samba - Dec 2012 - Samba AD replication on new installation of Samba 4.0

Hi,

Fantastic that Samba 4.0 has been released, I've just installed and joined
it to an existing AD (single Win2k8R2 server running Exchange).  The
installation seemed to go well but I'm seeing odd messages when I show the
replication status on both the Samba server and the Win2k8R2 server.  Is there
something I missed in the install?  I followed the instructions outlined at
https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

The problems I'm seeing are:

1. showrepl under Samba shows all inbound and outbound neighbours have
successfully replicated, but the last line after the KCC Connections Objects has
" Warning: No NC replicated for Connection!"  What would cause this?

2. under Windows showrepl (/all) shows all outbound neighbours have successfully
replicated, however, the inbound neighbours show failures for the first two
entries complaining of a schema mismatch.  The third entry shows success
(it's the schema replication). Everything else looks good

3. before joining the domain I ensured there was an A record and associated PTR
record for the Samba server. After joining I had to manually add the CNAME
record for the object GUID in _msdcs. Is this normal or should joining do this
automatically?

Below is the full output of showrepl on both the Samba and Windows servers.

Cheers,
Justin.

Samba output:

Brisbane\FSERVER
DSA Options: 0x00000001
DSA object GUID: dc3a9e08-fbbc-49dd-a3dd-2f3f6951f08e
DSA invocationId: 0118d84f-9308-461f-8727-7ee896988889

==== INBOUND NEIGHBORS ===
CN=Configuration,DC=redfish,DC=local
        Brisbane\EXCHANGE via RPC
                DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a
                Last attempt @ Mon Dec 31 15:12:49 2012 EST was successful
                0 consecutive failure(s).
                Last success @ Mon Dec 31 15:12:49 2012 EST

DC=ForestDnsZones,DC=redfish,DC=local
        Brisbane\EXCHANGE via RPC
                DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a
                Last attempt @ Mon Dec 31 15:12:49 2012 EST was successful
                0 consecutive failure(s).
                Last success @ Mon Dec 31 15:12:49 2012 EST

DC=DomainDnsZones,DC=redfish,DC=local
        Brisbane\EXCHANGE via RPC
                DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a
                Last attempt @ Mon Dec 31 15:12:49 2012 EST was successful
                0 consecutive failure(s).
                Last success @ Mon Dec 31 15:12:49 2012 EST

CN=Schema,CN=Configuration,DC=redfish,DC=local
        Brisbane\EXCHANGE via RPC
                DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a
                Last attempt @ Mon Dec 31 15:12:50 2012 EST was successful
                0 consecutive failure(s).
                Last success @ Mon Dec 31 15:12:50 2012 EST

DC=redfish,DC=local
        Brisbane\EXCHANGE via RPC
                DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a
                Last attempt @ Mon Dec 31 15:12:50 2012 EST was successful
                0 consecutive failure(s).
                Last success @ Mon Dec 31 15:12:50 2012 EST

==== OUTBOUND NEIGHBORS ===
CN=Configuration,DC=redfish,DC=local
        Brisbane\EXCHANGE via RPC
                DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a
                Last attempt @ Mon Dec 31 13:10:54 2012 EST was successful
                0 consecutive failure(s).
                Last success @ Mon Dec 31 13:10:54 2012 EST

CN=Schema,CN=Configuration,DC=redfish,DC=local
        Brisbane\EXCHANGE via RPC
                DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a
                Last attempt @ Mon Dec 31 13:10:59 2012 EST was successful
                0 consecutive failure(s).
                Last success @ Mon Dec 31 13:10:59 2012 EST

DC=redfish,DC=local
        Brisbane\EXCHANGE via RPC
                DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a
                Last attempt @ Mon Dec 31 13:10:59 2012 EST was successful
                0 consecutive failure(s).
                Last success @ Mon Dec 31 13:10:59 2012 EST

==== KCC CONNECTION OBJECTS ===
Connection --
        Connection name: f45f57b6-8835-47c8-ab9c-a4d1bdedf811
        Enabled        : TRUE
        Server DNS name : exchange.redfish.local
        Server DN name  : CN=NTDS
Settings,CN=EXCHANGE,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=redfish,DC=local
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!



Windows output:

Repadmin: running command /showrepl against full DC localhost
Brisbane\EXCHANGE
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 5fcb0cd6-461a-4b6a-bbea-1846d8b2758a
DSA invocationID: 2a3ebbfa-b68b-496a-8dd0-7a4966df4082

==== INBOUND NEIGHBORS =====================================
DC=redfish,DC=local
    Brisbane\FSERVER via RPC
        DSA object GUID: dc3a9e08-fbbc-49dd-a3dd-2f3f6951f08e
        Last attempt @ 2012-12-31 14:50:54 was delayed for a normal reason,
result 8418 (0x20e2):
    The replication operation failed because of a schema mismatch between the
servers involved.
        Last success @ (never).

CN=Configuration,DC=redfish,DC=local
    Brisbane\FSERVER via RPC
        DSA object GUID: dc3a9e08-fbbc-49dd-a3dd-2f3f6951f08e
        Last attempt @ 2012-12-31 15:14:07 was delayed for a normal reason,
result 8418 (0x20e2):
    The replication operation failed because of a schema mismatch between the
servers involved.
        Last success @ (never).

CN=Schema,CN=Configuration,DC=redfish,DC=local
    Brisbane\FSERVER via RPC
        DSA object GUID: dc3a9e08-fbbc-49dd-a3dd-2f3f6951f08e
        Last attempt @ 2012-12-31 15:14:07 was successful.

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ===========
DC=redfish,DC=local
    Brisbane\FSERVER via RPC
        DSA object GUID: dc3a9e08-fbbc-49dd-a3dd-2f3f6951f08e
        Last attempt @ 2012-12-31 15:19:32 was successful.

CN=Configuration,DC=redfish,DC=local
    Brisbane\FSERVER via RPC
        DSA object GUID: dc3a9e08-fbbc-49dd-a3dd-2f3f6951f08e
        Last attempt @ 2012-12-31 15:19:30 was successful.

CN=Schema,CN=Configuration,DC=redfish,DC=local
    Brisbane\FSERVER via RPC
        DSA object GUID: dc3a9e08-fbbc-49dd-a3dd-2f3f6951f08e
        Last attempt @ 2012-12-31 15:19:32 was successful.

DC=DomainDnsZones,DC=redfish,DC=local
    Brisbane\FSERVER via RPC
        DSA object GUID: dc3a9e08-fbbc-49dd-a3dd-2f3f6951f08e
        Last attempt @ 2012-12-31 15:19:30 was successful.

DC=ForestDnsZones,DC=redfish,DC=local
    Brisbane\FSERVER via RPC
        DSA object GUID: dc3a9e08-fbbc-49dd-a3dd-2f3f6951f08e
        Last attempt @ 2012-12-31 15:19:30 was successful.

==== KCC CONNECTION OBJECTS
===========================================Connection --
    Connection name : 70994a1f-ffc1-4dc9-a45c-c5fed0a88e00
    Server DNS name : exchange.redfish.local
    Server DN  name : CN=NTDS
Settings,CN=EXCHANGE,CN=Servers,CN=Brisbane,CN=Sites,CN=Configuration,DC=redfish,DC=local
        Source: Brisbane\FSERVER
                No Failures.
        TransportType: intrasite RPC
        options:  isGenerated
        ReplicatesNC: CN=Configuration,DC=redfish,DC=local
        Reason:  RingTopology
                Replica link has been added.
        ReplicatesNC: CN=Schema,CN=Configuration,DC=redfish,DC=local
        Reason:  RingTopology
                Replica link has been added.
        ReplicatesNC: DC=redfish,DC=local
        Reason:  RingTopology
                Replica link has been added.
1 connections found.

On Mon, 2012-12-31 at 05:34 +0000, Justin Clacherty
wrote:
> Hi,
> 
> Fantastic that Samba 4.0 has been released, I've just installed and
joined it to an existing AD (single Win2k8R2 server running Exchange).  The
installation seemed to go well but I'm seeing odd messages when I show the
replication status on both the Samba server and the Win2k8R2 server.  Is there
something I missed in the install?  I followed the instructions outlined at
https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
> 
> The problems I'm seeing are:
> 
> 1. showrepl under Samba shows all inbound and outbound neighbours have
successfully replicated, but the last line after the KCC Connections Objects has
" Warning: No NC replicated for Connection!"  What would cause this?
> 
> 2. under Windows showrepl (/all) shows all outbound neighbours have
successfully replicated, however, the inbound neighbours show failures for the
first two entries complaining of a schema mismatch.  The third entry shows
success (it's the schema replication). Everything else looks good
> 
> 3. before joining the domain I ensured there was an A record and associated
PTR record for the Samba server. After joining I had to manually add the CNAME
record for the object GUID in _msdcs. Is this normal or should joining do this
automatically?
No, you shouldn't need to add DNS information manually.  The
samba_dnsupdate script should run once Samba starts and handle all this.

As to why things are failing, and your mention of a schema mismatch, if
the import of the exchange schema has caused problems, this might be an
issue.  Are there any more details in the logs?

You might want to try current master, if you are in an experimental
mood, as we have some DRS improvements, but otherwise I'm sorry I can't
help more.

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org