samba - Feb 2020 - Replication failing with Win 2012 R2 (maybe)

Hello All,

WIndows DC reports (not for the entire directory, just a portion. See outputs
below).
"The replication operation failed because of a schema mismatch between the
servers involved.?
I suspect the error is a red herring.


Running several Samba DCs at multiple sites. 
Version 4.11.6-Debian from Louis?s repo (on Ubuntu 18)

?vdcw00? is the Windows 2012 R2 server
?cdcx15? is the Samba Domain Controller

Schema version is 69


Command: (on cdcx15)

sudo /usr/bin/samba-tool ldapcmp -d9
--filter="whenChanged,dc,DC,cn,CN" ldap://cdcx15 ldap://vdcw00
-Umyadminuser

Errors:

ERROR(<class 'KeyError'>): uncaught exception -
'managedObjects'
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
186, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line
957, in run
    if b1.diff(b2):
  File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line
781, in diff
    if object1 == object2:
  File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line
549, in __eq__
    return self.cmp_attrs(other)
  File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line
590, in cmp_attrs
    if isinstance(self.attributes[x], list) and isinstance(other.attributes[x],
list):



Command: (on cdcx15)

sudo samba-tool drs replicate vdcw00 cdcx15 DC=MY,DC=ORGNAME,DC=TLD --sync-all
--full-sync -d9

Error:
     drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
        out: struct drsuapi_DsReplicaSync
            result                   : WERR_DS_DRA_INVALID_PARAMETER
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed - drsException: DsReplicaSync failed (8437,
'WERR_DS_DRA_INVALID_PARAMETER')
  File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 577,
in run
    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
  File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92,
in sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)


====
smb.conf

[global]
    
      idmap_ldb:use rfc2307 = True
      log level = dsdb_audit:4 acls:4
dsdb_json_audit:4@/var/log/samba/sam_audit.json dsdb_password_audit:5
dsdb_password_json_audit:5@/var/log/samba/passwd_change.json auth_audit:5
auth_json_audit:3@/var/log/samba/auth_audit.json auth:3 passdb:4 winbind:2
      logging = syslog at 2 file:2
      netbios name = CDCX15
      realm = MY.ORGNAME.TLD
      server role = active directory domain controller
      server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
      tls cafile = tls/int_ca.pem
      tls certfile = tls/cert.pem
      tls enabled = True
      tls keyfile = tls/cert.key
      workgroup = ORGNAME
[netlogon]
    
      path = /var/lib/samba/sysvol/my.orgname.tld/scripts
      read only = False

[sysvol]
    
      path = /var/lib/samba/sysvol
      read only = False

====
repadmin /showrepl (on the Windows DC ?vdcw00?)

C:\Windows\system32>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
sv2\VDCW00
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 8061349d-41dc-48d6-b782-d30b7bf9627d
DSA invocationID: 82dd2ddf-1f5f-4dd6-acfd-4fa18fc8c4f0
==== INBOUND NEIGHBORS
=====================================DC=my,DC=orgname,DC=tld
    sv2\CDCX17 via RPC
        DSA object GUID: 79f10c50-b533-4718-a949-c6d3ac018526
        Last attempt @ 2020-02-25 11:25:17 was delayed for a normal reason,
result 8418 (0x20e2):
    The replication operation failed because of a schema mismatch between the
servers involved.
        Last success @ 2020-02-17 19:01:07.
    sv2\CDCX15 via RPC
        DSA object GUID: 8d7427e1-bb65-44db-a046-32037823805f
        Last attempt @ 2020-02-25 11:25:18 was delayed for a normal reason,
result 8418 (0x20e2):
    The replication operation failed because of a schema mismatch between the
servers involved.
        Last success @ 2020-02-17 19:01:06.
CN=Configuration,DC=my,DC= orgname,DC= tld
    sv2\CDCX15 via RPC
        DSA object GUID: 8d7427e1-bb65-44db-a046-32037823805f
        Last attempt @ 2020-02-25 11:23:31 was successful.
    sv2\CDCX17 via RPC
        DSA object GUID: 79f10c50-b533-4718-a949-c6d3ac018526
        Last attempt @ 2020-02-25 11:23:37 was successful.
CN=Schema,CN=Configuration,DC=my,DC= orgname,DC=tld
    sv2\CDCX17 via RPC
        DSA object GUID: 79f10c50-b533-4718-a949-c6d3ac018526
        Last attempt @ 2020-02-25 11:25:18 was successful.
    sv2\CDCX15 via RPC
        DSA object GUID: 8d7427e1-bb65-44db-a046-32037823805f
        Last attempt @ 2020-02-25 11:25:18 was successful.
DC=ForestDnsZones,DC=my,DC= orgname,DC= tld
    sv2\CDCX17 via RPC
        DSA object GUID: 79f10c50-b533-4718-a949-c6d3ac018526
        Last attempt @ 2020-02-25 10:55:25 was successful.
    sv2\CDCX15 via RPC
        DSA object GUID: 8d7427e1-bb65-44db-a046-32037823805f
        Last attempt @ 2020-02-25 10:55:29 was successful.
DC=DomainDnsZones,DC=my,DC= orgname,DC= tld
    sv2\CDCX15 via RPC
        DSA object GUID: 8d7427e1-bb65-44db-a046-32037823805f
        Last attempt @ 2020-02-25 11:25:17 was successful.
    sv2\CDCX17 via RPC
        DSA object GUID: 79f10c50-b533-4718-a949-c6d3ac018526
        Last attempt @ 2020-02-25 11:25:17 was successful.


====
from cdcx15 ?samba-tool drs showrepl"

==== INBOUND NEIGHBORS ===
.
.
.

DC=na,DC=joby,DC=aero
	sv2\VDCW00 via RPC
		DSA object GUID: 8061349d-41dc-48d6-b782-d30b7bf9627d
		Last attempt @ Tue Feb 25 20:15:22 2020 UTC was successful
		0 consecutive failure(s).
		Last success @ Tue Feb 25 20:15:22 2020 UTC

==== OUTBOUND NEIGHBORS ===
DC=na,DC=joby,DC=aero
	sv2\VDCW00 via RPC
		DSA object GUID: 8061349d-41dc-48d6-b782-d30b7bf9627d
		Last attempt @ Tue Feb 25 20:17:30 2020 UTC was successful
		0 consecutive failure(s).
		Last success @ Tue Feb 25 20:17:30 2020 UTC