Hi! Thanks for answer. But, i allowed all ports in my firewall... I tested, shutdown my DC1 DC2 dont comunication with DC3 I create user in DC2, dont replication with DC3... I waited more in 20 minutes Why ?? Regards; On 17-05-2018 12:01, lingpanda101 wrote:> On 5/17/2018 10:30 AM, Carlos via samba wrote: >> Hi! >> >> I have 2 DC, now add one more DC, but all dcs dont view between they. >> >> New DC is "DC2" >> >> DC1 - vlan10 -> OK to DC3(Connectad by openvpn) >> >> DC1 -> vlan10 -> OK to DC2(vlan50) >> >> DC2-> vlan50 -> OK to DC1(vlan10) >> >> DC2-> Openvpn -> Dont "see" DC3 >> >> DC3 -> Openvpn -> OK to DC1(vlan10) >> >> DC3 -> Openvpn -> Dont "view" DC2(vlan50) >> >> All version Dcs Samba 4.7.7 >> Firewall is allow between they. >> >> ----- >> >> DC1 >> >> samba-tool drs showrepl >> >> I see only DC2 and DC3 is OK >> Is correct. >> >> DC2 >> >> samba-tool drs showrepl >> >> I see only DC1 >> >> DC3 >> >> samba-tool drs showrepl >> >> I see only DC1 >> ------------------------ >> >> Any Ideia ? >> >> >> Regards >> >> > Carlos, > > This is normal if your firewall is working correctly. The KCC > checks and creates replication links to optimize latency and cost > where needed. You can override this and create a full mesh topology > with the following in your smb.conf under 'Global'. > > kccsrv:samba_kcc=No > > I advise not doing this but instead ensure sites and services are > setup correctly for your IP Inter-Site-Transports. You can define cost > and interval for the links here. > > > -James > >
On 5/17/2018 12:07 PM, Carlos wrote:> Hi! > > Thanks for answer. > > But, i allowed all ports in my firewall... > > I tested, shutdown my DC1 > > DC2 dont comunication with DC3 > > I create user in DC2, dont replication with DC3... > I waited more in 20 minutes > > Why ?? > > Regards; > > > On 17-05-2018 12:01, lingpanda101 wrote: >> On 5/17/2018 10:30 AM, Carlos via samba wrote: >>> Hi! >>> >>> I have 2 DC, now add one more DC, but all dcs dont view between they. >>> >>> New DC is "DC2" >>> >>> DC1 - vlan10 -> OK to DC3(Connectad by openvpn) >>> >>> DC1 -> vlan10 -> OK to DC2(vlan50) >>> >>> DC2-> vlan50 -> OK to DC1(vlan10) >>> >>> DC2-> Openvpn -> Dont "see" DC3 >>> >>> DC3 -> Openvpn -> OK to DC1(vlan10) >>> >>> DC3 -> Openvpn -> Dont "view" DC2(vlan50) >>> >>> All version Dcs Samba 4.7.7 >>> Firewall is allow between they. >>> >>> ----- >>> >>> DC1 >>> >>> samba-tool drs showrepl >>> >>> I see only DC2 and DC3 is OK >>> Is correct. >>> >>> DC2 >>> >>> samba-tool drs showrepl >>> >>> I see only DC1 >>> >>> DC3 >>> >>> samba-tool drs showrepl >>> >>> I see only DC1 >>> ------------------------ >>> >>> Any Ideia ? >>> >>> >>> Regards >>> >>> >> Carlos, >> >> This is normal if your firewall is working correctly. The KCC >> checks and creates replication links to optimize latency and cost >> where needed. You can override this and create a full mesh topology >> with the following in your smb.conf under 'Global'. >> >> kccsrv:samba_kcc=No >> >> I advise not doing this but instead ensure sites and services are >> setup correctly for your IP Inter-Site-Transports. You can define >> cost and interval for the links here. >> >> >> -James >> >> >Did you verify you have the Inter-Site Transports configured properly in Active Directory Sites and Services snap in? -James
Hi! In Option "Inter-Site Transports", i have only one the name "DEFAULTIPSITELINK" , in properties Sites in this link: Matriz Filial Matriz -> site with DC1 and DC2 Filail -> site With DC3 Regards; On 17-05-2018 13:12, lingpanda101 wrote:> On 5/17/2018 12:07 PM, Carlos wrote: >> Hi! >> >> Thanks for answer. >> >> But, i allowed all ports in my firewall... >> >> I tested, shutdown my DC1 >> >> DC2 dont comunication with DC3 >> >> I create user in DC2, dont replication with DC3... >> I waited more in 20 minutes >> >> Why ?? >> >> Regards; >> >> >> On 17-05-2018 12:01, lingpanda101 wrote: >>> On 5/17/2018 10:30 AM, Carlos via samba wrote: >>>> Hi! >>>> >>>> I have 2 DC, now add one more DC, but all dcs dont view between they. >>>> >>>> New DC is "DC2" >>>> >>>> DC1 - vlan10 -> OK to DC3(Connectad by openvpn) >>>> >>>> DC1 -> vlan10 -> OK to DC2(vlan50) >>>> >>>> DC2-> vlan50 -> OK to DC1(vlan10) >>>> >>>> DC2-> Openvpn -> Dont "see" DC3 >>>> >>>> DC3 -> Openvpn -> OK to DC1(vlan10) >>>> >>>> DC3 -> Openvpn -> Dont "view" DC2(vlan50) >>>> >>>> All version Dcs Samba 4.7.7 >>>> Firewall is allow between they. >>>> >>>> ----- >>>> >>>> DC1 >>>> >>>> samba-tool drs showrepl >>>> >>>> I see only DC2 and DC3 is OK >>>> Is correct. >>>> >>>> DC2 >>>> >>>> samba-tool drs showrepl >>>> >>>> I see only DC1 >>>> >>>> DC3 >>>> >>>> samba-tool drs showrepl >>>> >>>> I see only DC1 >>>> ------------------------ >>>> >>>> Any Ideia ? >>>> >>>> >>>> Regards >>>> >>>> >>> Carlos, >>> >>> This is normal if your firewall is working correctly. The KCC >>> checks and creates replication links to optimize latency and cost >>> where needed. You can override this and create a full mesh topology >>> with the following in your smb.conf under 'Global'. >>> >>> kccsrv:samba_kcc=No >>> >>> I advise not doing this but instead ensure sites and services are >>> setup correctly for your IP Inter-Site-Transports. You can define >>> cost and interval for the links here. >>> >>> >>> -James >>> >>> >> > Did you verify you have the Inter-Site Transports configured properly > in Active Directory Sites and Services snap in? > > -James >