samba - Jul 2020 - samba-check-db-repl failure email

If I run Louis' "samba-check-db-repl.sh" script and it does not
send an
email then this is a "no news is good news" situation, I am assuming.

DC1 sends no email.

DC2 sends this:

ERROR: Compare failed: -1
* Comparing [DOMAIN] context...
* Objects to be compared: 287
* Result for [DOMAIN]: SUCCESS
* Comparing [CONFIGURATION] context...
* Objects to be compared: 1619
* Result for [CONFIGURATION]: SUCCESS
* Comparing [SCHEMA] context...
* Objects to be compared: 1550
* Result for [SCHEMA]: SUCCESS
* Comparing [DNSDOMAIN] context...
* DNs found only inldap://dc1.subdom.example.com:
    
DC=41,DC=0.168.192.IN-ADDR.ARPA\0ADEL:B1A7AF97-A3C9-44EC-A846-99CBC6236E41,CN=DELETED
OBJECTS,DC=DOMAINDNSZONES,DC=subdom,DC=example,DC=com

* DNs found only inldap://dc2.subdom.example.com:
     DC=41,*CN=LOSTANDFOUND*,DC=DOMAINDNSZONES,DC=subdom,DC=example,DC=com

* Objects to be compared: 59
* Result for [DNSDOMAIN]: FAILURE
SUMMARY
---------
* Comparing [DNSFOREST] context...
* Objects to be compared: 22
* Result for [DNSFOREST]: SUCCESS

"LOSTANDFOUND"!!!!!?

-- 
Bob Wooden

This should not be a problem. but this was part/left over?of the problem you
faced friday.

On DC1, the PTR was "somehow" deleted (whole zone was gone), at least
looks like it. "CN=DELETED OBJECTS " is the trashcan in AD.
Just verify if for both the DC's the A and PTR records are working, but that
looked ok.

The due above, somehow on DC2, the server is placed in? CN=LOSTANDFOUND, because
it lots the context of the object.
When an object in AD is unknown its placed in LostAndFound. 
I'll see if i can add this in as filter to skip the deleted objects. 
?
samba-tool dbcheck --cross-nc --fix? can remove these or 
?
After the fix, just to be sure do one extra check on A/PTR records. (NS/SOA
aslo)
?
Your AD is not that big yet, i suggest you run: 
sudo samba-tool dns query dc1?$(hostname -d)?@ ALL -U administrator
That shows all?records in the zone. 

And look at the records, and same for the PTR records.
?sudo samba-tool dns query rtd-dc1 0.168.192.in-addr.arpa @ ALL -U administrator
?
https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
Might be handy also if you hit strange things. 
?


Greetz, 
?
Louis
?
?


Van: Robert E. Wooden [mailto:bob at donelsontrophy.com] 
Verzonden: vrijdag 10 juli 2020 23:46
Aan: samba at lists.samba.org
CC: L.P.H. van Belle
Onderwerp: samba-check-db-repl failure email




If I run Louis' "samba-check-db-repl.sh" script and it does not
send an email then this is a "no news is good news" situation, I am
assuming.

DC1 sends no email.

DC2 sends this:

ERROR: Compare failed: -1 * Comparing [DOMAIN] context... * Objects to be
compared: 287 * Result for [DOMAIN]: SUCCESS * Comparing [CONFIGURATION]
context... * Objects to be compared: 1619 * Result for [CONFIGURATION]: SUCCESS
* Comparing [SCHEMA] context... * Objects to be compared: 1550 * Result for
[SCHEMA]: SUCCESS * Comparing [DNSDOMAIN] context... * DNs found only in
ldap://dc1.subdom.example.com:
DC=41,DC=0.168.192.IN-ADDR.ARPA\0ADEL:B1A7AF97-A3C9-44EC-A846-99CBC6236E41,CN=DELETED
OBJECTS,DC=DOMAINDNSZONES,DC=subdom,DC=example,DC=com * DNs found only in
ldap://dc2.subdom.example.com:
DC=41,CN=LOSTANDFOUND,DC=DOMAINDNSZONES,DC=subdom,DC=example,DC=com * Objects to
be compared: 59 * Result for [DNSDOMAIN]: FAILURE SUMMARY --------- * Comparing
[DNSFOREST] context... * Objects to be compared: 22 * Result for [DNSFOREST]:
SUCCESS "LOSTANDFOUND"!!!!!?

-- Bob Wooden

On 7/13/2020 2:43 AM, L.P.H. van Belle via samba wrote:
> samba-tool dns query rtd-dc1 0.168.192.in-addr.arpa @ ALL -U administrator
I overlooked this check string the other day.

Ran it just now and got the following:

root at dc1:~# samba-tool dns query rtd-dc1 0.168.192.in-addr.arpa @ ALL -U 
administrator
ERROR: Connecting to DNS RPC server rtd-dc1 failed with (3221225524, 
'The object name is not found.')

This happened on both DCs.

I have to ask, "rtd-dc1"? I do not remember the "rtd..." is
in any queries?

-- 

Bob Wooden