Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba 4.4.2 AD DC demote fails
209 views
Skip to first unread message
Miguel Medalha
Apr 29, 2016, 4:00:03 PM4/29/16
to
Demotion of a AD DC fails with the following errors:
If I explicitly select a partner server with the "--server=" option the
error is:
Deactivating inbound replication
Asking partner server [selectedDC] to synchronize from us
Error while demoting, re-enabling inbound replication
ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local
variable 'e' referenced before assignment
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 797, in run
raise CommandError("Error while sending a DsReplicaSync for partion
%s" % str(part), e)
If I don't explicitly select a partner server, the error is:
Deactivating inbound replication
Asking partner server [someDC] to synchronize from us
Error while demoting, re-enabling inbound replication
ERROR(<type 'exceptions.RuntimeError'>): Error while sending a
DsReplicaSync for partion DC=lan,DC=cimbal,DC=pt - (8440,
'WERR_DS_DRA_BAD_NC')
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 786, in run
drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1)
I have two other DCs which seem to be working correctly. Replication and
name resolution are working. All 7 FSMO roles have been successfully
transferred to one of the other DCs prior to the demotion attempt.
Can anyone here point me to the right direction? I would like to avoid
brute force removal of the DC by "--remove-other-dead-server".
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
If I explicitly select a partner server with the "--server=" option the
error is:
Deactivating inbound replication
Asking partner server [selectedDC] to synchronize from us
Error while demoting, re-enabling inbound replication
ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local
variable 'e' referenced before assignment
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 797, in run
raise CommandError("Error while sending a DsReplicaSync for partion
%s" % str(part), e)
If I don't explicitly select a partner server, the error is:
Deactivating inbound replication
Asking partner server [someDC] to synchronize from us
Error while demoting, re-enabling inbound replication
ERROR(<type 'exceptions.RuntimeError'>): Error while sending a
DsReplicaSync for partion DC=lan,DC=cimbal,DC=pt - (8440,
'WERR_DS_DRA_BAD_NC')
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 786, in run
drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1)
I have two other DCs which seem to be working correctly. Replication and
name resolution are working. All 7 FSMO roles have been successfully
transferred to one of the other DCs prior to the demotion attempt.
Can anyone here point me to the right direction? I would like to avoid
brute force removal of the DC by "--remove-other-dead-server".
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Miguel Medalha
Apr 29, 2016, 4:10:03 PM4/29/16
to
As a consequence of the demotion attempts, the other DCs have this on
their samba logs:
[2016/04/29 20:46:47.344355, 0]
../source4/dsdb/repl/drepl_service.c:260(drepl_replica_sync)
../source4/dsdb/repl/drepl_service.c:260: Failure - Failed to find
requested Naming Context. werr = WERR_DS_DRA_BAD_NC
Andrew Bartlett
Apr 29, 2016, 9:10:02 PM4/29/16
to
got all the data off the DC first and turned it off. Indeed, it is
actually more correct and more tested, cleaning up more of the right
things.
In any case, I found and fixed the issue you hit last week, the patch
is at https://bugzilla.samba.org/show_bug.cgi?id=11882
The syntax error should then go away (bug I have a patch for that as
well, it is on samba-technical if you are curious).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Miguel Medalha
Apr 30, 2016, 11:20:04 AM4/30/16
to
> The brute force removal really isn't as bad as it seems, if you have
> got all the data off the DC first and turned it off. Indeed, it is
> actually more correct and more tested, cleaning up more of the right
> things.
What raises my doubts here is that I need to use the demoted server as a
> got all the data off the DC first and turned it off. Indeed, it is
> actually more correct and more tested, cleaning up more of the right
> things.
member server, and I would need to keep its name because it hosts the
users' profiles and some other resources that have lots of GPOs pointing
to. The editing needed to accommodate a change of name would be
extensive and prone to error. Also, I don't have much time to do it, the
resources are scarse and the system needs to be in production again. The
Samba Wiki contains dire warnings about never ever connect to the
network again a DC removed by brute force. Will it be ok if it is joined
again as a member server with the same name? I fear that the cleaning
done by "--remove-other-dead-server" may leave some residue that will
later wreak havoc on the working of the AD.
> In any case, I found and fixed the issue you hit last week, the patch
> is at https://bugzilla.samba.org/show_bug.cgi?id=11882
> The syntax error should then go away (bug I have a patch for that as
> well, it is on samba-technical if you are curious).
a pointer.
Thank you for your reply. This is robbing me much needed sleep time.
Miguel Medalha
Apr 30, 2016, 11:40:03 AM4/30/16
to
> In any case, I found and fixed the issue you hit last week, the patch
> is at https://bugzilla.samba.org/show_bug.cgi?id=11882 The syntax
> error should then go away (bug I have a patch for that as well, it is
> on samba-technical if you are curious).
(https://lists.samba.org/archive/samba/2016-March/198662.html):
HI, it would seem you have found a bug, line 943 in 'domain.py' sends this:
remove_dc.remove_sysvol_references(remote_samdb, dc_name)
to 'remove_dc.py' , which expects to receive this:
def remove_sysvol_references(samdb, logger, dc_name):
Definitely a bug, logger is set earlier in the 'cmd_domain_demote' class.
Would this still apply after the patches you did? (By the way, I already found the one on samba.technical)
Andrew Bartlett
Apr 30, 2016, 3:40:03 PM4/30/16
to
On Sat, 2016-04-30 at 16:35 +0100, Miguel Medalha wrote:
>
> > In any case, I found and fixed the issue you hit last week, the
> > patch is at https://bugzilla.samba.org/show_bug.cgi?id=11882 The
> > syntax error should then go away (bug I have a patch for that as
> > well, it is on samba-technical if you are curious).
> I found this on a post by Rowland penny (
> https://lists.samba.org/archive/samba/2016-March/198662.html):
>
> HI, it would seem you have found a bug, line 943 in 'domain.py' sends
> this:
>
> remove_dc.remove_sysvol_references(remote_samdb, dc_name)
>
> to 'remove_dc.py' , which expects to receive this:
>
> def remove_sysvol_references(samdb, logger, dc_name):
>
> Definitely a bug, logger is set earlier in the 'cmd_domain_demote'
> class.
>
>
> Would this still apply after the patches you did? (By the way, I
> already found the one on samba.technical)
Yes, that still applies.
>
> > In any case, I found and fixed the issue you hit last week, the
> > patch is at https://bugzilla.samba.org/show_bug.cgi?id=11882 The
> > syntax error should then go away (bug I have a patch for that as
> > well, it is on samba-technical if you are curious).
> I found this on a post by Rowland penny (
> https://lists.samba.org/archive/samba/2016-March/198662.html):
>
> HI, it would seem you have found a bug, line 943 in 'domain.py' sends
> this:
>
> remove_dc.remove_sysvol_references(remote_samdb, dc_name)
>
> to 'remove_dc.py' , which expects to receive this:
>
> def remove_sysvol_references(samdb, logger, dc_name):
>
> Definitely a bug, logger is set earlier in the 'cmd_domain_demote'
> class.
>
>
> Would this still apply after the patches you did? (By the way, I
> already found the one on samba.technical)
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Andrew Bartlett
Apr 30, 2016, 3:40:04 PM4/30/16
to
On Sat, 2016-04-30 at 16:09 +0100, Miguel Medalha wrote:
> > The brute force removal really isn't as bad as it seems, if you
> > have
> > got all the data off the DC first and turned it off. Indeed, it is
> > actually more correct and more tested, cleaning up more of the
> > right
> > things.
>
> What raises my doubts here is that I need to use the demoted server
> as a
> member server, and I would need to keep its name because it hosts the
> users' profiles and some other resources that have lots of GPOs
> pointing
> to. The editing needed to accommodate a change of name would be
> extensive and prone to error. Also, I don't have much time to do it,
> the
> resources are scarse and the system needs to be in production again.
> The
> Samba Wiki contains dire warnings about never ever connect to the
> network again a DC removed by brute force. Will it be ok if it is
> joined
> again as a member server with the same name? I fear that the cleaning
> done by "--remove-other-dead-server" may leave some residue that
> will
> later wreak havoc on the working of the AD.
On the contrary, it will clean it up better, that is what I wrote it to
> > The brute force removal really isn't as bad as it seems, if you
> > have
> > got all the data off the DC first and turned it off. Indeed, it is
> > actually more correct and more tested, cleaning up more of the
> > right
> > things.
>
> What raises my doubts here is that I need to use the demoted server
> as a
> member server, and I would need to keep its name because it hosts the
> users' profiles and some other resources that have lots of GPOs
> pointing
> to. The editing needed to accommodate a change of name would be
> extensive and prone to error. Also, I don't have much time to do it,
> the
> resources are scarse and the system needs to be in production again.
> The
> Samba Wiki contains dire warnings about never ever connect to the
> network again a DC removed by brute force. Will it be ok if it is
> joined
> again as a member server with the same name? I fear that the cleaning
> done by "--remove-other-dead-server" may leave some residue that
> will
> later wreak havoc on the working of the AD.
do :-). Just run that, and then join as a member server, it will be
fine. (Certainly more fine than then 'online' demote in any case).
> > In any case, I found and fixed the issue you hit last week, the
> > patch
> > is at https://bugzilla.samba.org/show_bug.cgi?id=11882
>
> Ok, thank you! I will surelly give it a try.
>
> > The syntax error should then go away (bug I have a patch for that
> > as
> > well, it is on samba-technical if you are curious).
>
> Of course I am, more than curious! I can search for it, unless you
> give
> a pointer.
> Thank you for your reply. This is robbing me much needed sleep time.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Rowland penny
Apr 30, 2016, 4:10:03 PM4/30/16
to
On 30/04/16 20:31, Andrew Bartlett wrote:
> On Sat, 2016-04-30 at 16:35 +0100, Miguel Medalha wrote:
>>> In any case, I found and fixed the issue you hit last week, the
>>> patch is at https://bugzilla.samba.org/show_bug.cgi?id=11882 The
>>> syntax error should then go away (bug I have a patch for that as
>>> well, it is on samba-technical if you are curious).
>> I found this on a post by Rowland penny (
>> https://lists.samba.org/archive/samba/2016-March/198662.html):
>>
>> HI, it would seem you have found a bug, line 943 in 'domain.py' sends
>> this:
>>
>> remove_dc.remove_sysvol_references(remote_samdb, dc_name)
>>
>> to 'remove_dc.py' , which expects to receive this:
>>
>> def remove_sysvol_references(samdb, logger, dc_name):
>>
>> Definitely a bug, logger is set earlier in the 'cmd_domain_demote'
>> class.
>>
>>
>> Would this still apply after the patches you did? (By the way, I
>> already found the one on samba.technical)
> Yes, that still applies.
>
> Andrew Bartlett
>
The fix for bug 11818 is in master, so I suppose it will eventually make
> On Sat, 2016-04-30 at 16:35 +0100, Miguel Medalha wrote:
>>> In any case, I found and fixed the issue you hit last week, the
>>> patch is at https://bugzilla.samba.org/show_bug.cgi?id=11882 The
>>> syntax error should then go away (bug I have a patch for that as
>>> well, it is on samba-technical if you are curious).
>> I found this on a post by Rowland penny (
>> https://lists.samba.org/archive/samba/2016-March/198662.html):
>>
>> HI, it would seem you have found a bug, line 943 in 'domain.py' sends
>> this:
>>
>> remove_dc.remove_sysvol_references(remote_samdb, dc_name)
>>
>> to 'remove_dc.py' , which expects to receive this:
>>
>> def remove_sysvol_references(samdb, logger, dc_name):
>>
>> Definitely a bug, logger is set earlier in the 'cmd_domain_demote'
>> class.
>>
>>
>> Would this still apply after the patches you did? (By the way, I
>> already found the one on samba.technical)
> Yes, that still applies.
>
> Andrew Bartlett
>
its way to a Samba release.
Rowland
Miguel Medalha
Apr 30, 2016, 5:30:03 PM4/30/16
to
The attachment "https://bugzilla.samba.org/attachment.cgi?id=11953" that
you submitted to "https://bugzilla.samba.org/show_bug.cgi?id=11818"
contains the following:
- remove_dc.remove_sysvol_references(remote_samdb, dc_name)
+ remove_dc.remove_sysvol_references(remote_samdb, logger, dc_name)
Yet, on a post to "https://lists.samba.org/archive/samba/2016-March/198662.html" you wrote:
HI, it would seem you have found a bug, line 943 in 'domain.py' sends this:
remove_dc.remove_sysvol_references(remote_samdb, dc_name)
to 'remove_dc.py' , which expects to receive this:
def remove_sysvol_references(samdb, logger, dc_name):
Looking at the code in 'remove_dc.py' (line 37), it looks like the
correct patch would be:
- remove_dc.remove_sysvol_references(remote_samdb, dc_name)
+ remove_dc.remove_sysvol_references(samdb, logger, dc_name)
Is this correct?
you submitted to "https://bugzilla.samba.org/show_bug.cgi?id=11818"
contains the following:
- remove_dc.remove_sysvol_references(remote_samdb, dc_name)
+ remove_dc.remove_sysvol_references(remote_samdb, logger, dc_name)
Yet, on a post to "https://lists.samba.org/archive/samba/2016-March/198662.html" you wrote:
HI, it would seem you have found a bug, line 943 in 'domain.py' sends this:
remove_dc.remove_sysvol_references(remote_samdb, dc_name)
to 'remove_dc.py' , which expects to receive this:
def remove_sysvol_references(samdb, logger, dc_name):
correct patch would be:
- remove_dc.remove_sysvol_references(remote_samdb, dc_name)
+ remove_dc.remove_sysvol_references(samdb, logger, dc_name)
Is this correct?
Rowland penny
Apr 30, 2016, 6:00:06 PM4/30/16
to
On 30/04/16 22:25, Miguel Medalha wrote:
> The attachment "https://bugzilla.samba.org/attachment.cgi?id=11953"
> that you submitted to
> "https://bugzilla.samba.org/show_bug.cgi?id=11818" contains the
> following:
>
> - remove_dc.remove_sysvol_references(remote_samdb, dc_name)
> + remove_dc.remove_sysvol_references(remote_samdb, logger,
> dc_name)
>
>
> Yet, on a post to
> "https://lists.samba.org/archive/samba/2016-March/198662.html" you wrote:
>
>
> HI, it would seem you have found a bug, line 943 in 'domain.py' sends
> this:
>
> remove_dc.remove_sysvol_references(remote_samdb, dc_name)
>
> to 'remove_dc.py' , which expects to receive this:
>
> def remove_sysvol_references(samdb, logger, dc_name):
>
> Looking at the code in 'remove_dc.py' (line 37), it looks like the
> correct patch would be:
>
> - remove_dc.remove_sysvol_references(remote_samdb, dc_name)
> + remove_dc.remove_sysvol_references(samdb, logger, dc_name)
>
>
> Is this correct?
>
No, read the lines above 943 in domain.py
> The attachment "https://bugzilla.samba.org/attachment.cgi?id=11953"
> that you submitted to
> "https://bugzilla.samba.org/show_bug.cgi?id=11818" contains the
> following:
>
> - remove_dc.remove_sysvol_references(remote_samdb, dc_name)
> + remove_dc.remove_sysvol_references(remote_samdb, logger,
> dc_name)
>
>
> Yet, on a post to
> "https://lists.samba.org/archive/samba/2016-March/198662.html" you wrote:
>
>
> HI, it would seem you have found a bug, line 943 in 'domain.py' sends
> this:
>
> remove_dc.remove_sysvol_references(remote_samdb, dc_name)
>
> to 'remove_dc.py' , which expects to receive this:
>
> def remove_sysvol_references(samdb, logger, dc_name):
>
> Looking at the code in 'remove_dc.py' (line 37), it looks like the
> correct patch would be:
>
> - remove_dc.remove_sysvol_references(remote_samdb, dc_name)
> + remove_dc.remove_sysvol_references(samdb, logger, dc_name)
>
>
> Is this correct?
>
Rowland
0 new messages