Achim Gottinger
2015-Jul-21 18:26 UTC
[Samba] Replication Problem with Deleted Object on Samba 4.1.17
Hello List, Im running an network with five samba 4 addc, all on debian wheezy with the sernet packages. Recently an replication error showed up for an single Computer (WIN7-M-ADMIN) record. So I unjoined the pc from the domain deleted it's record from dc1 manually on the other dc's it had been removed automaticaly during unjoin. Now I get the following error [2015/07/21 20:15:40.113205, 0] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug) ldb: No objectClass found in replPropertyMetaData for CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted Objects,DC=domain,DC=local! [2015/07/21 20:15:40.113772, 0] ../source4/dsdb/repl/replicated_objects.c:783(dsdb_replicated_objects_commit) Failed to apply records: replmd_replicated_apply_add: error during DRS repl ADD: No objectClass found in replPropertyMetaData for CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted Objects,DC=domain,DC=local! : Object class violation [2015/07/21 20:15:40.114277, 0] ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger) Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE Joing does not help the Computer shows up on dc's 2-4 but not on dc1. On dc1 there is no record for win7-m-admin neighter an deleted one. samba-tool dbcheck -cross-ncs show's no errors on all dc's. samba-tool ldbcmp detects an missing win7-m-admin record on dc1. An year back it was possible to remove Deleted Object with ldbdel Now: ldbdel --show-deleted --extended-dn -H /var/lib/samba/private/sam.ldb -b "CN=Deleted Objects,DC=domain,DC=local" '<GUID=a8530d8e-1767-4f6b-8fe9-ce11a51b295c>' Results in: delete of '' failed - (Unwilling to perform) Refusing to delete tombstone object CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted Objects,DC=fot,DC=local. This check is to prevent corruption of the replicated state. I'd just purge this record from dc's 2-4 and rejoin the computer once again but unfortunately this is no longer possible because of this new check. Is there an way to force the deletion, because the replicated state is already corrupted? Thanks in advance Achim~
Achim Gottinger
2015-Jul-22 00:04 UTC
[Samba] Replication Problem with Deleted Object on Samba 4.1.17
Am 21.07.2015 um 20:26 schrieb Achim Gottinger:> Hello List, > > Im running an network with five samba 4 addc, all on debian wheezy > with the sernet packages. Recently an replication error showed up for > an single Computer (WIN7-M-ADMIN) record. So I unjoined the pc from > the domain deleted it's record from dc1 manually on the other dc's it > had been removed automaticaly during unjoin. > Now I get the following error > > [2015/07/21 20:15:40.113205, 0] > ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug) > ldb: No objectClass found in replPropertyMetaData for > CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted > Objects,DC=domain,DC=local! > > [2015/07/21 20:15:40.113772, 0] > ../source4/dsdb/repl/replicated_objects.c:783(dsdb_replicated_objects_commit) > Failed to apply records: replmd_replicated_apply_add: error during > DRS repl ADD: No objectClass found in replPropertyMetaData for > CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted > Objects,DC=domain,DC=local! > : Object class violation > [2015/07/21 20:15:40.114277, 0] > ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger) > Failed to commit objects: > WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE > > Joing does not help the Computer shows up on dc's 2-4 but not on dc1. > > On dc1 there is no record for win7-m-admin neighter an deleted one. > > samba-tool dbcheck -cross-ncs show's no errors on all dc's. > samba-tool ldbcmp detects an missing win7-m-admin record on dc1. > > An year back it was possible to remove Deleted Object with ldbdel > > Now: > ldbdel --show-deleted --extended-dn -H /var/lib/samba/private/sam.ldb > -b "CN=Deleted Objects,DC=domain,DC=local" > '<GUID=a8530d8e-1767-4f6b-8fe9-ce11a51b295c>' > Results in: > delete of '' failed - (Unwilling to perform) Refusing to delete > tombstone object > CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted > Objects,DC=fot,DC=local. This check is to prevent corruption of the > replicated state. > > I'd just purge this record from dc's 2-4 and rejoin the computer once > again but unfortunately this is no longer possible because of this new > check. Is there an way to force the deletion, because the replicated > state is already corrupted? > > Thanks in advance > Achim~ >Fixed it with samba-tool drs replicate dc2 dc1 DC=fot,DC=local --full-sync and so on till samba-tool drs showrepl showed no more errors on all dc's.
Achim Gottinger
2015-Jul-22 00:59 UTC
[Samba] Replication Problem with Deleted Object on Samba 4.1.17 [SOLVED]
Am 22.07.2015 um 02:04 schrieb Achim Gottinger:> > Am 21.07.2015 um 20:26 schrieb Achim Gottinger: >> Hello List, >> >> Im running an network with five samba 4 addc, all on debian wheezy >> with the sernet packages. Recently an replication error showed up for >> an single Computer (WIN7-M-ADMIN) record. So I unjoined the pc from >> the domain deleted it's record from dc1 manually on the other dc's it >> had been removed automaticaly during unjoin. >> Now I get the following error >> >> [2015/07/21 20:15:40.113205, 0] >> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug) >> ldb: No objectClass found in replPropertyMetaData for >> CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted >> Objects,DC=domain,DC=local! >> >> [2015/07/21 20:15:40.113772, 0] >> ../source4/dsdb/repl/replicated_objects.c:783(dsdb_replicated_objects_commit) >> Failed to apply records: replmd_replicated_apply_add: error during >> DRS repl ADD: No objectClass found in replPropertyMetaData for >> CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted >> Objects,DC=domain,DC=local! >> : Object class violation >> [2015/07/21 20:15:40.114277, 0] >> ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger) >> Failed to commit objects: >> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE >> >> Joing does not help the Computer shows up on dc's 2-4 but not on dc1. >> >> On dc1 there is no record for win7-m-admin neighter an deleted one. >> >> samba-tool dbcheck -cross-ncs show's no errors on all dc's. >> samba-tool ldbcmp detects an missing win7-m-admin record on dc1. >> >> An year back it was possible to remove Deleted Object with ldbdel >> >> Now: >> ldbdel --show-deleted --extended-dn -H /var/lib/samba/private/sam.ldb >> -b "CN=Deleted Objects,DC=domain,DC=local" >> '<GUID=a8530d8e-1767-4f6b-8fe9-ce11a51b295c>' >> Results in: >> delete of '' failed - (Unwilling to perform) Refusing to delete >> tombstone object >> CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted >> Objects,DC=fot,DC=local. This check is to prevent corruption of the >> replicated state. >> >> I'd just purge this record from dc's 2-4 and rejoin the computer once >> again but unfortunately this is no longer possible because of this >> new check. Is there an way to force the deletion, because the >> replicated state is already corrupted? >> >> Thanks in advance >> Achim~ >> > Fixed it with > > samba-tool drs replicate dc2 dc1 DC=fot,DC=local --full-sync > > and so on till samba-tool drs showrepl showed no more errors on all dc'sNT