Michael Tokarev
2022-Nov-14 20:21 UTC
[Samba] Replication between Samba DCs (on different sites)?
14.11.2022 20:45, Kris Lou via samba ?????:>>> I'm trying to create another VM, with a 3rd DC, to see if having a >>> DC in the same site will help... >> >> So, I created a second DC on the same Site as our first DC. And >> it instantly enabled and activated replication, samba-tool drs showrepl >> shows active connections between the two DCs, and changes made on one >> of the DCs becomes immediately visible on the other. >> >> But the replication between two DCs in diferent sites does not seem to >> be enabled. What is the way to enable it? > > Are AD Sites configured? If so, I believe that individual links also need > to be specified between the sites.Ok. It looks like the transport works, or appears to. But the replication doesn't. On one side/site, it shows: SVDCP# samba-tool drs showrepl Pereslavl-Office\SVDCP DSA Options: 0x00000001 DSA object GUID: 59c9c7d7-d099-4191-a322-7f03403988a4 DSA invocationId: 843ecc66-03a4-43dd-816e-b9d242b4a3d9 ==== INBOUND NEIGHBORS === DC=tls,DC=msk,DC=ru Moscow-Office\AI via RPC DSA object GUID: 91a56cbe-38b3-493c-b132-d1042d0aa021 Last attempt @ Mon Nov 14 23:07:31 2022 MSK was successful 0 consecutive failure(s). Last success @ Mon Nov 14 23:07:31 2022 MSK ... ==== OUTBOUND NEIGHBORS === ==== KCC CONNECTION OBJECTS === Connection -- Connection name: AI Enabled : TRUE Server DNS name : ai.tls.msk.ru Server DN name : CN=NTDS Settings,CN=AI,CN=Servers,CN=Moscow-Office,CN=Sites,CN=Configuration,DC=tls,DC=msk,DC=ru TransportType: RPC options: 0x00000000 Warning: No NC replicated for Connection! Connection -- Connection name: be0ce147-739a-4725-aaa2-33686eee44cb Enabled : TRUE Server DNS name : ai.tls.msk.ru Server DN name : CN=NTDS Settings,CN=AI,CN=Servers,CN=Moscow-Office,CN=Sites,CN=Configuration,DC=tls,DC=msk,DC=ru TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! which looks promising (the dots ".." shows similar entries for 4 other partitions). But on the other side, it does not: AI# samba-tool drs showrepl Moscow-Office\AI DSA Options: 0x00000001 DSA object GUID: 91a56cbe-38b3-493c-b132-d1042d0aa021 DSA invocationId: 1cf73086-45c7-434e-a078-775c7f52bb0a ==== INBOUND NEIGHBORS === DC=tls,DC=msk,DC=ru Pereslavl-Office\SVDCP via RPC DSA object GUID: 59c9c7d7-d099-4191-a322-7f03403988a4 Last attempt @ Mon Nov 14 23:09:48 2022 MSK failed, result 2 (WERR_FILE_NOT_FOUND) 6 consecutive failure(s). Last success @ NTTIME(0) ... ==== OUTBOUND NEIGHBORS === DC=tls,DC=msk,DC=ru Pereslavl-Office\SVDCP via RPC DSA object GUID: 59c9c7d7-d099-4191-a322-7f03403988a4 Last attempt @ Mon Nov 14 23:12:34 2022 MSK failed, result 2 (WERR_FILE_NOT_FOUND) 1 consecutive failure(s). Last success @ NTTIME(0) ... ==== KCC CONNECTION OBJECTS === Connection -- Connection name: SVDCP Enabled : TRUE Server DNS name : svdcp.tls.msk.ru Server DN name : CN=NTDS Settings,CN=SVDCP,CN=Servers,CN=Pereslavl-Office,CN=Sites,CN=Configuration,DC=tls,DC=msk,DC=ru TransportType: RPC options: 0x00000000 Warning: No NC replicated for Connection! It is interesting the first one shows only inbound connections, all successful, while the other shows both, and all unsuccessful. I don't see what to do with these now.. Which file it can't find, where to look for any clues? I tried 'samba-tool drs replicate' manually on AI, but it also shows this error: AI# samba-tool drs replicate ai svdcp 'CN=Configuration,DC=tls,DC=msk,DC=ru' ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND') File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570, in run drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options) File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92, in sendDsReplicaSync raise drsException("DsReplicaSync failed %s" % estr) Re-creating the second DC gives the same results. Where to come from here, how to debug this? Thanks! /mjt
Michael Tokarev
2022-Nov-14 21:07 UTC
[Samba] Replication between Samba DCs (on different sites)?
14.11.2022 23:21, Michael Tokarev via samba wrote: ...> I tried 'samba-tool drs replicate' manually on AI, but it also shows this > error: > > AI# samba-tool drs replicate ai svdcp 'CN=Configuration,DC=tls,DC=msk,DC=ru' > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND') > ? File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570, in run > ??? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options) > ? File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92, in sendDsReplicaSync > ??? raise drsException("DsReplicaSync failed %s" % estr)AI# samba-tool drs replicate ai svdcp 'CN=Configuration,DC=tls,DC=msk,DC=ru' -d 10 gives some wire traces (or looks like), it ends up like the remote is returning WERR_FILE_NOT_FOUND. And I don't see this error on the remote, all what I see remote reporting on the logs is WERR_OK. However, the other way it works fine: AI# samba-tool drs replicate svdcp ai 'CN=Configuration,DC=tls,DC=msk,DC=ru' Replicate from ai to svdcp was successful. It is even the same when run on SVDCP: SVDCP# samba-tool drs replicate ai svdcp 'CN=Configuration,DC=tls,DC=msk,DC=ru' ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND') File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570, in run drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options) File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92, in sendDsReplicaSync raise drsException("DsReplicaSync failed %s" % estr) SVDCP# samba-tool drs replicate svdcp ai 'CN=Configuration,DC=tls,DC=msk,DC=ru' Replicate from ai to svdcp was successful. Who is returning FILE_NOT_FOUND and for what file? Thank you! /mjt