Zombie Ryushu
2022-Jun-08 09:59 UTC
[Samba] Replication is broken due to Bind DNS resolution
On 6/8/22 05:53, L. van Belle via samba wrote:> Which server is the best of the 3? > move the FSMO roles (* for now) to that server. I suggest SERENITY. > > Test in order, en repeat that in every test, exact same order.. > 1) SERENITY > 2) OLYMPIA > 3) KEFA > > This is I think the best server order. > > How is the replication between SERENITY and OLYMPIA, are these good. > if these don?t show errors then that?s your new base. > > so, most looks ok, do the following. > > Remove KEFA from AD domain. > Steps : > https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC > > After its removed, you need to verify/use ldapsearch to check if all A and PTR and names are gone. > only and only your sure, its all going. > > Change the /etc/resolv.conf and point it to SERENITY > now, Reprovison it. > > That should do it. > > The key thing, be sure all old entries are gone and removed and tripple checked. > > How that it helps for you. > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba<samba-bounces at lists.samba.org> Namens Zombie Ryushu via >> samba >> Verzonden: woensdag 8 juni 2022 11:09 >> Aan:samba at lists.samba.org >> Onderwerp: Re: [Samba] Replication is broken due to Bind DNS resolution >> >> On 6/8/22 05:03, Zombie Ryushu via samba wrote: >>> On 6/8/22 04:31, L. van Belle via samba wrote: >>>> No, Samba Replication is not broken due to Bind DNS resolution. >>>> its broken because of a outdated and/or failty setup, but your close >>>> now to the fix. >>>> >>>> on all servers, run : >>>> samba-tool drs showrepl >>>> and >>>> samba-tool dbcheck --cross-nc >>>> and fix it all. >>>> >>>> this server : > c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. >>>> 900 IN CNAME kefka.pukey. >>>> its missing in sites and services, >>>> >>>> * most probley due other servers being turned off, scaveing, don?t >>>> know, your thread is hard to follow you need to readd it. >>>> >>>> So, I don?t know if you use the RSAT windows tools, goto "Active >>>> Directry Sites and Services" >>>> Your missing a server there, re-add it, I don?t know the CLI for >>>> that, never used it. >>>> >>>> Then as last, find the best "working server, and then push that >>>> database to the other DC's. >>>> reboot the other server ( not the best working ) and check >>>> replication again. >>>> >>>> I hope this helps a bit. >>>> >>>> Greetz, >>>> >>>> Louis >>>> >>>> >>>> >>>> >>>> >>>>> -----Oorspronkelijk bericht----- >>>>> Van: samba<samba-bounces at lists.samba.org> Namens Zombie Ryushu >> via >>>>> samba >>>>> Verzonden: woensdag 8 juni 2022 03:33 >>>>> Aan:samba at lists.samba.org >>>>> Onderwerp: [Samba] Replication is broken due to Bind DNS resolution >>>>> >>>>> _msdcs.pukey. 900 IN NS >>>>> kefka.pukey. >>>>> 602bdd9f-a9a0-411d-9f1b-04a63ea93653._msdcs.pukey. 900 IN CNAME >>>>> serenity.pukey. >>>>> c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. 900 IN CNAME >>>>> kefka.pukey. >>>>> d02fb6d3-feec-46ec-bcb1-dad7bdd64e27._msdcs.pukey. 900 IN CNAME >>>>> olympia.pukey. >>>>> >>>>> dig CNAME c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. >>>>> >>>>> ; <<>> DiG 9.16.6 <<>> CNAME >>>>> c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. >>>>> ;; global options: +cmd >>>>> ;; Got answer: >>>>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22640 ;; flags: >>>>> qr rd >>>>> ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >>>>> >>>>> ;; OPT PSEUDOSECTION: >>>>> ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: >>>>> 95959d4651f663c701000000629ffbe2c34562879fb6e153 (good) ;; >> QUESTION >>>>> SECTION: >>>>> ;c0ad4d18-ce25-4198-8e21-694c0727fecf._msdcs.pukey. IN CNAME >>>>> >>>>> ;; Query time: 31 msec >>>>> ;; SERVER: 127.0.0.1#53(127.0.0.1) >>>>> ;; WHEN: Tue Jun 07 21:31:14 EDT 2022 ;; MSG SIZE rcvd: 106 >>>>> >>>>> This problem recently showed up. >>>>> >>>>> >>>>> DC=pukey >>>>> Default-First-Site-Name\KEFKA via RPC >>>>> DSA object GUID: >>>>> c0ad4d18-ce25-4198-8e21-694c0727fecf >>>>> Last attempt @ Tue Jun 7 21:30:34 2022 EDT failed, >>>>> result 2 >>>>> (WERR_FILE_NOT_FOUND) >>>>> 173 consecutive failure(s). >>>>> Last success @ Tue Jun 7 07:08:36 2022 EDT >>>>> >>>>> -- >>>>> To unsubscribe from this list go to the following URL and read the >>>>> instructions:https://lists.samba.org/mailman/options/samba >>> I did manage to fix the errors but replication and wbinfo isn't >>> working still. >>> >>> >> There are no Windows PCs on my network. >> >> # samba-tool drs showrepl >> Default-First-Site-Name\KEFKA >> DSA Options: 0x00000001 >> DSA object GUID: c0ad4d18-ce25-4198-8e21-694c0727fecf >> DSA invocationId: 1d62f06e-5929-482d-8daf-2e0e9c720498 >> >> ==== INBOUND NEIGHBORS ===>> >> DC=DomainDnsZones,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:04:35 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 207 consecutive failure(s). >> Last success @ Sun Jun 5 20:46:34 2022 EDT >> >> DC=DomainDnsZones,DC=pukey >> Default-First-Site-Name\OLYMPIA via RPC >> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 508 consecutive failure(s). >> Last success @ NTTIME(0) >> >> DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 207 consecutive failure(s). >> Last success @ Sun Jun 5 20:46:35 2022 EDT >> >> DC=pukey >> Default-First-Site-Name\OLYMPIA via RPC >> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 505 consecutive failure(s). >> Last success @ NTTIME(0) >> >> DC=ForestDnsZones,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 207 consecutive failure(s). >> Last success @ Sun Jun 5 20:46:35 2022 EDT >> >> DC=ForestDnsZones,DC=pukey >> Default-First-Site-Name\OLYMPIA via RPC >> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 506 consecutive failure(s). >> Last success @ NTTIME(0) >> >> CN=Configuration,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 206 consecutive failure(s). >> Last success @ Sun Jun 5 20:46:35 2022 EDT >> >> CN=Configuration,DC=pukey >> Default-First-Site-Name\OLYMPIA via RPC >> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 506 consecutive failure(s). >> Last success @ NTTIME(0) >> >> CN=Schema,CN=Configuration,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 206 consecutive failure(s). >> Last success @ Sun Jun 5 20:46:36 2022 EDT >> >> CN=Schema,CN=Configuration,DC=pukey >> Default-First-Site-Name\OLYMPIA via RPC >> DSA object GUID: d02fb6d3-feec-46ec-bcb1-dad7bdd64e27 >> Last attempt @ Wed Jun 8 05:04:36 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 511 consecutive failure(s). >> Last success @ NTTIME(0) >> >> ==== OUTBOUND NEIGHBORS ===>> >> DC=DomainDnsZones,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 12112 consecutive failure(s). >> Last success @ NTTIME(0) >> >> DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 12106 consecutive failure(s). >> Last success @ NTTIME(0) >> >> DC=ForestDnsZones,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 12111 consecutive failure(s). >> Last success @ NTTIME(0) >> >> CN=Configuration,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 12105 consecutive failure(s). >> Last success @ NTTIME(0) >> >> CN=Schema,CN=Configuration,DC=pukey >> Default-First-Site-Name\SERENITY via RPC >> DSA object GUID: 602bdd9f-a9a0-411d-9f1b-04a63ea93653 >> Last attempt @ Wed Jun 8 05:07:08 2022 EDT failed, result 2 >> (WERR_FILE_NOT_FOUND) >> 12101 consecutive failure(s). >> Last success @ NTTIME(0) >> >> ==== KCC CONNECTION OBJECTS ===>> >> Connection -- >> Connection name: 4e81be67-ab19-482d-8985-c420b4003b32 >> Enabled : TRUE >> Server DNS name : olympia.pukey >> Server DN name : CN=NTDS >> Settings,CN=OLYMPIA,CN=Servers,CN=Default-First-Site- >> Name,CN=Sites,CN=Configuration,DC=pukey >> TransportType: RPC >> options: 0x00000001 >> Warning: No NC replicated for Connection! >> Connection -- >> Connection name: 1242565f-0730-4a91-992e-cf62266af8fb >> Enabled : TRUE >> Server DNS name : serenity.pukey >> Server DN name : CN=NTDS >> Settings,CN=SERENITY,CN=Servers,CN=Default-First-Site- >> Name,CN=Sites,CN=Configuration,DC=pukey >> TransportType: RPC >> options: 0x00000001 >> Warning: No NC replicated for Connection! >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions:https://lists.samba.org/mailman/options/samba >#samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey InfrastructureMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey RidAllocationMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey PdcEmulationMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey DomainNamingMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey ?# samba-tool domain demote GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using olympia.pukey as partner server for the demotion Using binding ncacn_ip_tcp:olympia.pukey[,seal] resolve_lmhosts: Attempting lmhosts lookup for name olympia.pukey<0x20> resolve_lmhosts: Attempting lmhosts lookup for name olympia.pukey<0x20> Deactivating inbound replication Asking partner server olympia.pukey to synchronize from us Error while replicating out last local changes from 'CN=Schema,CN=Configuration,DC=pukey' for demotion, re-enabling inbound replication ERROR(<class 'samba.WERRORError'>): Error while sending a DsReplicaSync for partition 'CN=Schema,CN=Configuration,DC=pukey' - (2, 'WERR_FILE_NOT_FOUND') ? File "/usr/lib64/python3.6/site-packages/samba/netcmd/domain.py", line 826, in run ??? drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1) Samba does not handle DNS, Bind does.
Rowland Penny
2022-Jun-08 10:10 UTC
[Samba] Replication is broken due to Bind DNS resolution
On Wed, 2022-06-08 at 05:59 -0400, Zombie Ryushu via samba wrote:> > > Samba does not handle DNS, Bind does.How many times do I have to tell you, Samba must be authoritative for the DNS domain, if you use Bind9, you must also use BIND_DLZ and no flatfiles. The domain DNS zones must be in AD. Rowland