Hi
The DRS sync between two Domain Controllers connected on one network is
failing. I have enabled the log level 9.
samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na
--full-sync -UAdministrator
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 0
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[softshare]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:172.16.10.5[,seal,print]
Mapped to DCERPC endpoint 135
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Password for [IUMNET\Administrator]:
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
drsuapi_DsBind: struct drsuapi_DsBind
in: struct drsuapi_DsBind
bind_guid : *
bind_guid :
e24d201a-4fd6-11d1-a3da-0000f875ae0d
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x0fefff7f (267386751)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
00000000-0000-0000-0000-000000000000
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
drsuapi_DsBind: struct drsuapi_DsBind
out: struct drsuapi_DsBind
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x2fffff6f (805306223)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
29e318da-d660-4a24-94d9-81e86b5a1e82
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
2cb3f3b5-b29a-4958-a912-51a0881976da
result : WERR_OK
lpcfg_servicenumber: couldn't find ldb
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
in: struct drsuapi_DsReplicaSync
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
2cb3f3b5-b29a-4958-a912-51a0881976da
level : 0x00000001 (1)
req : *
req : union
drsuapi_DsReplicaSyncRequest(case 1)
req1: struct drsuapi_DsReplicaSyncRequest1
naming_context : *
naming_context: struct
drsuapi_DsReplicaObjectIdentifier
__ndr_size : 0x00000066 (102)
__ndr_size_sid : 0x00000000 (0)
guid :
00000000-0000-0000-0000-000000000000
sid : S-0-0
__ndr_size_dn : 0x00000016 (22)
dn :
'DC=iumnet,DC=edu,DC=na'
source_dsa_guid :
27182378-a9c7-451e-bb95-7b2172a5f311
source_dsa_dns : NULL
options : 0x00008010 (32784)
0: DRSUAPI_DRS_ASYNC_OP
0: DRSUAPI_DRS_GETCHG_CHECK
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
0: DRSUAPI_DRS_ADD_REF
0: DRSUAPI_DRS_SYNC_ALL
0: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
0: DRSUAPI_DRS_INIT_SYNC
0: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
1: DRSUAPI_DRS_FULL_SYNC_NOW
1: DRSUAPI_DRS_NO_SOURCE
0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
0: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
0: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
0: DRSUAPI_DRS_USE_COMPRESSION
0: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
out: struct drsuapi_DsReplicaSync
result : WERR_BAD_NET_RESP
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
386, in
run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
in
sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
On 1/11/2018 10:39 AM, Harsh Kukreja via samba wrote:> Hi > > The DRS sync between two Domain Controllers connected on one network is > failing. I have enabled the log level 9. > > samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na > --full-sync -UAdministrator > INFO: Current debug levels: > all: 9 > tdb: 9 > printdrivers: 9 > lanman: 9 > smb: 9 > rpc_parse: 9 > rpc_srv: 9 > rpc_cli: 9 > passdb: 9 > sam: 9 > auth: 9 > winbind: 9 > vfs: 9 > idmap: 9 > quota: 9 > acls: 9 > locking: 9 > msdfs: 9 > dmapi: 9 > registry: 9 > scavenger: 9 > dns: 0 > ldb: 9 > tevent: 9 > auth_audit: 9 > auth_json_audit: 9 > kerberos: 9 > drs_repl: 9 > Processing section "[netlogon]" > Processing section "[sysvol]" > Processing section "[softshare]" > pm_process() returned Yes > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Using binding ncacn_ip_tcp:172.16.10.5[,seal,print] > Mapped to DCERPC endpoint 135 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > Mapped to DCERPC endpoint 1024 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Cannot do GSSAPI to an IP address > Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER > Starting GENSEC submechanism ntlmssp > Got challenge flags: > Got NTLMSSP neg_flags=0x62898235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_TARGET_TYPE_DOMAIN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > Password for [IUMNET\Administrator]: > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > drsuapi_DsBind: struct drsuapi_DsBind > in: struct drsuapi_DsBind > bind_guid : * > bind_guid : > e24d201a-4fd6-11d1-a3da-0000f875ae0d > bind_info : * > bind_info: struct drsuapi_DsBindInfoCtr > length : 0x0000001c (28) > __ndr_length : 0x0000001c (28) > info : union > drsuapi_DsBindInfo(case 28) > info28: struct drsuapi_DsBindInfo28 > supported_extensions : 0x0fefff7f (267386751) > 1: DRSUAPI_SUPPORTED_EXTENSION_BASE > 1: > DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI > 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 > 1: > DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION > 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY > 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE > 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD > 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND > 1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO > 1: > DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 > 1: > DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY > 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 > 0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 > 1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 > 1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT > 0: > DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS > 0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 > 0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 > 0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 > site_guid : > 00000000-0000-0000-0000-000000000000 > pid : 0x00000000 (0) > repl_epoch : 0x00000000 (0) > drsuapi_DsBind: struct drsuapi_DsBind > out: struct drsuapi_DsBind > bind_info : * > bind_info: struct drsuapi_DsBindInfoCtr > length : 0x0000001c (28) > __ndr_length : 0x0000001c (28) > info : union > drsuapi_DsBindInfo(case 28) > info28: struct drsuapi_DsBindInfo28 > supported_extensions : 0x2fffff6f (805306223) > 1: DRSUAPI_SUPPORTED_EXTENSION_BASE > 1: > DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI > 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 > 0: > DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 > 1: > DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION > 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY > 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE > 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD > 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND > 1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO > 1: > DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 > 1: > DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY > 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 > 1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 > 1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT > 0: > DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 > 0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 > 0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 > site_guid : > 29e318da-d660-4a24-94d9-81e86b5a1e82 > pid : 0x00000000 (0) > repl_epoch : 0x00000000 (0) > bind_handle : * > bind_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > 2cb3f3b5-b29a-4958-a912-51a0881976da > result : WERR_OK > lpcfg_servicenumber: couldn't find ldb > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Cannot do GSSAPI to an IP address > Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER > Starting GENSEC submechanism ntlmssp > Got challenge flags: > Got NTLMSSP neg_flags=0x62898235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_TARGET_TYPE_DOMAIN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync > in: struct drsuapi_DsReplicaSync > bind_handle : * > bind_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > 2cb3f3b5-b29a-4958-a912-51a0881976da > level : 0x00000001 (1) > req : * > req : union > drsuapi_DsReplicaSyncRequest(case 1) > req1: struct drsuapi_DsReplicaSyncRequest1 > naming_context : * > naming_context: struct > drsuapi_DsReplicaObjectIdentifier > __ndr_size : 0x00000066 (102) > __ndr_size_sid : 0x00000000 (0) > guid : > 00000000-0000-0000-0000-000000000000 > sid : S-0-0 > __ndr_size_dn : 0x00000016 (22) > dn : > 'DC=iumnet,DC=edu,DC=na' > source_dsa_guid : > 27182378-a9c7-451e-bb95-7b2172a5f311 > source_dsa_dns : NULL > options : 0x00008010 (32784) > 0: DRSUAPI_DRS_ASYNC_OP > 0: DRSUAPI_DRS_GETCHG_CHECK > 0: DRSUAPI_DRS_UPDATE_NOTIFICATION > 0: DRSUAPI_DRS_ADD_REF > 0: DRSUAPI_DRS_SYNC_ALL > 0: DRSUAPI_DRS_DEL_REF > 1: DRSUAPI_DRS_WRIT_REP > 0: DRSUAPI_DRS_INIT_SYNC > 0: DRSUAPI_DRS_PER_SYNC > 0: DRSUAPI_DRS_MAIL_REP > 0: DRSUAPI_DRS_ASYNC_REP > 0: DRSUAPI_DRS_IGNORE_ERROR > 0: DRSUAPI_DRS_TWOWAY_SYNC > 0: DRSUAPI_DRS_CRITICAL_ONLY > 0: DRSUAPI_DRS_GET_ANC > 0: DRSUAPI_DRS_GET_NC_SIZE > 0: DRSUAPI_DRS_LOCAL_ONLY > 0: DRSUAPI_DRS_NONGC_RO_REP > 0: DRSUAPI_DRS_SYNC_BYNAME > 0: DRSUAPI_DRS_REF_OK > 1: DRSUAPI_DRS_FULL_SYNC_NOW > 1: DRSUAPI_DRS_NO_SOURCE > 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS > 0: DRSUAPI_DRS_FULL_SYNC_PACKET > 0: DRSUAPI_DRS_SYNC_REQUEUE > 0: DRSUAPI_DRS_SYNC_URGENT > 0: DRSUAPI_DRS_REF_GCSPN > 0: DRSUAPI_DRS_NO_DISCARD > 0: DRSUAPI_DRS_NEVER_SYNCED > 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING > 0: DRSUAPI_DRS_INIT_SYNC_NOW > 0: DRSUAPI_DRS_PREEMPTED > 0: DRSUAPI_DRS_SYNC_FORCED > 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC > 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC > 0: DRSUAPI_DRS_USE_COMPRESSION > 0: DRSUAPI_DRS_NEVER_NOTIFY > 0: DRSUAPI_DRS_SYNC_PAS > 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP > drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync > out: struct drsuapi_DsReplicaSync > result : WERR_BAD_NET_RESP > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 386, in > run > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > source_dsa_guid, NC, req_options) > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, in > sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > *Harsh Kukreja *Systems Administrator > *International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja > @ium.edu.na - Web: > *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag > 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIANot sure what your issue is but have you tried using the fqdn for DC1 and DC2? I've experienced issues with manual replication when using a IP and not the dns or fqdn name. -- -- James
Hi Harsh,>> >> The DRS sync between two Domain Controllers connected on one network is >> failing. I have enabled the log level 9. >> >> samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na >> --full-sync -UAdministrator >> INFO: Current debug levels: >> all: 9 >> tdb: 9 >> printdrivers: 9.....>> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP >> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync >> out: struct drsuapi_DsReplicaSync >> result : WERR_BAD_NET_RESP >> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line >> 386, in >> run >> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, >> source_dsa_guid, NC, req_options) >> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line >> 85, in >> sendDsReplicaSync >> raise drsException("DsReplicaSync failed %s" % estr) >> >> *Harsh Kukreja *Systems Administrator >> *International University of Namibia *Tel: 061-4336000 - E-mail: >> h.kukreja >> @ium.edu.na - Web: >> *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag >> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA > > Not sure what your issue is but have you tried using the fqdn for DC1 > and DC2? I've experienced issues with manual replication when using a IP > and not the dns or fqdn name.Indeed, domain controllers will use Kerberos for authentication during replication. If you are using IP address, you cannot use Kerberos since the client computer won't be able to build up a SPN to known which AD account it should ask a ticket for. Cheers, Denis -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr
Hi
I have tried using FQDN for DC1 and DC2 but still it is failing.Please
assist to fix
samba-tool drs replicate iumdcdp01.iumnet.edu.na iumsvrpdc
DC=iumnet,DC=edu,DC=na --sync-forced -UAdministrator
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 0
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[softshare]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:iumdcdp01.iumnet.edu.na[,seal,print]
Mapped to DCERPC endpoint 135
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name iumdcdp01.iumnet.edu.na
<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
Mapped to DCERPC endpoint 1024
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name iumdcdp01.iumnet.edu.na
<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [IUMNET\Administrator]:
Received smb_krb5 packet of length 271
Received smb_krb5 packet of length 1397
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
drsuapi_DsBind: struct drsuapi_DsBind
in: struct drsuapi_DsBind
bind_guid : *
bind_guid :
e24d201a-4fd6-11d1-a3da-0000f875ae0d
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x0fefff7f (267386751)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
00000000-0000-0000-0000-000000000000
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
drsuapi_DsBind: struct drsuapi_DsBind
out: struct drsuapi_DsBind
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x2fffff6f (805306223)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
29e318da-d660-4a24-94d9-81e86b5a1e82
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
4b1eea79-e969-408c-a3b1-84ca1fe9a0eb
result : WERR_OK
lpcfg_servicenumber: couldn't find ldb
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name iumdcdp01.iumnet.edu.na
<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 271
Received smb_krb5 packet of length 1397
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
in: struct drsuapi_DsReplicaSync
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
4b1eea79-e969-408c-a3b1-84ca1fe9a0eb
level : 0x00000001 (1)
req : *
req : union
drsuapi_DsReplicaSyncRequest(case 1)
req1: struct drsuapi_DsReplicaSyncRequest1
naming_context : *
naming_context: struct
drsuapi_DsReplicaObjectIdentifier
__ndr_size : 0x00000066 (102)
__ndr_size_sid : 0x00000000 (0)
guid :
00000000-0000-0000-0000-000000000000
sid : S-0-0
__ndr_size_dn : 0x00000016 (22)
dn :
'DC=iumnet,DC=edu,DC=na'
source_dsa_guid :
27182378-a9c7-451e-bb95-7b2172a5f311
source_dsa_dns : NULL
options : 0x02000010 (33554448)
0: DRSUAPI_DRS_ASYNC_OP
0: DRSUAPI_DRS_GETCHG_CHECK
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
0: DRSUAPI_DRS_ADD_REF
0: DRSUAPI_DRS_SYNC_ALL
0: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
0: DRSUAPI_DRS_INIT_SYNC
0: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
0: DRSUAPI_DRS_FULL_SYNC_NOW
0: DRSUAPI_DRS_NO_SOURCE
0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
0: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
1: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
0: DRSUAPI_DRS_USE_COMPRESSION
0: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
out: struct drsuapi_DsReplicaSync
result : WERR_BAD_NET_RESP
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
386, in
run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
in
sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
On Thu, Jan 11, 2018 at 6:04 PM, lingpanda101 via samba <
samba at lists.samba.org> wrote:
> On 1/11/2018 10:39 AM, Harsh Kukreja via samba wrote:
>
>> Hi
>>
>> The DRS sync between two Domain Controllers connected on one network is
>> failing. I have enabled the log level 9.
>>
>> samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na
>> --full-sync -UAdministrator
>> INFO: Current debug levels:
>> all: 9
>> tdb: 9
>> printdrivers: 9
>> lanman: 9
>> smb: 9
>> rpc_parse: 9
>> rpc_srv: 9
>> rpc_cli: 9
>> passdb: 9
>> sam: 9
>> auth: 9
>> winbind: 9
>> vfs: 9
>> idmap: 9
>> quota: 9
>> acls: 9
>> locking: 9
>> msdfs: 9
>> dmapi: 9
>> registry: 9
>> scavenger: 9
>> dns: 0
>> ldb: 9
>> tevent: 9
>> auth_audit: 9
>> auth_json_audit: 9
>> kerberos: 9
>> drs_repl: 9
>> Processing section "[netlogon]"
>> Processing section "[sysvol]"
>> Processing section "[softshare]"
>> pm_process() returned Yes
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'naclrpc_as_system' registered
>> GENSEC backend 'sasl-EXTERNAL' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'ntlmssp_resume_ccache' registered
>> GENSEC backend 'http_basic' registered
>> GENSEC backend 'http_ntlm' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> Using binding ncacn_ip_tcp:172.16.10.5[,seal,print]
>> Mapped to DCERPC endpoint 135
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> Mapped to DCERPC endpoint 1024
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> Starting GENSEC mechanism spnego
>> Starting GENSEC submechanism gssapi_krb5
>> Cannot do GSSAPI to an IP address
>> Failed to start GENSEC client mech gssapi_krb5:
>> NT_STATUS_INVALID_PARAMETER
>> Starting GENSEC submechanism ntlmssp
>> Got challenge flags:
>> Got NTLMSSP neg_flags=0x62898235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_TARGET_TYPE_DOMAIN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_TARGET_INFO
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> Password for [IUMNET\Administrator]:
>> NTLMSSP: Set final flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> drsuapi_DsBind: struct drsuapi_DsBind
>> in: struct drsuapi_DsBind
>> bind_guid : *
>> bind_guid :
>> e24d201a-4fd6-11d1-a3da-0000f875ae0d
>> bind_info : *
>> bind_info: struct drsuapi_DsBindInfoCtr
>> length : 0x0000001c (28)
>> __ndr_length : 0x0000001c (28)
>> info : union
>> drsuapi_DsBindInfo(case 28)
>> info28: struct drsuapi_DsBindInfo28
>> supported_extensions : 0x0fefff7f
(267386751)
>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>> 1: DRSUAPI_SUPPORTED_EXTENSION_KC
>> C_EXECUTE
>> 1: DRSUAPI_SUPPORTED_EXTENSION_AD
>> DENTRY_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
>> 1: DRSUAPI_SUPPORTED_EXTENSION_CR
>> YPTO_BIND
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> T_REPL_INFO
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
>> 0: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V5
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V6
>> 1: DRSUAPI_SUPPORTED_EXTENSION_NO
>> NDOMAIN_NCS
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V8
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V5
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V6
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V7
>> 1: DRSUAPI_SUPPORTED_EXTENSION_VE
>> RIFY_OBJECT
>> 0:
>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
>> 0: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V10
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART2
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART3
>> site_guid :
>> 00000000-0000-0000-0000-000000000000
>> pid : 0x00000000 (0)
>> repl_epoch : 0x00000000 (0)
>> drsuapi_DsBind: struct drsuapi_DsBind
>> out: struct drsuapi_DsBind
>> bind_info : *
>> bind_info: struct drsuapi_DsBindInfoCtr
>> length : 0x0000001c (28)
>> __ndr_length : 0x0000001c (28)
>> info : union
>> drsuapi_DsBindInfo(case 28)
>> info28: struct drsuapi_DsBindInfo28
>> supported_extensions : 0x2fffff6f
(805306223)
>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
>> 0:
>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>> 1: DRSUAPI_SUPPORTED_EXTENSION_KC
>> C_EXECUTE
>> 1: DRSUAPI_SUPPORTED_EXTENSION_AD
>> DENTRY_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
>> 1: DRSUAPI_SUPPORTED_EXTENSION_CR
>> YPTO_BIND
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> T_REPL_INFO
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V5
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V6
>> 1: DRSUAPI_SUPPORTED_EXTENSION_NO
>> NDOMAIN_NCS
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V8
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V5
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V6
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V7
>> 1: DRSUAPI_SUPPORTED_EXTENSION_VE
>> RIFY_OBJECT
>> 0:
>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V10
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART2
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART3
>> site_guid :
>> 29e318da-d660-4a24-94d9-81e86b5a1e82
>> pid : 0x00000000 (0)
>> repl_epoch : 0x00000000 (0)
>> bind_handle : *
>> bind_handle: struct policy_handle
>> handle_type : 0x00000000 (0)
>> uuid :
>> 2cb3f3b5-b29a-4958-a912-51a0881976da
>> result : WERR_OK
>> lpcfg_servicenumber: couldn't find ldb
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> Starting GENSEC mechanism spnego
>> Starting GENSEC submechanism gssapi_krb5
>> Cannot do GSSAPI to an IP address
>> Failed to start GENSEC client mech gssapi_krb5:
>> NT_STATUS_INVALID_PARAMETER
>> Starting GENSEC submechanism ntlmssp
>> Got challenge flags:
>> Got NTLMSSP neg_flags=0x62898235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_TARGET_TYPE_DOMAIN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_TARGET_INFO
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP: Set final flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>> in: struct drsuapi_DsReplicaSync
>> bind_handle : *
>> bind_handle: struct policy_handle
>> handle_type : 0x00000000 (0)
>> uuid :
>> 2cb3f3b5-b29a-4958-a912-51a0881976da
>> level : 0x00000001 (1)
>> req : *
>> req : union
>> drsuapi_DsReplicaSyncRequest(case 1)
>> req1: struct drsuapi_DsReplicaSyncRequest1
>> naming_context : *
>> naming_context: struct
>> drsuapi_DsReplicaObjectIdentifier
>> __ndr_size : 0x00000066
(102)
>> __ndr_size_sid : 0x00000000 (0)
>> guid :
>> 00000000-0000-0000-0000-000000000000
>> sid : S-0-0
>> __ndr_size_dn : 0x00000016 (22)
>> dn :
>> 'DC=iumnet,DC=edu,DC=na'
>> source_dsa_guid :
>> 27182378-a9c7-451e-bb95-7b2172a5f311
>> source_dsa_dns : NULL
>> options : 0x00008010 (32784)
>> 0: DRSUAPI_DRS_ASYNC_OP
>> 0: DRSUAPI_DRS_GETCHG_CHECK
>> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION
>> 0: DRSUAPI_DRS_ADD_REF
>> 0: DRSUAPI_DRS_SYNC_ALL
>> 0: DRSUAPI_DRS_DEL_REF
>> 1: DRSUAPI_DRS_WRIT_REP
>> 0: DRSUAPI_DRS_INIT_SYNC
>> 0: DRSUAPI_DRS_PER_SYNC
>> 0: DRSUAPI_DRS_MAIL_REP
>> 0: DRSUAPI_DRS_ASYNC_REP
>> 0: DRSUAPI_DRS_IGNORE_ERROR
>> 0: DRSUAPI_DRS_TWOWAY_SYNC
>> 0: DRSUAPI_DRS_CRITICAL_ONLY
>> 0: DRSUAPI_DRS_GET_ANC
>> 0: DRSUAPI_DRS_GET_NC_SIZE
>> 0: DRSUAPI_DRS_LOCAL_ONLY
>> 0: DRSUAPI_DRS_NONGC_RO_REP
>> 0: DRSUAPI_DRS_SYNC_BYNAME
>> 0: DRSUAPI_DRS_REF_OK
>> 1: DRSUAPI_DRS_FULL_SYNC_NOW
>> 1: DRSUAPI_DRS_NO_SOURCE
>> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
>> 0: DRSUAPI_DRS_FULL_SYNC_PACKET
>> 0: DRSUAPI_DRS_SYNC_REQUEUE
>> 0: DRSUAPI_DRS_SYNC_URGENT
>> 0: DRSUAPI_DRS_REF_GCSPN
>> 0: DRSUAPI_DRS_NO_DISCARD
>> 0: DRSUAPI_DRS_NEVER_SYNCED
>> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
>> 0: DRSUAPI_DRS_INIT_SYNC_NOW
>> 0: DRSUAPI_DRS_PREEMPTED
>> 0: DRSUAPI_DRS_SYNC_FORCED
>> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
>> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
>> 0: DRSUAPI_DRS_USE_COMPRESSION
>> 0: DRSUAPI_DRS_NEVER_NOTIFY
>> 0: DRSUAPI_DRS_SYNC_PAS
>> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>> out: struct drsuapi_DsReplicaSync
>> result : WERR_BAD_NET_RESP
>> ERROR(<class 'samba.drs_utils.drsException'>):
DsReplicaSync failed -
>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
>> File
"/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
>> 386, in
>> run
>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>> source_dsa_guid, NC, req_options)
>> File
"/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
>> in
>> sendDsReplicaSync
>> raise drsException("DsReplicaSync failed %s" % estr)
>>
>> *Harsh Kukreja *Systems Administrator
>> *International University of Namibia *Tel: 061-4336000 - E-mail:
h.kukreja
>> @ium.edu.na - Web:
>> *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
>> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
>>
>
> Not sure what your issue is but have you tried using the fqdn for DC1 and
> DC2? I've experienced issues with manual replication when using a IP
and
> not the dns or fqdn name.
>
> --
> --
> James
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>