bind to uuid e3514235-4b06-11d1-ab04-xxxxxxxxxxxx for
ncacn_ip_tcp:10.0.1.8[49155,seal,target_hostname=dc2008.my.domain,abstract_syntax=e3514235-4b06-11d1-ab04-xxxxxxxxxxxx/0x00000004,localaddress=10.0.1.102]
NT_STATUS_LOGON_FAILURE
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
dc2008.my.domain failed - drsException: DRS connection to
dc2008.my.domain failed: (-1073741715, 'Logon failure')
 
On the windows side, repadmin /syncall tells me "The target principal
name is incorrect"
 
I verified DNS records from both sides like describe here, all OK:
https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
 
Any ideas?
 
Thanks,
Andreas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba