Hi! i have 3 dcs with samba i demote bdc and replace it with dc2 with de same ip the replicate with dc1 is ok, and the replicate of dc3 with dc1 is ok, the problem is in dc2 with dc3 i found the problem, but i dont known how fixes when i do samba-tools drs showrepl in dc3 i see in connection appears the old dc named bdc and dont appears the new, dc2 i try with samba-tool drs replicate but nothing change any idea? thanks for exist!
On 5/17/2018 12:45 PM, Carlos Bordon via samba wrote:> Hi! > > i have 3 dcs with samba > > > i demote bdc and replace it with dc2 with de same ip > > the replicate with dc1 is ok, and the replicate of dc3 with dc1 is ok, > > the problem is in dc2 with dc3 > > i found the problem, but i dont known how fixes > > when i do samba-tools drs showrepl in dc3 > > i see in connection appears the old dc named bdc and dont appears the new, > dc2 > > i try with samba-tool drs replicate but nothing change > > any idea? > > thanks for exist!It sounds like after demote Samba was not able to remove some lingering objects. You should remove any entries with the name bdc in your DNS. Look in your domain zone as well as _msdcs.cimg.local. Search all sub folders (ie., _sites,_tcp ect.)I find its easier to use Microsoft DNS manager for this. Confirm in Active Directory Users and Computers that the DC bdc is deleted from the 'Domain Controllers' OU. Finally open Active Directory Sites and Services and expand 'Default-First-Site-Name'. Delete the bdc server if it exists. Expand dc1 and dc3 and remove any 'automatically generated' site links referencing bdc if they exist. Use cation and double check before deleting that it's bdc you are deleting. Finally let the other DC's replicate the changes you made for a few minutes. It should be relatively instant but just to be sure wait. Then run '/samba/sbin/samba_dnsupdate' on dc2. -James
On Thu, 17 May 2018 13:11:36 -0400 lingpanda101 via samba <samba at lists.samba.org> wrote:> On 5/17/2018 12:45 PM, Carlos Bordon via samba wrote: > > Hi! > > > > i have 3 dcs with samba > > > > > > i demote bdc and replace it with dc2 with de same ip > > > > the replicate with dc1 is ok, and the replicate of dc3 with dc1 is > > ok, > > > > the problem is in dc2 with dc3 > > > > i found the problem, but i dont known how fixes > > > > when i do samba-tools drs showrepl in dc3 > > > > i see in connection appears the old dc named bdc and dont appears > > the new, dc2 > > > > i try with samba-tool drs replicate but nothing change > > > > any idea? > > > > thanks for exist! > > It sounds like after demote Samba was not able to remove some > lingering objects. > > You should remove any entries with the name bdc in your DNS. Look in > your domain zone as well as _msdcs.cimg.local. Search all sub folders > (ie., _sites,_tcp ect.)I find its easier to use Microsoft DNS manager > for this. > > Confirm in Active Directory Users and Computers that the DC bdc is > deleted from the 'Domain Controllers' OU. > > Finally open Active Directory Sites and Services and expand > 'Default-First-Site-Name'. Delete the bdc server if it exists. Expand > dc1 and dc3 and remove any 'automatically generated' site links > referencing bdc if they exist. Use cation and double check before > deleting that it's bdc you are deleting. > > Finally let the other DC's replicate the changes you made for a few > minutes. It should be relatively instant but just to be sure wait. > Then run '/samba/sbin/samba_dnsupdate' on dc2. > > > -JamesApart from the possible 'bdc' records in AD, I don't think you have a replication problem. I say possible 'bdc' records, because they could be tombstones and you cannot easily delete them. Coming back to the replication, from what you have posted, you have this topology: Matriz site Filail site DC1 --------------- DC3 | | DC2 You don't actually want replication between DC2 & DC3, this would mean using the WAN link. DC2 would replicate to DC1 (and visa versa), DC1 would replicate to DC3 (and visa versa again). Rowland
On 5/17/2018 2:30 PM, lingpanda101 wrote:> On 5/17/2018 2:26 PM, Carlos Bordon wrote: >> i can do it, then i execute samba_dnsupdate but still appears Server >> DNS Name: BDC when execute drs showrepl >> >> i check one by one the folders in dns and dont have anything related >> with bdc, this only happend in dc4, in dc1 appears correctly >> **SNIP** > > If everything has been removed successfully you most like have stale > records and those will be removed over the next 180 days. > > -- > -- > JamesPosting to keep conversation on the list. -- -- James
On Thu, 17 May 2018 15:39:02 -0300 Carlos Bordon <cgermanb at gmail.com> wrote:> Correctly, but the problem is the log, i have gigas of the log with > this problem: > Refusing DsRepplicaUpdateRefs > and > Failed to commit objects: > werr_gen_failure/nt_status_invalid_network_response > > its posible do something?It depends where the error messages are coming from, if it is just the response from you trying to force the replication, then it is obvious, stop trying to force the replication ;-) If you have 'log level' set in smb.conf, remove it or set it to '0' It might help if you posted a sample of the log messages, just posting fragments of a line doesn't help with trying to identify where they are coming from. Rowland
On Thu, 17 May 2018 16:23:15 -0300 Carlos Bordon <cgermanb at gmail.com> wrote:> i found a new issue > drs replicate dc4 dc1 CN=configuration,dc=example,dc=com > > ERROR=(<class 'samba.drs_utils.drsexception'>) dsreplicasync failed > file"/usr/local/samba/lib/pynthon2.7/site-packages/samba/netcmd/dry.py" > line 386 in run drs_utils.sendsreplicasync(server_bind, > server_bind_handle, source_dsa_guid, NC, req_options) >Let me guess, you topology looks like this: Matriz site Filail DC1 --------------- DC3 | | | | DC2 DC4 Is this correct ? If so, stop trying to replicate DC2 to DC3 and DC4 to DC1, it will not work. You only have a a problem if DC2 will not replicate to DC1 or DC4 will not replicate to DC3 and DC1 will not replicate to DC3. Rowland