Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] drs showrepl failures
218 views
Skip to first unread message
Wayne Merricks
Feb 15, 2016, 10:40:04 AM2/15/16
to
Hi all,
I've been having DNS issues for about 3 months which is causing all
sorts of weird problems (most things work fine but then we have days
where random machines lose trust/can't login without un-joining and
rejoining the domain). The domain was working with no problems for
nearly 5 months before this started happening.
I have Ubuntu 14.04 running Samba 4.1.6 using the internal Samba DNS.
As a test (because I couldn't think of anything else to try), I also set
up a temporary DC with a source build of the current stable samba 4.3.4.
If I run samba-tool drs showrepl under Samba 4.1.6 I get errors like this:
* In and Outbound Neighbors: "failed, result 121 (WERR_SEM_TIMEOUT)" or
"failed, result 2 (WERR_BADFILE)
* KCC Connection Objects: Seems OK.
If I run it on Samba 4.3.4:
* Outbound neighbours and KCC seem OK, only Inbound has errors
Could anyone tell me where I should be looking to resolve this as I've
exhausted Google of useful results. My current plan is to update to
Samba 4.3.4 however I'm curious why showrepl is failing before proceeding.
Cheers,
Wayne
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I've been having DNS issues for about 3 months which is causing all
sorts of weird problems (most things work fine but then we have days
where random machines lose trust/can't login without un-joining and
rejoining the domain). The domain was working with no problems for
nearly 5 months before this started happening.
I have Ubuntu 14.04 running Samba 4.1.6 using the internal Samba DNS.
As a test (because I couldn't think of anything else to try), I also set
up a temporary DC with a source build of the current stable samba 4.3.4.
If I run samba-tool drs showrepl under Samba 4.1.6 I get errors like this:
* In and Outbound Neighbors: "failed, result 121 (WERR_SEM_TIMEOUT)" or
"failed, result 2 (WERR_BADFILE)
* KCC Connection Objects: Seems OK.
If I run it on Samba 4.3.4:
* Outbound neighbours and KCC seem OK, only Inbound has errors
Could anyone tell me where I should be looking to resolve this as I've
exhausted Google of useful results. My current plan is to update to
Samba 4.3.4 however I'm curious why showrepl is failing before proceeding.
Cheers,
Wayne
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
mathias dufresne
Feb 26, 2016, 9:10:06 AM2/26/16
to
Hi Wayne,
Joining a new DC to a Samba AD domain most generally (for me at least) is
generating issue in showrepl.
To solve that you can try to reboot 1° FSMO owner 2° newly joined DC
Another option, which has my preference, is to force replication in both
ways:
1° FSMO replicate to newly joined DC
2° newly joined replicate on FSMO
For small DB this is quiet fast...
Forcing replication is done here using the following piece of shell code:
----------------------------------------------------------------
# First replicate $fsmo_owner to $localhost
for DIT in `ls $sam.d | grep -v metadata.tdb | sed -e s/.ldb$//`
do
echo $DIT
samba-tool drs replicate $hostname $fsmo_owner $DIT
done
# Then replicate $localhost to $fsmo_owner
for DIT in `ls $sam.d | grep -v metadata.tdb | sed -e s/.ldb$//`
do
echo $DIT
samba-tool drs replicate $fsmo_owner $hostname $DIT
done
----------------------------------------------------------------
Where fsmo_owner contains IP or hostname of FSMO owner and localhost is IP
or hostname of localhost.
Cheers,
mathias
Joining a new DC to a Samba AD domain most generally (for me at least) is
generating issue in showrepl.
To solve that you can try to reboot 1° FSMO owner 2° newly joined DC
Another option, which has my preference, is to force replication in both
ways:
1° FSMO replicate to newly joined DC
2° newly joined replicate on FSMO
For small DB this is quiet fast...
Forcing replication is done here using the following piece of shell code:
----------------------------------------------------------------
# First replicate $fsmo_owner to $localhost
for DIT in `ls $sam.d | grep -v metadata.tdb | sed -e s/.ldb$//`
do
echo $DIT
samba-tool drs replicate $hostname $fsmo_owner $DIT
done
# Then replicate $localhost to $fsmo_owner
for DIT in `ls $sam.d | grep -v metadata.tdb | sed -e s/.ldb$//`
do
echo $DIT
samba-tool drs replicate $fsmo_owner $hostname $DIT
done
----------------------------------------------------------------
Where fsmo_owner contains IP or hostname of FSMO owner and localhost is IP
or hostname of localhost.
Cheers,
mathias
0 new messages