samba - Feb 2023 - Replication between Samba DCs (on different sites)?

On 07/02/2023 18:35, Lorenzo Milesi via samba wrote:
> 
> 
>> A little more context, manual replication unfortunately doesn't
help:
> 
> Last (sorry for the spam, I'm starting to forget things):
> 
> # dig _ldap._tcp.pdc._msdcs.wdc.domain.it srv
> 
> ;; ANSWER SECTION:
> _ldap._tcp.pdc._msdcs.wdc.domain.it. 900 IN SRV 0 100 389
dc1.wdc.domain.it.
> 
> 
If DC and dc3 are working correctly, I would demote DC2 (forcibly if 
necessary) then seize the FSMO roles to one of the good DC's. Once you 
are sure that your domain is working correctly, find anything to do with 
the dead DC in AD and remove it. Now add a new DC (I would use a new 
name and IP), hopefully everything should be okay after all that.

Rowland

> If DC and dc3 are working correctly, I would demote DC2 (forcibly if
> necessary) then seize the FSMO roles to one of the good DC's. Once you
> are sure that your domain is working correctly, find anything to do with
> the dead DC in AD and remove it. Now add a new DC (I would use a new
> name and IP), hopefully everything should be okay after all that.
Thanks.
Apparently, DC1&3 looks fine, showrepl is ALL GOOD.


I'm afraid to ask, but is there any option to retain IP/hostname?
-- 
Lorenzo Milesi - lorenzo.milesi at yetopen.com 
CTO @ YetOpen Srl

Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood
Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com  | Phone +1 919-817-8106 - info.us
at yetopen.com

Think green - Non stampare questa e-mail se non necessario / Don't print
this email unless necessary

-------- D.Lgs. 196/2003 e GDPR 679/2016 --------
Tutte le informazioni contenute in questo messaggio sono riservate ed a uso
esclusivo del destinatario.
Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da
ritenere confidenziali e riservate secondo i termini
del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo
679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non
autorizzata.
Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad
eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci
non appena possibile.
Grazie.

Confidentiality notice: this email message including any attachment is for the
sole use of the intended recipient and may contain confidential and privileged
information;
pursuant to Legislative Decree 196/2003 and the European General Data Protection
Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or
distribution
is prohibited. If you are not the intended recepient please delete this message
without copying, printing or forwarding it to others, and alert us as soon as
possible.
Thank you.

07.02.2023 21:44, Rowland Penny via samba ?????:
..
> If DC and dc3 are working correctly, I would demote DC2 (forcibly if
necessary) then seize the FSMO roles to one of the good DC's. Once you are
sure
> that your domain is working correctly, find anything to do with the dead DC
in AD and remove it. Now add a new DC (I would use a new name and IP),
> hopefully everything should be okay after all that.
Rowland, this happened at least 3 times already, all after upgrade.
I really regret that I followed your suggestion and did that force-thing,
but at that time I didn't know it will be a common problem.  At least I
were able to try to figure out what's going on. Yes I need help from
someone who understands this part of samba and/or protocols involved,
but I sure am able to perform quite some debugging without requiring
to be babysitted with every step. Now once I "fixed" my situation with
force, I don't have that issue anymore and can't find out what was
actually wrong.

The problem here is common and it will be much more common once people
start upgrading. Maybe there's a bug in debian packaging, maybe it is
a prob with samba code, maybe something  else, I dunno.

Lorenzo seems to be able to do some basic debugging too.. maybe we
can use this opportunity and try to understand what is going on,
instead of using the force?

Thanks,

/mjt

> If DC and dc3 are working correctly, I would demote DC2 (forcibly if
> necessary) then seize the FSMO roles to one of the good DC's. Once you
> are sure that your domain is working correctly, find anything to do with
> the dead DC in AD and remove it. Now add a new DC (I would use a new
> name and IP), hopefully everything should be okay after all that.
As I haven't been able to make any step forward, I ended up following this
advice.
I stopped samba on dc2 and wiped etc and var/lib, then demoted dc2 as dead from
another dc. I followed this path as being dc2 out of sync with the other DCs, it
was unable to correctly communicate and populate the correct DNS records.
Whenever I joined it to the domain, it was still on its own.

Then I made a fresh install of samba, joined the domain and replication is
reported as ALL GOOD on all hosts.

Thanks again for the support.

-- 
Lorenzo Milesi - lorenzo.milesi at yetopen.com 
CTO @ YetOpen Srl

Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood
Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com  | Phone +1 919-817-8106 - info.us
at yetopen.com

Think green - Non stampare questa e-mail se non necessario / Don't print
this email unless necessary

-------- D.Lgs. 196/2003 e GDPR 679/2016 --------
Tutte le informazioni contenute in questo messaggio sono riservate ed a uso
esclusivo del destinatario.
Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da
ritenere confidenziali e riservate secondo i termini
del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo
679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non
autorizzata.
Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad
eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci
non appena possibile.
Grazie.

Confidentiality notice: this email message including any attachment is for the
sole use of the intended recipient and may contain confidential and privileged
information;
pursuant to Legislative Decree 196/2003 and the European General Data Protection
Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or
distribution
is prohibited. If you are not the intended recepient please delete this message
without copying, printing or forwarding it to others, and alert us as soon as
possible.
Thank you.