Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline, I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer
Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer
Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer
On 2012-06-13 17:10, steve wrote:> On 12/06/12 19:19, G?mes G?za wrote: >> On 2012-06-12 12:16, Morten Kramer wrote: >>> Hi guys, >>> >>> >>> I'm trying to get the Samba4 multi-master replication to work. > >> >> With your setup DNS is the single point of failure, because with the >> (default) DLZ setup bind9 is able to serve DNS records only when samba4 >> is running on that box. >> My recommendation would be to try to set up DNS on the second DC too. >> > > Hi > Would both DC's and every client have both IP's in their resolv.conf > (or whatever windoze calls it)? > Cheers, > SteveShort answer: Yes Longer answer: The easiest is to do that via dhcp Regards Geza
Apparently Analagous Threads
- NT_STATUS_INTERNAL_DB_CORRUPTION messages in log.samba--proper course of action?
- check password script for samba 4 ad dc
- check password script for samba 4 ad dc
- Problems attaching Windows server as secondary DC.
- replication fails after internal error 11 / panic