Hello,
we could need some help resolving a replication issue we experience since one
week.
We have 1 DC in the cloud running Windows Server 2019 with DFL/FFL 2008R2.
We have 3 sites with 5 DCs running Samba on Debian Buster in total replicating
the AD from Windows.
Since one week the replication state shows the following error:
DC=ds,DC=craze,DC=toys
Azure\VMDC-AZURE-01 via RPC
DSA object GUID: ecef0aca-3c4e-45f8-b780-7b9aad0fe8cb
Last attempt @ Tue Feb ?4 18:54:01 2020 CET failed, result 58
(WERR_BAD_NET_RESP)
10468 consecutive failure(s).
Last success @ Tue Feb ?4 18:30:58 2020 CET
Running?samba-tool drs replicate ka-h9-dc02 VMDC-AZURE-01
dc=ds,dc=example,dc=com --sync-all -d 9 returns
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
? ? ?drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
? ? ? ? out: struct drsuapi_DsReplicaSync
? ? ? ? ? ? result ? ? ? ? ? ? ? ? ? : WERR_BAD_NET_RESP
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed - drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
? File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
568, in run
? ? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
? File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 88,
in sendDsReplicaSync
? ? raise drsException("DsReplicaSync failed %s" % estr)
In the log we see the following error messages
? Failed to commit objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
[2020/02/02 00:12:28.053843, ?0]
../source4/dsdb/repl/drepl_out_helpers.c:1030(dreplsrv_op_pull_source_apply_changes_trigger)
We usually only make changes to the Windows domain but of course it can happen
that new machines join the local on-site DCs.
Right now our replication is stuck and we don't know how to fix it let alone
have any idea on what has gone wrong. It would be fantastic if someone could
point us into the right direction.
Thanks, Alexander