L. van Belle
2022-Jun-08 09:53 UTC
[Samba] Replication is broken due to Bind DNS resolution
Which server is the best of the 3? move the FSMO roles (* for now) to that server. I suggest SERENITY. Test in order, en repeat that in every test, exact same order.. 1) SERENITY 2) OLYMPIA 3) KEFA This is I think the best server order. How is the replication between SERENITY and OLYMPIA, are these good. if these don?t show errors then that?s your new base. so, most looks ok, do the following. Remove KEFA from AD domain. Steps : https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC After its removed, you need to verify/use ldapsearch to check if all A and PTR and names are gone. only and only your sure, its all going. Change the /etc/resolv.conf and point it to SERENITY now, Reprovison it. That should do it. The key thing, be sure all old entries are gone and removed and tripple checked. How that it helps for you. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba <samba-bounces at lists.samba.org> Namens Zombie Ryushu via > samba > Verzonden: woensdag 8 juni 2022 11:09 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Replication is broken due to Bind DNS resolution > > On 6/8/22 05:03, Zombie Ryushu via samba wrote: > > On 6/8/22 04:31, L. van Belle via samba wrote: > >> No, Samba Replication is not broken due to Bind DNS resolution. > >> its broken because of a outdated and/or failty setup, but your close > >> now to the fix. > >> > >> on all servers, run : > >> samba-tool drs showrepl > >> and > >> samba-tool dbcheck --cross-nc > >> and fix it all. > >> > >> this server : > c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. > >> 900 IN CNAME kefka.pukey. > >> its missing in sites and services, > >> > >> * most probley due other servers being turned off, scaveing, don?t > >> know, your thread is hard to follow you need to readd it. > >> > >> So, I don?t know if you use the RSAT windows tools, goto "Active > >> Directry Sites and Services" > >> Your missing a server there, re-add it, I don?t know the CLI for > >> that, never used it. > >> > >> Then as last, find the best "working server, and then push that > >> database to the other DC's. > >> reboot the other server ( not the best working ) and check > >> replication again. > >> > >> I hope this helps a bit. > >> > >> Greetz, > >> > >> Louis > >> > >> > >> > >> > >> > >>> -----Oorspronkelijk bericht----- > >>> Van: samba <samba-bounces at lists.samba.org> Namens Zombie Ryushu > via > >>> samba > >>> Verzonden: woensdag 8 juni 2022 03:33 > >>> Aan: samba at lists.samba.org > >>> Onderwerp: [Samba] Replication is broken due to Bind DNS resolution > >>> > >>> _msdcs.pukey. 900 IN NS > >>> kefka.pukey. > >>> 602bdd9f-a9a0-411d-9f1b-04a63ea93653._msdcs.pukey. 900 IN CNAME > >>> serenity.pukey. > >>> c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. 900 IN CNAME > >>> kefka.pukey. > >>> d02fb6d3-feec-46ec-bcb1-dad7bdd64e27._msdcs.pukey. 900 IN CNAME > >>> olympia.pukey. > >>> > >>> dig CNAME c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. > >>> > >>> ; <<>> DiG 9.16.6 <<>> CNAME > >>> c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. > >>> ;; global options: +cmd > >>> ;; Got answer: > >>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22640 ;; flags: > >>> qr rd > >>> ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > >>> > >>> ;; OPT PSEUDOSECTION: > >>> ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: > >>> 95959d4651f663c701000000629ffbe2c34562879fb6e153 (good) ;; > QUESTION > >>> SECTION: > >>> ;c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. IN CNAME > >>> > >>> ;; Query time: 31 msec > >>> ;; SERVER: 127.0.0.1#53(127.0.0.1) > >>> ;; WHEN: Tue Jun 07 21:31:14 EDT 2022 ;; MSG SIZE rcvd: 106 > >>> > >>> This problem recently showed up. > >>> > >>> > >>> DC=pukey > >>> Default-First-Site-Name\KEFKA via RPC > >>> DSA object GUID: > >>> c0ad4d18-ce25-4198-8e21-694c0727fecf > >>> Last attempt @ Tue Jun 7 21:30:34 2022 EDT failed, > >>> result 2 > >>> (WERR_FILE_NOT_FOUND) > >>> 173 consecutive failure(s). > >>> Last success @ Tue Jun 7 07:08:36 2022 EDT > >>> > >>> -- > >>> To unsubscribe from this list go to the following URL and read the > >>> instructions: https://lists.samba.org/mailman/options/samba > >> > > I did manage to fix the errors but replication and wbinfo isn't > > working still. > > > > > There are no Windows PCs on my network. > > # samba-tool drs showrepl > Default-First-Site-Name\KEFKA > DSA Options: 0x00000001 > DSA object GUID: c0ad4d18-ce25-4198-8e21-694c0727fecf > DSA invocationId: 1d62f06e-5929-482d-8daf-2e0e9c720498 > > ==== INBOUND NEIGHBORS ===> > DC=DomainDnsZones,DC=pukey > Default-First-Site-Name\SERENITY via RPC > DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 > Last attempt @ Wed Jun 8 05:04:35 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 207 consecutive failure(s). > Last success @ Sun Jun 5 20:46:34 2022 EDT > > DC=DomainDnsZones,DC=pukey > Default-First-Site-Name\OLYMPIA via RPC > DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 > Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 508 consecutive failure(s). > Last success @ NTTIME(0) > > DC=pukey > Default-First-Site-Name\SERENITY via RPC > DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 > Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 207 consecutive failure(s). > Last success @ Sun Jun 5 20:46:35 2022 EDT > > DC=pukey > Default-First-Site-Name\OLYMPIA via RPC > DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 > Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 505 consecutive failure(s). > Last success @ NTTIME(0) > > DC=ForestDnsZones,DC=pukey > Default-First-Site-Name\SERENITY via RPC > DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 > Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 207 consecutive failure(s). > Last success @ Sun Jun 5 20:46:35 2022 EDT > > DC=ForestDnsZones,DC=pukey > Default-First-Site-Name\OLYMPIA via RPC > DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 > Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 506 consecutive failure(s). > Last success @ NTTIME(0) > > CN=Configuration,DC=pukey > Default-First-Site-Name\SERENITY via RPC > DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 > Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 206 consecutive failure(s). > Last success @ Sun Jun 5 20:46:35 2022 EDT > > CN=Configuration,DC=pukey > Default-First-Site-Name\OLYMPIA via RPC > DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 > Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 506 consecutive failure(s). > Last success @ NTTIME(0) > > CN=Schema,CN=Configuration,DC=pukey > Default-First-Site-Name\SERENITY via RPC > DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 > Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 206 consecutive failure(s). > Last success @ Sun Jun 5 20:46:36 2022 EDT > > CN=Schema,CN=Configuration,DC=pukey > Default-First-Site-Name\OLYMPIA via RPC > DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 > Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 511 consecutive failure(s). > Last success @ NTTIME(0) > > ==== OUTBOUND NEIGHBORS ===> > DC=DomainDnsZones,DC=pukey > Default-First-Site-Name\SERENITY via RPC > DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 > Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 12112 consecutive failure(s). > Last success @ NTTIME(0) > > DC=pukey > Default-First-Site-Name\SERENITY via RPC > DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 > Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 12106 consecutive failure(s). > Last success @ NTTIME(0) > > DC=ForestDnsZones,DC=pukey > Default-First-Site-Name\SERENITY via RPC > DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 > Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 12111 consecutive failure(s). > Last success @ NTTIME(0) > > CN=Configuration,DC=pukey > Default-First-Site-Name\SERENITY via RPC > DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 > Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 12105 consecutive failure(s). > Last success @ NTTIME(0) > > CN=Schema,CN=Configuration,DC=pukey > Default-First-Site-Name\SERENITY via RPC > DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 > Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 > (WERR_FILE_NOT_FOUND) > 12101 consecutive failure(s). > Last success @ NTTIME(0) > > ==== KCC CONNECTION OBJECTS ===> > Connection -- > Connection name: 4e81be67-ab19-482d-8985-c420b4003b32 > Enabled : TRUE > Server DNS name : olympia.pukey > Server DN name : CN=NTDS > Settings,CN=OLYMPIA,CN=Servers,CN=Default-First-Site- > Name,CN=Sites,CN=Configuration,DC=pukey > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > Connection -- > Connection name: 1242565f-0730-4a91-992e-cf62266af8fb > Enabled : TRUE > Server DNS name : serenity.pukey > Server DN name : CN=NTDS > Settings,CN=SERENITY,CN=Servers,CN=Default-First-Site- > Name,CN=Sites,CN=Configuration,DC=pukey > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Zombie Ryushu
2022-Jun-08 09:59 UTC
[Samba] Replication is broken due to Bind DNS resolution
On 6/8/22 05:53, L. van Belle via samba wrote:> Which server is the best of the 3? > move the FSMO roles (* for now) to that server. I suggest SERENITY. > > Test in order, en repeat that in every test, exact same order.. > 1) SERENITY > 2) OLYMPIA > 3) KEFA > > This is I think the best server order. > > How is the replication between SERENITY and OLYMPIA, are these good. > if these don?t show errors then that?s your new base. > > so, most looks ok, do the following. > > Remove KEFA from AD domain. > Steps : > https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC > > After its removed, you need to verify/use ldapsearch to check if all A and PTR and names are gone. > only and only your sure, its all going. > > Change the /etc/resolv.conf and point it to SERENITY > now, Reprovison it. > > That should do it. > > The key thing, be sure all old entries are gone and removed and tripple checked. > > How that it helps for you. > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba<samba-bounces at lists.samba.org> Namens Zombie Ryushu via >> samba >> Verzonden: woensdag 8 juni 2022 11:09 >> Aan:samba at lists.samba.org >> Onderwerp: Re: [Samba] Replication is broken due to Bind DNS resolution >> >> On 6/8/22 05:03, Zombie Ryushu via samba wrote: >>> On 6/8/22 04:31, L. van Belle via samba wrote: >>>> No, Samba Replication is not broken due to Bind DNS resolution. >>>> its broken because of a outdated and/or failty setup, but your close >>>> now to the fix. >>>> >>>> on all servers, run : >>>> samba-tool drs showrepl >>>> and >>>> samba-tool dbcheck --cross-nc >>>> and fix it all. >>>> >>>> this server : > c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. >>>> 900 IN CNAME kefka.pukey. >>>> its missing in sites and services, >>>> >>>> * most probley due other servers being turned off, scaveing, don?t >>>> know, your thread is hard to follow you need to readd it. >>>> >>>> So, I don?t know if you use the RSAT windows tools, goto "Active >>>> Directry Sites and Services" >>>> Your missing a server there, re-add it, I don?t know the CLI for >>>> that, never used it. >>>> >>>> Then as last, find the best "working server, and then push that >>>> database to the other DC's. >>>> reboot the other server ( not the best working ) and check >>>> replication again. >>>> >>>> I hope this helps a bit. >>>> >>>> Greetz, >>>> >>>> Louis >>>> >>>> >>>> >>>> >>>> >>>>> -----Oorspronkelijk bericht----- >>>>> Van: samba<samba-bounces at lists.samba.org> Namens Zombie Ryushu >> via >>>>> samba >>>>> Verzonden: woensdag 8 juni 2022 03:33 >>>>> Aan:samba at lists.samba.org >>>>> Onderwerp: [Samba] Replication is broken due to Bind DNS resolution >>>>> >>>>> _msdcs.pukey. 900 IN NS >>>>> kefka.pukey. >>>>> 602bdd9f-a9a0-411d-9f1b-04a63ea93653._msdcs.pukey. 900 IN CNAME >>>>> serenity.pukey. >>>>> c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. 900 IN CNAME >>>>> kefka.pukey. >>>>> d02fb6d3-feec-46ec-bcb1-dad7bdd64e27._msdcs.pukey. 900 IN CNAME >>>>> olympia.pukey. >>>>> >>>>> dig CNAME c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. >>>>> >>>>> ; <<>> DiG 9.16.6 <<>> CNAME >>>>> c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. >>>>> ;; global options: +cmd >>>>> ;; Got answer: >>>>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22640 ;; flags: >>>>> qr rd >>>>> ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >>>>> >>>>> ;; OPT PSEUDOSECTION: >>>>> ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: >>>>> 95959d4651f663c701000000629ffbe2c34562879fb6e153 (good) ;; >> QUESTION >>>>> SECTION: >>>>> ;c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. IN CNAME >>>>> >>>>> ;; Query time: 31 msec >>>>> ;; SERVER: 127.0.0.1#53(127.0.0.1) >>>>> ;; WHEN: Tue Jun 07 21:31:14 EDT 2022 ;; MSG SIZE rcvd: 106 >>>>> >>>>> This problem recently showed up. >>>>> >>>>> >>>>> DC=pukey >>>>> Default-First-Site-Name\KEFKA via RPC >>>>> DSA object GUID: >>>>> c0ad4d18-ce25-4198-8e21-694c0727fecf >>>>> Last attempt @ Tue Jun 7 21:30:34 2022 EDT failed, >>>>> result 2 >>>>> (WERR_FILE_NOT_FOUND) >>>>> 173 consecutive failure(s). >>>>> Last success @ Tue Jun 7 07:08:36 2022 EDT >>>>> >>>>> -- >>>>> To unsubscribe from this list go to the following URL and read the >>>>> instructions:https://lists.samba.org/mailman/options/samba >>> I did manage to fix the errors but replication and wbinfo isn't >>> working still. >>> >>> >> There are no Windows PCs on my network. >> >> # samba-tool drs showrepl >> Default-First-Site-Name\KEFKA >> DSA Options: 0x00000001 >> DSA object GUID: c0ad4d18-ce25-4198-8e21-694c0727fecf >> DSA invocationId: 1d62f06e-5929-482d-8daf-2e0e9c720498 >> >> ==== INBOUND NEIGHBORS ===>> >> DC=DomainDnsZones,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:04:35 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 207 consecutive failure(s). >> Last success @ Sun Jun 5 20:46:34 2022 EDT >> >> DC=DomainDnsZones,DC=pukey >> Default-First-Site-Name\OLYMPIA via RPC >> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 508 consecutive failure(s). >> Last success @ NTTIME(0) >> >> DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 207 consecutive failure(s). >> Last success @ Sun Jun 5 20:46:35 2022 EDT >> >> DC=pukey >> Default-First-Site-Name\OLYMPIA via RPC >> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 505 consecutive failure(s). >> Last success @ NTTIME(0) >> >> DC=ForestDnsZones,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 207 consecutive failure(s). >> Last success @ Sun Jun 5 20:46:35 2022 EDT >> >> DC=ForestDnsZones,DC=pukey >> Default-First-Site-Name\OLYMPIA via RPC >> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 506 consecutive failure(s). >> Last success @ NTTIME(0) >> >> CN=Configuration,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 206 consecutive failure(s). >> Last success @ Sun Jun 5 20:46:35 2022 EDT >> >> CN=Configuration,DC=pukey >> Default-First-Site-Name\OLYMPIA via RPC >> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 506 consecutive failure(s). >> Last success @ NTTIME(0) >> >> CN=Schema,CN=Configuration,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 206 consecutive failure(s). >> Last success @ Sun Jun 5 20:46:36 2022 EDT >> >> CN=Schema,CN=Configuration,DC=pukey >> Default-First-Site-Name\OLYMPIA via RPC >> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 511 consecutive failure(s). >> Last success @ NTTIME(0) >> >> ==== OUTBOUND NEIGHBORS ===>> >> DC=DomainDnsZones,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 12112 consecutive failure(s). >> Last success @ NTTIME(0) >> >> DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 12106 consecutive failure(s). >> Last success @ NTTIME(0) >> >> DC=ForestDnsZones,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 12111 consecutive failure(s). >> Last success @ NTTIME(0) >> >> CN=Configuration,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 12105 consecutive failure(s). >> Last success @ NTTIME(0) >> >> CN=Schema,CN=Configuration,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 12101 consecutive failure(s). >> Last success @ NTTIME(0) >> >> ==== KCC CONNECTION OBJECTS ===>> >> Connection -- >> Connection name: 4e81be67-ab19-482d-8985-c420b4003b32 >> Enabled : TRUE >> Server DNS name : olympia.pukey >> Server DN name : CN=NTDS >> Settings,CN=OLYMPIA,CN=Servers,CN=Default-First-Site- >> Name,CN=Sites,CN=Configuration,DC=pukey >> TransportType: RPC >> options: 0x00000001 >> Warning: No NC replicated for Connection! >> Connection -- >> Connection name: 1242565f-0730-4a91-992e-cf62266af8fb >> Enabled : TRUE >> Server DNS name : serenity.pukey >> Server DN name : CN=NTDS >> Settings,CN=SERENITY,CN=Servers,CN=Default-First-Site- >> Name,CN=Sites,CN=Configuration,DC=pukey >> TransportType: RPC >> options: 0x00000001 >> Warning: No NC replicated for Connection! >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions:https://lists.samba.org/mailman/options/samba >#samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey InfrastructureMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey RidAllocationMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey PdcEmulationMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey DomainNamingMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey ?# samba-tool domain demote GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using olympia.pukey as partner server for the demotion Using binding ncacn_ip_tcp:olympia.pukey[,seal] resolve_lmhosts: Attempting lmhosts lookup for name olympia.pukey<0x20> resolve_lmhosts: Attempting lmhosts lookup for name olympia.pukey<0x20> Deactivating inbound replication Asking partner server olympia.pukey to synchronize from us Error while replicating out last local changes from 'CN=Schema,CN=Configuration,DC=pukey' for demotion, re-enabling inbound replication ERROR(<class 'samba.WERRORError'>): Error while sending a DsReplicaSync for partition 'CN=Schema,CN=Configuration,DC=pukey' - (2, 'WERR_FILE_NOT_FOUND') ? File "/usr/lib64/python3.6/site-packages/samba/netcmd/domain.py", line 826, in run ??? drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1) Samba does not handle DNS, Bind does.