vincent at cojot.name
2019-Jan-22 19:20 UTC
[Samba] dbtool --cross-ncs and undeletable errors..
Hi All,
On my two-DC setup (dc00 and dc01 - Used to be a 4-Dc setup but 02 and 03
are gone), I've noticed the following errors which I am unable to fix.. Any
hints?
* Basic dbcheck is clean.
[root at dc00 ~]# samba-tool dbcheck
Checking 327 objects
Checked 327 objects (0 errors)
* Cross-NCS shows two errors related to a de-comissionned DC (dc02) and
cannot auto-fix this.. How do I fix those errors?
[root at dc00 ~]# samba-tool dbcheck --cross-ncs --fix --yes
Checking 3574 objects
ERROR: no target object found for GUID component for link fromServer in
object
CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
- <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS
Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
ERROR: target DN is deleted for fromServer in object
CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
- <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS
Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
Target GUID points at deleted DN
'<GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS
Settings\\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn'
Remove DN link? [YES]
ERROR: Failed to remove deleted DN attribute fromServer : (65,
"objectclass_attrs: at least one mandatory attribute ('fromServer')
on
entry
'CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn'
wasn't specified!")
Thanks for any hints/pointers.
Vincent
On Tue, 22 Jan 2019 14:20:21 -0500 (EST) "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote:> > Hi All, > > On my two-DC setup (dc00 and dc01 - Used to be a 4-Dc setup but 02 > and 03 are gone), I've noticed the following errors which I am unable > to fix.. Any hints? > > * Basic dbcheck is clean. > > [root at dc00 ~]# samba-tool dbcheck > Checking 327 objects > Checked 327 objects (0 errors) > > * Cross-NCS shows two errors related to a de-comissionned DC (dc02) > and cannot auto-fix this.. How do I fix those errors? > > [root at dc00 ~]# samba-tool dbcheck --cross-ncs --fix --yes > Checking 3574 objects > ERROR: no target object found for GUID component for link fromServer > in object > CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn > - <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS > Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn > ERROR: target DN is deleted for fromServer in object > CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn > - <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS > Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn > Target GUID points at deleted DN > '<GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS > Settings\\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn' > Remove DN link? [YES] > ERROR: Failed to remove deleted DN attribute fromServer : (65, > "objectclass_attrs: at least one mandatory attribute ('fromServer') > on entry > 'CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn' > wasn't specified!") > > > Thanks for any hints/pointers. > > Vincent >This isn't an error, if you look very carefully at the 'link' you will see 'DEL'. This means the record is a 'DELETED' record, you cannot delete a 'DELETED' record ;-) If you wait for 180 days minus the number of days since you decommissioned the DC, the record will just go away. Rowland
vincent at cojot.name
2019-Jan-22 20:19 UTC
[Samba] dbtool --cross-ncs and undeletable errors..
On Tue, 22 Jan 2019, Rowland Penny via samba wrote:> On Tue, 22 Jan 2019 14:20:21 -0500 (EST) > "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote: > >> >> Hi All, >> >> On my two-DC setup (dc00 and dc01 - Used to be a 4-Dc setup but 02 >> and 03 are gone), I've noticed the following errors which I am unable >> to fix.. Any hints? >> >> * Basic dbcheck is clean. >> >> [root at dc00 ~]# samba-tool dbcheck >> Checking 327 objects >> Checked 327 objects (0 errors) >> >> * Cross-NCS shows two errors related to a de-comissionned DC (dc02) >> and cannot auto-fix this.. How do I fix those errors? >> >> [root at dc00 ~]# samba-tool dbcheck --cross-ncs --fix --yes >> Checking 3574 objects >> ERROR: no target object found for GUID component for link fromServer >> in object >> CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn >> - <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS >> Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn >> ERROR: target DN is deleted for fromServer in object >> CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn >> - <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS >> Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn >> Target GUID points at deleted DN >> '<GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS >> Settings\\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn' >> Remove DN link? [YES] >> ERROR: Failed to remove deleted DN attribute fromServer : (65, >> "objectclass_attrs: at least one mandatory attribute ('fromServer') >> on entry >> 'CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn' >> wasn't specified!") >> >> >> Thanks for any hints/pointers. >> >> Vincent >> > > This isn't an error, if you look very carefully at the 'link' you will > see 'DEL'. This means the record is a 'DELETED' record, you cannot > delete a 'DELETED' record ;-) > > If you wait for 180 days minus the number of days since you > decommissioned the DC, the record will just go away. > > RowlandHi Rowland, Thank you for your quick reply. Is there a way to force an expire on those things so I can get past those errors and only consider new errors as 'new'? It's been about 4-5 months since I removed those DCs but an ldbsearch shows more objects in need of purge (Computers that were removed, users too). If I wanted to clean this manually, I guess I could do the following (but I'm sure I'd -want- to do that): export LDB_MODULES_PATH=/usr/lib64/samba/ldb ldbedit -e nano -H /var/lib/samba/private/sam.ldb --cross-ncs \ --show-deleted --show-deactivated-link --extended-dn (and then light a few candles, I guess).. Is there a way to do that saefly using RSAT? Thanks, Vincent