Web lists-archives.com

Re: [Samba] Dcs Replication

On 5/17/2018 3:58 PM, Carlos wrote:


In "NTDS settings" created new connection for:

DC2 ->DC3

DC3 -> DC2

All OK,

I tested with option


is ok too.

But in my DC2, a received one erro:

May 17 16:54:44 dc2 samba[10421]: [2018/05/17 16:54:44.543336,  0] ../source4/dsdb/repl/drepl_out_helpers.c:1087(dreplsrv_update_refs_done) May 17 16:54:44 dc2 samba[10421]:   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXX DC=DomainDnsZones,DC=XXX,DC=XXX,DC=XXX,DC=XXX

But 24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXXX is DC2....

Any ideia ?


On 17-05-2018 13:55, Carlos wrote:

In Option "Inter-Site Transports", i have only  one the name "DEFAULTIPSITELINK" , in properties

Sites in this link:


Matriz -> site with DC1 and DC2
Filail ->  site With DC3


On 17-05-2018 13:12, lingpanda101 wrote:
On 5/17/2018 12:07 PM, Carlos wrote:

Thanks for answer.

But, i allowed all ports in my firewall...

I tested, shutdown  my DC1

DC2 dont comunication with DC3

I create user in DC2, dont replication with DC3...
I waited more in 20 minutes

Why ??


On 17-05-2018 12:01, lingpanda101 wrote:
On 5/17/2018 10:30 AM, Carlos via samba wrote:

I have 2 DC, now add one more DC, but all dcs dont view between they.

New DC is "DC2"

DC1 - vlan10 -> OK to DC3(Connectad by openvpn)

DC1 -> vlan10 -> OK to DC2(vlan50)

DC2-> vlan50 -> OK to DC1(vlan10)

DC2-> Openvpn -> Dont "see" DC3

DC3 -> Openvpn -> OK to DC1(vlan10)

DC3 -> Openvpn -> Dont "view" DC2(vlan50)

All version Dcs Samba 4.7.7
Firewall is allow  between they.



samba-tool drs showrepl

I see only DC2 and DC3 is OK
Is correct.


samba-tool drs showrepl

I see only DC1


samba-tool drs showrepl

I see only DC1

Any Ideia ?



    This is normal if your firewall is working correctly. The KCC checks and creates replication links to optimize latency and cost where needed. You can override this and create a full mesh topology with the following in your smb.conf under 'Global'.


I advise not doing this but instead ensure sites and services are setup correctly for your IP Inter-Site-Transports. You can define cost and interval for the links here.


Did you verify you have the Inter-Site Transports configured properly in Active Directory Sites and Services snap in?



    You are doing a lot of things that go against best practice. Do not manually create the links. let the KCC handle that function.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba