Web lists-archives.com

Re: [Samba] Dcs Replication


In "NTDS settings" created new connection for:

DC2 ->DC3

DC3 -> DC2

All OK,

I tested with option


is ok too.

But in my DC2, a received one erro:

May 17 16:54:44 dc2 samba[10421]: [2018/05/17 16:54:44.543336,  0] ../source4/dsdb/repl/drepl_out_helpers.c:1087(dreplsrv_update_refs_done) May 17 16:54:44 dc2 samba[10421]:   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXX DC=DomainDnsZones,DC=XXX,DC=XXX,DC=XXX,DC=XXX

But 24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXXX is DC2....

Any ideia ?


On 17-05-2018 13:55, Carlos wrote:

In Option "Inter-Site Transports", i have only  one the name "DEFAULTIPSITELINK" , in properties

Sites in this link:


Matriz -> site with DC1 and DC2
Filail ->  site With DC3


On 17-05-2018 13:12, lingpanda101 wrote:
On 5/17/2018 12:07 PM, Carlos wrote:

Thanks for answer.

But, i allowed all ports in my firewall...

I tested, shutdown  my DC1

DC2 dont comunication with DC3

I create user in DC2, dont replication with DC3...
I waited more in 20 minutes

Why ??


On 17-05-2018 12:01, lingpanda101 wrote:
On 5/17/2018 10:30 AM, Carlos via samba wrote:

I have 2 DC, now add one more DC, but all dcs dont view between they.

New DC is "DC2"

DC1 - vlan10 -> OK to DC3(Connectad by openvpn)

DC1 -> vlan10 -> OK to DC2(vlan50)

DC2-> vlan50 -> OK to DC1(vlan10)

DC2-> Openvpn -> Dont "see" DC3

DC3 -> Openvpn -> OK to DC1(vlan10)

DC3 -> Openvpn -> Dont "view" DC2(vlan50)

All version Dcs Samba 4.7.7
Firewall is allow  between they.



samba-tool drs showrepl

I see only DC2 and DC3 is OK
Is correct.


samba-tool drs showrepl

I see only DC1


samba-tool drs showrepl

I see only DC1

Any Ideia ?



    This is normal if your firewall is working correctly. The KCC checks and creates replication links to optimize latency and cost where needed. You can override this and create a full mesh topology with the following in your smb.conf under 'Global'.


I advise not doing this but instead ensure sites and services are setup correctly for your IP Inter-Site-Transports. You can define cost and interval for the links here.


Did you verify you have the Inter-Site Transports configured properly in Active Directory Sites and Services snap in?


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba