Web lists-archives.com

Re: [Samba] unexplained Replication failures...?





Hi Denis,
Thanks for taking the time to answer.

Yes, I may have been wrong with --forced-sync and --full-sync since the start but in fact I wanted to make sure to force replication between the servers.

Here is what I have noticed:

- replication works from dc00 -> dc00 but not from dc01 -> dc00:

[root@dc00 ~]# samba-tool drs replicate DC01 DC00 dc=ad,dc=lasthome,dc=solace,dc=krynn --sync-forced --full-sync
Replicate from DC00 to DC01 was successful.
[root@dc00 ~]# samba-tool drs replicate DC00 DC01 dc=ad,dc=lasthome,dc=solace,dc=krynn --sync-forced --full-sync ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (87, 'WERR_INVALID_PARAMETER')
[...]

Here's what I have noticed:

# samba-tool ldapcmp ldap://dc00 ldap://dc01 domain --filter=msDS-NcType,serverState

* Comparing [DOMAIN] context...

* Objects to be compared: 304

Comparing:
'CN=DC01,OU=Domain Controllers,DC=ad,DC=lasthome,DC=solace,DC=krynn' [ldap://dc00] 'CN=DC01,OU=Domain Controllers,DC=ad,DC=lasthome,DC=solace,DC=krynn' [ldap://dc01]
    Difference in attribute values:
        servicePrincipalName =>
['E3514235-4B06-11D1-AB04-00C04FC2DCD2/9075aec2-bbc6-4f87-9246-aa75689b86d4/ad.lasthome.solace.krynn', 'GC/dc01.ad.lasthome.solace.krynn/ad.lasthome.solace.krynn', 'HOST/DC01', 'HOST/dc01.ad.lasthome.solace.krynn'] ['E3514235-4B06-11D1-AB04-00C04FC2DCD2/9075aec2-bbc6-4f87-9246-aa75689b86d4/ad.lasthome.solace.krynn', 'GC/dc01.ad.lasthome.solace.krynn/ad.lasthome.solace.krynn', 'HOST/DC01', 'HOST/dc01.ad.lasthome.solace.krynn', 'HOST/dc01.ad.lasthome.solace.krynn/KRYNN_AD', 'HOST/dc01.ad.lasthome.solace.krynn/ad.lasthome.solace.krynn', 'RestrictedKrbHost/DC01', 'RestrictedKrbHost/dc01.ad.lasthome.solace.krynn', 'ldap/9075aec2-bbc6-4f87-9246-aa75689b86d4._msdcs.ad.lasthome.solace.krynn', 'ldap/DC01', 'ldap/dc01.ad.lasthome.solace.krynn', 'ldap/dc01.ad.lasthome.solace.krynn/DomainDnsZones.ad.lasthome.solace.krynn', 'ldap/dc01.ad.lasthome.solace.krynn/ForestDnsZones.ad.lasthome.solace.krynn', 'ldap/dc01.ad.lasthome.solace.krynn/KRYNN_AD', 'ldap/dc01.ad.lasthome.solace.krynn/ad.lasthome.solace.krynn']
    FAILED

* Result for [DOMAIN]: FAILURE

SUMMARY
---------

Attributes with different values:

    servicePrincipalName
ERROR: Compare failed: -1

Any ideas?

I will set the log level to '9' to see if I can pinpoint the issue more precisely..

Thanks,

,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,
Vincent S. Cojot, Computer Engineering. STEP project. _.,-*~'`^`'~*-,._.,-*~
Ecole Polytechnique de Montreal, Comite Micro-Informatique. _.,-*~'`^`'~*-,.
Linux Xview/OpenLook resources page _.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'
http://step.polymtl.ca/~coyote  _.,-*~'`^`'~*-,._ coyote@xxxxxxxxxxxxxxxxx

They cannot scare me with their empty spaces
Between stars - on stars where no human race is
I have it in me so much nearer home
To scare myself with my own desert places.       - Robert Frost



On Fri, 4 May 2018, Denis Cardon via samba wrote:

Hi Vincent,

 I'm running in circles trying to debug replication failures on samba
 4.7.6:

 dc00 : is a VM on KVM host (attached to a bridge on local LAN)
 dc01 : is a similarly configured VM on another KVM host.

 I've forcibly demoted and re-promoted dc01 but I still cannot get
 automatic replication to work:

 root@dc00 ~]# samba-tool drs showrepl
 Krynn\DC00
 DSA Options: 0x00000001
 DSA object GUID: 204cb904-754b-4457-af09-9347f8714006
 DSA invocationId: b72fc409-bf9a-45e2-a623-0e668386536a

 ==== INBOUND NEIGHBORS ====

 DC=ForestDnsZones,DC=ad,DC=lasthome,DC=solace,DC=krynn
         Krynn\DC01 via RPC
                 DSA object GUID: 9ac5b74a-383a-4336-9c5d-978b45bad9c9
                 Last attempt @ Thu May  3 18:50:52 2018 EDT failed,
 result 87 (WERR_INVALID_PARAMETER)
                 4 consecutive failure(s).
                 Last success @ NTTIME(0)

 All of these show 'Last success @ NTTIME(0)'.

 I can force replication manually just fine but automatic replication
 doesn't seem to work.

 [root@dc00 ~]# samba-tool dbcheck
 Checking 351 objects
 Checked 351 objects (0 errors)
 [root@dc00 ~]# samba-tool drs replicate DC01 DC00
 dc=ad,dc=lasthome,dc=solace,dc=krynn --sync-forced --full-sync
 Replicate from DC00 to DC01 was successful.

if you need a --sync-forced --full-sync to have replication working, then actually it is not working. Try to restart samba with "log level = 9" in smb.conf and look for the few last message of the replication process, it should give you a bit more information about the issue.

Cheers,

Denis


 Any ideas?

 Vincent


--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil.it

Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba