Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] AD Replication issues due to lingering objects
266 views
Skip to first unread message
Tom Cannaerts - INTRACTO via samba
Jan 2, 2017, 6:40:03 AM1/2/17
to
We are trying to migrate away from out Windows 2008 R2 server to a Samba
based DC. At this point we have both the Windows server as a Samba server
as DC in the domain. After a while, we noticed that changes from the Samba
server were not replicated to the Windows machine. Further investigation
show that there are 2 lingering objects that prevent replication, and it
has been for quite a while.
The various procedures on the Microsoft site to remove the lingering
objects don't work against the Samba DC.
eg. repadmin /removelingeringobjects on the objects gives following error,
and no usefull information was found on Google:
DsReplicaVerifyObjectsW() failed with status 1745 (0x6d1):
The procedure number is out of range.
I also disabled the Strict Replication Consistency on the Windows DC, so
that the object would be recreated and rereplicated, but that doesn't help
either. The eventlog says it's going to re-request the object from the
other DC as it doesn't have enough attribute information to recreate it,
but the object doesn't exists anymore on the other DC.
So basically, I'm looking for a solution that can solve this problem.
Can demoting and re-promoting the Samba DC solve this problem? If so, is it
as simple as running samba-tool domain demote on the samba DC and
afterwards running samba-tool domain join again?
Tom
--
Met vriendelijke groeten,
Tom Cannaerts
*Service and MaintenanceIntracto - digital agency*
Zavelheide 15 - 2200 Herentals
Tel: +32 14 28 29 29
www.intracto.com
Ben je tevreden over deze e-mail?
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=5>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=4>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=3>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=2>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=1>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
based DC. At this point we have both the Windows server as a Samba server
as DC in the domain. After a while, we noticed that changes from the Samba
server were not replicated to the Windows machine. Further investigation
show that there are 2 lingering objects that prevent replication, and it
has been for quite a while.
The various procedures on the Microsoft site to remove the lingering
objects don't work against the Samba DC.
eg. repadmin /removelingeringobjects on the objects gives following error,
and no usefull information was found on Google:
DsReplicaVerifyObjectsW() failed with status 1745 (0x6d1):
The procedure number is out of range.
I also disabled the Strict Replication Consistency on the Windows DC, so
that the object would be recreated and rereplicated, but that doesn't help
either. The eventlog says it's going to re-request the object from the
other DC as it doesn't have enough attribute information to recreate it,
but the object doesn't exists anymore on the other DC.
So basically, I'm looking for a solution that can solve this problem.
Can demoting and re-promoting the Samba DC solve this problem? If so, is it
as simple as running samba-tool domain demote on the samba DC and
afterwards running samba-tool domain join again?
Tom
--
Met vriendelijke groeten,
Tom Cannaerts
*Service and MaintenanceIntracto - digital agency*
Zavelheide 15 - 2200 Herentals
Tel: +32 14 28 29 29
www.intracto.com
Ben je tevreden over deze e-mail?
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=5>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=4>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=3>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=2>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=1>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny via samba
Jan 2, 2017, 7:20:02 AM1/2/17
to
'samba-tool dbcheck' has been improved lately, perhaps upgrading could
fix your problem.
Rowland
Tom Cannaerts - INTRACTO via samba
Jan 2, 2017, 7:30:02 AM1/2/17
to
We're using the Debian 8 repository version, which is 4.2.14
Tom
Op ma 2 jan. 2017 om 13:15 schreef Rowland Penny via samba <
sa...@lists.samba.org>:
Tom
Op ma 2 jan. 2017 om 13:15 schreef Rowland Penny via samba <
sa...@lists.samba.org>:
--
Met vriendelijke groeten,
Tom Cannaerts
*Service and MaintenanceIntracto - digital agency*
Zavelheide 15 - 2200 Herentals
Tel: +32 14 28 29 29
www.intracto.com
Ben je tevreden over deze e-mail?
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=5>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=4>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=3>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=2>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=1>
Met vriendelijke groeten,
Tom Cannaerts
*Service and MaintenanceIntracto - digital agency*
Zavelheide 15 - 2200 Herentals
Tel: +32 14 28 29 29
www.intracto.com
Ben je tevreden over deze e-mail?
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=5>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=4>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=3>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=2>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=1>
Rowland Penny via samba
Jan 2, 2017, 9:40:02 AM1/2/17
to
On Mon, 02 Jan 2017 12:22:07 +0000
Tom Cannaerts - INTRACTO <tom.ca...@intracto.com> wrote:
> We're using the Debian 8 repository version, which is 4.2.14
>
> Tom
>
>
I don't know if you can/want to use them, but one of the regular posters
Tom Cannaerts - INTRACTO <tom.ca...@intracto.com> wrote:
> We're using the Debian 8 repository version, which is 4.2.14
>
> Tom
>
>
on this list, Louis Van Belle, maintains his own version of the latest
samba debs for Jessie here:
https://downloads.van-belle.nl/samba4/samba-4.5.3/
Tom Cannaerts - INTRACTO via samba
Jan 3, 2017, 4:10:03 PM1/3/17
to
Do you tnink I can simply apt-get install from that repo to upgrade the
current samba?
Going down the demote/re-join route, I'm encountering problems demoting the
DC:
Deactivating inbound replication
Asking partner server DC1.mydomain.local to synchronize from us
Error while demoting, re-enabling inbound replication
ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a
DsReplicaSync for partion DC=mydomain,DC=local - drsException:
DsReplicaSync failed (8240, 'WERR_DS_NO_SUCH_OBJECT')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 712,
in run
sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part),
drsuapi.DRSUAPI_DRS_WRIT_REP)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in
sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
What are the steps to force the DC2 (samba) server to forget about
everything and get it in a state where I can re-join it to the domain as a
domaincontroller? I can remove the DC from the AD using a metadata cleanup
on the Windows DC, but what do I need to do on the samba server? There's
more on that server, so I can't just destroy it and install it from
scratch.
Op ma 2 jan. 2017 om 15:35 schreef Rowland Penny via samba <
sa...@lists.samba.org>:
current samba?
Going down the demote/re-join route, I'm encountering problems demoting the
DC:
Deactivating inbound replication
Asking partner server DC1.mydomain.local to synchronize from us
Error while demoting, re-enabling inbound replication
ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a
DsReplicaSync for partion DC=mydomain,DC=local - drsException:
DsReplicaSync failed (8240, 'WERR_DS_NO_SUCH_OBJECT')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 712,
in run
sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part),
drsuapi.DRSUAPI_DRS_WRIT_REP)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in
sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
What are the steps to force the DC2 (samba) server to forget about
everything and get it in a state where I can re-join it to the domain as a
domaincontroller? I can remove the DC from the AD using a metadata cleanup
on the Windows DC, but what do I need to do on the samba server? There's
more on that server, so I can't just destroy it and install it from
scratch.
Op ma 2 jan. 2017 om 15:35 schreef Rowland Penny via samba <
sa...@lists.samba.org>:
--
Met vriendelijke groeten,
Tom Cannaerts
*Service and MaintenanceIntracto - digital agency*
Zavelheide 15 - 2200 Herentals
Tel: +32 14 28 29 29
www.intracto.com
Ben je tevreden over deze e-mail?
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=5>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=4>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=3>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=2>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=1>
Met vriendelijke groeten,
Tom Cannaerts
*Service and MaintenanceIntracto - digital agency*
Zavelheide 15 - 2200 Herentals
Tel: +32 14 28 29 29
www.intracto.com
Ben je tevreden over deze e-mail?
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=5>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=4>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=3>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=2>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=1>
Rowland Penny via samba
Jan 3, 2017, 4:30:03 PM1/3/17
to
On Tue, 03 Jan 2017 21:01:50 +0000
Tom Cannaerts - INTRACTO <tom.ca...@intracto.com> wrote:
> Do you tnink I can simply apt-get install from that repo to upgrade
> the current samba?
As far as am aware, yes, but Louis should be able to confirm this.
Tom Cannaerts - INTRACTO <tom.ca...@intracto.com> wrote:
> Do you tnink I can simply apt-get install from that repo to upgrade
> the current samba?
>
> Going down the demote/re-join route, I'm encountering problems
> demoting the DC:
>
> Deactivating inbound replication
> Asking partner server DC1.mydomain.local to synchronize from us
> Error while demoting, re-enabling inbound replication
> ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a
> DsReplicaSync for partion DC=mydomain,DC=local - drsException:
> DsReplicaSync failed (8240, 'WERR_DS_NO_SUCH_OBJECT')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
> line 712, in run
> sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid,
> str(part), drsuapi.DRSUAPI_DRS_WRIT_REP)
> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
> 83, in sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
>
versions and you can now demote a DC from another DC with
'remove-other-dead-server=REMOVE_OTHER_DEAD_SERVER'
> What are the steps to force the DC2 (samba) server to forget about
> everything and get it in a state where I can re-join it to the domain
> as a domaincontroller? I can remove the DC from the AD using a
> metadata cleanup on the Windows DC, but what do I need to do on the
> samba server? There's more on that server, so I can't just destroy it
> and install it from scratch.
>
>
and manually remove everything.
L.P.H. van Belle via samba
Jan 4, 2017, 4:00:02 AM1/4/17
to
Hai Tom,
Sure, you can apt-get install from that repo.
You have 3 options.
1) http://apt.van-belle.nl/ the apt repo.
Use it like any apt repo. Info on the site.
2) http://downloads.van-belle.nl/samba4/samba-4.5.3/ and use the installer
This is when you want to get packages localy in you network and when you want to keep one version, and/or distribute this internaly.
The installer script takes care of most of this setup.
It starts with a deb file://path_to_debs/ switch to http is easy done by.
Installing apache2 ( or other webserver) and change file:// to http://
Do it yourself, make a deb.
3) Get the packages or sources from debian stretch and build them yourself,
The debian TESTING/Stretch now 4.5.2-2 version = samba 4.5.3
How are my packages build?
Same way as the backported packages, in a pbuilder environment.
Only these 4.5.3, i build myself, at that time there was no debian package.
Normaly i follow the TESTING (stretch) packages for rebuilding exept in case of security fixes.
When are packages going in the repo?
After i've tested them in my office network and when im in production with these for at least a week.
Only then i upgrade the repo packages.
When dont you want to use my repo.
If you want to stay in one version, like now with debian the 4.2.x line and you dont keep track of samba changes smb.conf.
The defaults have changed a lot since 4.2.10.
These "behaivor changes" is what is keeping samba at 4.2.x in debian.
A logical choice but some like me wanted new futures, which are in 4.5.x
and i saw a few bug fixes which i wanted in 4.5.3.
This is why i build my own.
The next apt repo update will be after a security update of if there are really annoying bugs fixed or after tracking the samba list messages and something special comes up.
But with any repo update i post it also on the list.
Handy things.
Read the http://downloads.van-belle.nl/samba4/README.txt
this one has good info about the builds.
The http://downloads.van-belle.nl/samba4/Upgrade-info.txt
contains the change history, this is same as on the samba.org site,
so all credits to the samba dev here, i just summeraized the changes.
current-packages-in-apt.txt says what it is.
The apt packages listed in the apt repo.
Good lock and if you have questions, just ask.
Preffered through the samba list.
Greetz,
Louis
GPG Key fingerprint = 3843 C126 C596 738E 7C87 75B5 E6F6 A3C7 EB7A 89CF
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Tom Cannaerts -
> INTRACTO via samba
> Verzonden: dinsdag 3 januari 2017 22:02
> Aan: Rowland Penny; sa...@lists.samba.org
> Onderwerp: Re: [Samba] AD Replication issues due to lingering objects
Sure, you can apt-get install from that repo.
You have 3 options.
1) http://apt.van-belle.nl/ the apt repo.
Use it like any apt repo. Info on the site.
2) http://downloads.van-belle.nl/samba4/samba-4.5.3/ and use the installer
This is when you want to get packages localy in you network and when you want to keep one version, and/or distribute this internaly.
The installer script takes care of most of this setup.
It starts with a deb file://path_to_debs/ switch to http is easy done by.
Installing apache2 ( or other webserver) and change file:// to http://
Do it yourself, make a deb.
3) Get the packages or sources from debian stretch and build them yourself,
The debian TESTING/Stretch now 4.5.2-2 version = samba 4.5.3
How are my packages build?
Same way as the backported packages, in a pbuilder environment.
Only these 4.5.3, i build myself, at that time there was no debian package.
Normaly i follow the TESTING (stretch) packages for rebuilding exept in case of security fixes.
When are packages going in the repo?
After i've tested them in my office network and when im in production with these for at least a week.
Only then i upgrade the repo packages.
When dont you want to use my repo.
If you want to stay in one version, like now with debian the 4.2.x line and you dont keep track of samba changes smb.conf.
The defaults have changed a lot since 4.2.10.
These "behaivor changes" is what is keeping samba at 4.2.x in debian.
A logical choice but some like me wanted new futures, which are in 4.5.x
and i saw a few bug fixes which i wanted in 4.5.3.
This is why i build my own.
The next apt repo update will be after a security update of if there are really annoying bugs fixed or after tracking the samba list messages and something special comes up.
But with any repo update i post it also on the list.
Handy things.
Read the http://downloads.van-belle.nl/samba4/README.txt
this one has good info about the builds.
The http://downloads.van-belle.nl/samba4/Upgrade-info.txt
contains the change history, this is same as on the samba.org site,
so all credits to the samba dev here, i just summeraized the changes.
current-packages-in-apt.txt says what it is.
The apt packages listed in the apt repo.
Good lock and if you have questions, just ask.
Preffered through the samba list.
Greetz,
Louis
GPG Key fingerprint = 3843 C126 C596 738E 7C87 75B5 E6F6 A3C7 EB7A 89CF
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Tom Cannaerts -
> INTRACTO via samba
> Verzonden: dinsdag 3 januari 2017 22:02
> Aan: Rowland Penny; sa...@lists.samba.org
> Onderwerp: Re: [Samba] AD Replication issues due to lingering objects
Tom Cannaerts - INTRACTO via samba
Jan 4, 2017, 6:00:03 PM1/4/17
to
I managed to install it, but unfortunately it did not solve the problem. I
ended up removing the DC from the AD the hard way and rejoined it.
Replication is working in both ways, except for the DNS zones but I'm shoot
in a new e-mail for that, as that doesn't relate to this issue anymore.
Thanks for all the help!
Op wo 4 jan. 2017 om 09:52 schreef L.P.H. van Belle <be...@bazuin.nl>:
> > Tel: +32 14 28 29 29 <+32%2014%2028%2029%2029>
ended up removing the DC from the AD the hard way and rejoined it.
Replication is working in both ways, except for the DNS zones but I'm shoot
in a new e-mail for that, as that doesn't relate to this issue anymore.
Thanks for all the help!
Op wo 4 jan. 2017 om 09:52 schreef L.P.H. van Belle <be...@bazuin.nl>:
0 new messages