Lorenzo Milesi
2023-Feb-08 11:10 UTC
[Samba] Replication between Samba DCs (on different sites)?
> Replication is still not working on dc2: > root at dc2~# samba-tool drs replicate dc2 dc1 > DC=ForestDnsZones,DC=wdc,DC=domain,DC=it > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND') > File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570, in run > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, > NC, req_options) > File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 100, in > sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr)I found this [1] message, I checked my DNS and I have the same situation as shacky, dc2 DNS records are missing in the _msdcs zone. Same in the main domain zone, NS records exist only for dc1 and dc3. Running upgradedns reports everything is fine: root at dc2:~# samba_upgradedns --dns-backend=BIND9_DLZ Reading domain information DNS accounts already exist No zone file /var/lib/samba/bind-dns/dns/WDC.DOMAIN.IT.zone (normal) DNS partitions already exist dns-dc2 account already exists See /var/lib/samba/bind-dns/named.conf for an example configuration include file for BIND and /var/lib/samba/bind-dns/named.txt for further documentation required for secure DNS updates Finished upgrading DNS I checked the DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com record in /var/lib/samba/private/sam.ldb and all DCs have one (although dc2 is the only one full capital). [1] https://lists.samba.org/archive/samba/2019-December/227432.html -- Lorenzo Milesi - lorenzo.milesi at yetopen.com CTO @ YetOpen Srl Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood Avenue - Suite 200 - Raleigh, NC 27612 - USA - Tel +39 0341 220 205 - info.it at yetopen.com | Phone +1 919-817-8106 - info.us at yetopen.com Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary -------- D.Lgs. 196/2003 e GDPR 679/2016 -------- Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information; pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible. Thank you.
Rowland Penny
2023-Feb-08 11:43 UTC
[Samba] Replication between Samba DCs (on different sites)?
On 08/02/2023 11:10, Lorenzo Milesi via samba wrote:> >> Replication is still not working on dc2: >> root at dc2~# samba-tool drs replicate dc2 dc1 >> DC=ForestDnsZones,DC=wdc,DC=domain,DC=it >> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >> drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND') >> File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570, in run >> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, >> NC, req_options) >> File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 100, in >> sendDsReplicaSync >> raise drsException("DsReplicaSync failed %s" % estr) > > I found this [1] message, I checked my DNS and I have the same situation as shacky, dc2 DNS records are missing in the _msdcs zone. Same in the main domain zone, NS records exist only for dc1 and dc3.That thread referred to a domain that had started out as an early AD dns system, which is different from what is used now. However, I do not really think it can have anything to do with with your domain, mainly because you have two fully working DC's. If you had the old dns system, all of your DC's would have the old dns system.> > Running upgradedns reports everything is fine: > root at dc2:~# samba_upgradedns --dns-backend=BIND9_DLZ > Reading domain information > DNS accounts already exist > No zone file /var/lib/samba/bind-dns/dns/WDC.DOMAIN.IT.zone (normal) > DNS partitions already exist > dns-dc2 account already exists > See /var/lib/samba/bind-dns/named.conf for an example configuration include file for BIND > and /var/lib/samba/bind-dns/named.txt for further documentation required for secure DNS updates > Finished upgrading DNS > > > I checked the DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com record in /var/lib/samba/private/sam.ldb and all DCs have one (although dc2 is the only one full capital).I wouldn't worry about that, it appears to be normal (for Samba anyway) Rowland