Stefan G. Weichinger
2022-Nov-24 10:12 UTC
[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Am 24.11.22 um 10:32 schrieb Stefan G. Weichinger via samba:> I might have to restart samba-ad-dc.service, but wait for feedback ...couldn't wait anymore restarting didn't help decided to stop, demote adc1 from adc2 (offline demote) because online demoting fails: root at adc1:~# samba-tool domain demote -U Administrator Using adc2.arbeitsgruppe.my.tld as partner server for the demotion Password for [ARBEITSGRUPPE\Administrator]: Deactivating inbound replication Asking partner server adc2.arbeitsgruppe.my.tld to synchronize from us Error while replicating out last local changes from 'CN=Schema,CN=Configuration,DC=arbeitsgruppe,DC=ikw-amstetten,DC=at' for demotion, re-enabling inbound replication ERROR(<class 'samba.WERRORError'>): Error while sending a DsReplicaSync for partition 'CN=Schema,CN=Configuration,DC=arbeitsgruppe,DC=ikw-amstetten,DC=at' - (31, 'WERR_GEN_FAILURE') File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 860, in run drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1) join succeeded, winbind still failing after that. initally replication seems to work but fails soon after starting adc1 Maybe I have something wrong in AD now, some wrong objects or so? "dbcheck" lists old components for ADC1, but no errors. Help appreciated ...
Stefan G. Weichinger
2022-Nov-24 11:10 UTC
[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Am 24.11.22 um 11:12 schrieb Stefan G. Weichinger via samba:> "dbcheck" lists old components for ADC1, but no errors.ran dbcheck with --fix etc, cleared some errors demoted adc1 again join: seems to work mostly, but look at adc2:/var/log/samba/log.samba: [2022/11/24 12:08:32.516992, 0] ../../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:10.0.0.231[49153,seal,krb5,target_hostname=2ea0c6cd-cc15-4db7-8fe3-378491fc08e8._msdcs.arbeitsgruppe.my.tld,target_principal=GC/adc1.arbeitsgruppe.my.tld/arbeitsgruppe.my.tld,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.0.0.230] NT_STATUS_UNSUCCESSFUL [2022/11/24 12:08:32.577452, 2] ../../source4/librpc/rpc/dcerpc.c:1150(dcerpc_bind_recv_handler) dcerpc: bind_nak reason 0 - NT_STATUS_UNSUCCESSFUL somehow the 2 DCs can't talk to each other?