Hello, I have a problem with my samba4 domain cluster: there are 2 machines, - primary and secondary server. Everything was working fine, but i had a hard drive failure on primary PDC, so i reinstalled and restored a backup to it. Aftrwards i saw the warning about never restoring database from backups. Now I have the following problems: users can login and all group policies are provided, but that's only for a computers, who were added to domain before crash. New computers cant get group policies from domain (also users can't). Debug log states that: DOMAIN\PC20$] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION What would be the solution? Would demoting and adding secondary DC back solve this? Thank you.
Hello, Am 18.06.2015 um 18:31 schrieb Tadas:> I have a problem with my samba4 domain cluster: > there are 2 machines, - primary and secondary server. > Everything was working fine, but i had a hard drive failure on primary PDC, > so i reinstalled and restored a backup to it.If you're having an Active Directory, you should forget the terms "primary" or "PDC". It confuses, because these are terms from NT4 domain environments. In an AD you're having just DC(s). See https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Introduction for details.> Aftrwards i saw the warning about never restoring database from backups. > Now I have the following problems: > users can login and all group policies are provided, but that's only for a > computers, who were added to domain before crash. > New computers cant get group policies from domain (also users can't). Debug > log states that: > DOMAIN\PC20$] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION > What would be the solution? Would demoting and adding secondary DC back > solve this?You can try the following: - Shut down Samba on all your DC's. - Take an offline copy of the Samba databases on all DCs. So you can at least roll back to this state, if neccessary. - Remove all databases and smb.conf on the DC with the broken databases. - Start Samba on all working DCs again. - Remove the old objectGUID DNS entry. https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins#Resolve_the_objectGUID_CNAME_record_of_the_new_joined_Domain_Controller shows how to search and add it, when you join a new DC. You search for it and remove it! - Rejoin the broken DC. Make sure, it has exactly the same name and IP, than before your restore (follow https://wiki.samba.org/index.php/Join_a_domain_as_a_DC - Don't forget to add the DNS entries, as mentioned in the "Join as DC" guide (https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins) - See if replication works again. Regards, Marc
Am 18.06.2015 um 18:31 schrieb Tadas:> Hello, > I have a problem with my samba4 domain cluster: > there are 2 machines, - primary and secondary server. > Everything was working fine, but i had a hard drive failure on primary > PDC, > so i reinstalled and restored a backup to it. > Aftrwards i saw the warning about never restoring database from backups. > Now I have the following problems: > users can login and all group policies are provided, but that's only > for a > computers, who were added to domain before crash. > New computers cant get group policies from domain (also users can't). > Debug > log states that: > DOMAIN\PC20$] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION > What would be the solution? Would demoting and adding secondary DC back > solve this? > Thank you.Hi, if you have a nt-style domain, did you restore the domain sid?
I guess no. I just reinstalled the controller and copied one-hour old backup of failed DC to it. -- On Thu, 2015-06-18 at 20:26 +0200, J. Echter wrote:> Am 18.06.2015 um 18:31 schrieb Tadas: > > Hello, > > I have a problem with my samba4 domain cluster: > > there are 2 machines, - primary and secondary server. > > Everything was working fine, but i had a hard drive failure on primary > > PDC, > > so i reinstalled and restored a backup to it. > > Aftrwards i saw the warning about never restoring database from backups. > > Now I have the following problems: > > users can login and all group policies are provided, but that's only > > for a > > computers, who were added to domain before crash. > > New computers cant get group policies from domain (also users can't). > > Debug > > log states that: > > DOMAIN\PC20$] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION > > What would be the solution? Would demoting and adding secondary DC back > > solve this? > > Thank you. > Hi, > > if you have a nt-style domain, did you restore the domain sid? >
Possibly Parallel Threads
- CVbinary - Help
- Samba4 4.0.3 classicupgrade - Error converting string to value for line: "CurrentVersion"
- Error after upgrade NT_STATUS_INTERNAL_DB_CORRUPTION
- Flexible Single-Master Operations (FSMO) documentation
- can't add machine to domain after samba update