Marcio Demetrio Bacci
2019-Jul-29  20:53 UTC
[Samba] Error Removing Samba Server from Domain
Hi,
I need to remove my Samba 4 server from the domain and the following error
is happening:
samba-tool domain demote -Uadministrator
Using WIN-DC1.empresa.com.br as partner server for the demotion
Password for [EMPRESA\capbacci]:
Deactivating inbound replication
Asking partner server WIN-DC1.empresa.com.br to synchronize from us
Error while replicating out last local changes from
'DC=empresa,DC=com,DC=br' for demotion, re-enabling inbound replication
ERROR(<class 'samba.WERRORError'>): Error while sending a
DsReplicaSync for
partition 'DC=empresa,DC=com,DC=br' - (8418,
'WERR_DS_DRA_SCHEMA_MISMATCH')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
787,
in run
    drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1)
I had placed in the domain without problems last week.
Can anybody help me?
Regards,
M?rcio Bacci
I think this relates to the previous problem you posted about replication not working (which is probably due to the WERR_DS_DRA_SCHEMA_MISMATCH error you're hitting). I think the demote command is trying to replicate out to another DC one last time, so that you don't lose any local modifications to the local DC's database. This is failing. Try using the --remove-other-dead-server option instead, e.g. samba-tool domain demote -UAdministrator --remove-other-dead-server=<your-samba-dc> On 30/07/19 8:53 AM, Marcio Demetrio Bacci via samba wrote:> Hi, > > I need to remove my Samba 4 server from the domain and the following error > is happening: > > samba-tool domain demote -Uadministrator > Using WIN-DC1.empresa.com.br as partner server for the demotion > Password for [EMPRESA\capbacci]: > Deactivating inbound replication > Asking partner server WIN-DC1.empresa.com.br to synchronize from us > Error while replicating out last local changes from > 'DC=empresa,DC=com,DC=br' for demotion, re-enabling inbound replication > ERROR(<class 'samba.WERRORError'>): Error while sending a DsReplicaSync for > partition 'DC=empresa,DC=com,DC=br' - (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 787, > in run > drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1) > > I had placed in the domain without problems last week. > > Can anybody help me? > > Regards, > > M?rcio Bacci
Marcio Demetrio Bacci
2019-Jul-29  22:52 UTC
[Samba] Error Removing Samba Server from Domain
Hi,
I removed the last server (samba4-dc-old listed below) from the domain, but
information related to that server remained. Is there any way to remove
this registry from Samba 4?
samba-tool drs showrepl
Default-First-Site-Name\SAMBA4-DC
DSA Options: 0x00000001
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
DSA invocationId: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
==== INBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC1 via RPC
                DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
                Last attempt @ Mon Jul 29 19:39:15 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 19:39:15 2019 -03
DC=ForestDnsZones,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC2 via RPC
                DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
                Last attempt @ Mon Jul 29 19:39:15 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 19:39:15 2019 -03
CN=Configuration,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC1 via RPC
                DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
                Last attempt @ Mon Jul 29 19:39:15 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 19:39:15 2019 -03
CN=Configuration,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC2 via RPC
                DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
                Last attempt @ Mon Jul 29 19:39:16 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 19:39:16 2019 -03
DC=DomainDnsZones,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC1 via RPC
                DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
                Last attempt @ Mon Jul 29 19:39:15 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 19:39:15 2019 -03
DC=DomainDnsZones,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC2 via RPC
                DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
                Last attempt @ Mon Jul 29 19:39:15 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 19:39:15 2019 -03
CN=Schema,CN=Configuration,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC1 via RPC
                DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
                Last attempt @ Mon Jul 29 19:39:16 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 19:39:16 2019 -03
CN=Schema,CN=Configuration,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC2 via RPC
                DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
                Last attempt @ Mon Jul 29 19:39:16 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 19:39:16 2019 -03
DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC1 via RPC
                DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
                Last attempt @ Mon Jul 29 19:41:57 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 19:41:57 2019 -03
DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC2 via RPC
                DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
                Last attempt @ Mon Jul 29 19:41:33 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 19:41:33 2019 -03
==== OUTBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC1 via RPC
                DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
                Last attempt @ Mon Jul 29 17:44:05 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 17:44:05 2019 -03
DC=ForestDnsZones,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC2 via RPC
                DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
                Last attempt @ Mon Jul 29 17:44:06 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 17:44:06 2019 -03
CN=Configuration,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC1 via RPC
                DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
                Last attempt @ Mon Jul 29 17:45:10 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 17:45:10 2019 -03
CN=Configuration,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC2 via RPC
                DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
                Last attempt @ Mon Jul 29 17:45:10 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 17:45:10 2019 -03
DC=DomainDnsZones,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC1 via RPC
                DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
                Last attempt @ Mon Jul 29 17:44:06 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 17:44:06 2019 -03
DC=DomainDnsZones,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC2 via RPC
                DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
                Last attempt @ Mon Jul 29 17:44:06 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 17:44:06 2019 -03
CN=Schema,CN=Configuration,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC1 via RPC
                DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
                Last attempt @ Mon Jul 29 17:44:06 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 17:44:06 2019 -03
CN=Schema,CN=Configuration,DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC2 via RPC
                DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
                Last attempt @ Mon Jul 29 17:44:06 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 17:44:06 2019 -03
DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC1 via RPC
                DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
                Last attempt @ Mon Jul 29 18:04:02 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 18:04:02 2019 -03
DC=empresa,DC=com,Dc=br
        Default-First-Site-Name\WIN-DC2 via RPC
                DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
                Last attempt @ Mon Jul 29 17:55:11 2019 -03 was successful
                0 consecutive failure(s).
                Last success @ Mon Jul 29 17:55:11 2019 -03
==== KCC CONNECTION OBJECTS ===
Connection --
        Connection name: c6393fbd-461c-4fd7-ac62-4801a3de43d2
        Enabled        : TRUE
        Server DNS name : win-dc1.empresa.com.br
        Server DN name  : CN=NTDS
Settings,CN=WIN-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,Dc=br
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
        Connection name: e5cef3eb-3c8a-4a75-8907-6712af32c952
        Enabled        : TRUE
        Server DNS name : win-dc2.empresa.com.br
        Server DN name  : CN=NTDS
Settings,CN=WIN-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,Dc=br
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
        Connection name: b99eba05-b49c-461f-8814-eb20d44e6f96
        Enabled        : TRUE
        Server DNS name : *samba4-dc-old.empresa.com.br
<http://samba4-dc-old.empresa.com.br>*
        Server DN name  : CN=NTDS
Settings\0ADEL:e2a375da-4a96-4ffb-930a-c158747a19fb,CN=SAMBA4-DC-OLD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,Dc=br
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
Regards,
M?rcio Bacci
Em seg, 29 de jul de 2019 ?s 19:15, Tim Beale <timbeale at
catalyst.net.nz>
escreveu:
> I think this relates to the previous problem you posted about
> replication not working (which is probably due to the
> WERR_DS_DRA_SCHEMA_MISMATCH error you're hitting).
>
> I think the demote command is trying to replicate out to another DC one
> last time, so that you don't lose any local modifications to the local
> DC's database. This is failing.
>
> Try using the --remove-other-dead-server option instead, e.g.
>
> samba-tool domain demote -UAdministrator
> --remove-other-dead-server=<your-samba-dc>
>
> On 30/07/19 8:53 AM, Marcio Demetrio Bacci via samba wrote:
> > Hi,
> >
> > I need to remove my Samba 4 server from the domain and the following
> error
> > is happening:
> >
> > samba-tool domain demote -Uadministrator
> > Using WIN-DC1.empresa.com.br as partner server for the demotion
> > Password for [EMPRESA\capbacci]:
> > Deactivating inbound replication
> > Asking partner server WIN-DC1.empresa.com.br to synchronize from us
> > Error while replicating out last local changes from
> > 'DC=empresa,DC=com,DC=br' for demotion, re-enabling inbound
replication
> > ERROR(<class 'samba.WERRORError'>): Error while sending
a DsReplicaSync
> for
> > partition 'DC=empresa,DC=com,DC=br' - (8418,
> 'WERR_DS_DRA_SCHEMA_MISMATCH')
> >   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 787,
> > in run
> >     drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1)
> >
> > I had placed in the domain without problems last week.
> >
> > Can anybody help me?
> >
> > Regards,
> >
> > M?rcio Bacci
>