Hi Marc,
Thanks for your reply.
On 18/07/2014 21:19, Marc Muehlfeld wrote:> Hello Fernando,
>
> Am 18.07.2014 20:14, schrieb Fernando Rodriguez:
>> I am having a problem while demoting a DC.
>>
>> The DC i want to demotes is still online. When i try to use the command
>> samba-tool domain demote this is the message i get:
>>
>> root at hoorn:/home/newhang# samba-tool domain demote
>> ERROR: Current DC is still the owner of 2 role(s), use the role command
>> to transfer roles to another DC
>> root at hoorn:/home/newhang#
>>
>> But after a fsmo show, all the roles belongs to another DC.
>> root at hoorn:/home/newhang# samba-tool fsmo show
>> InfrastructureMasterRole owner: CN=NTDS
>>
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
>>
>> RidAllocationMasterRole owner: CN=NTDS
>>
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
>>
>> PdcEmulationMasterRole owner: CN=NTDS
>>
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
>>
>> DomainNamingMasterRole owner: CN=NTDS
>>
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
>>
>> SchemaMasterRole owner: CN=NTDS
>>
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
>
>
> Sounds a bit like a split brain situation, that should never occour. Do
> you have an idea what could cause that?
>
> Who does your other DC(s) think, the 5 roles belong to?
>
> Is the replication between the DCs still working correct? Then try
> transfering/seizing all roles back to the DC you want to demote and then
> to an other again.
>
> If this doesn't help or the replication is broken, then we need to
> discuss different ways.
>
>
> Regards,
> Marc
>
I don't have any idea what could be the reason. I have three DC on my
domain. Volendam (first one), Tilburg (second), and Hoorn (third).
Volendam:
root at volendam:/home/newhang# samba-tool fsmo show
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
SchemaMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
root at volendam:/home/newhang# samba-tool drs showrepl
Default-First-Site-Name\VOLENDAM
DSA Options: 0x00000001
DSA object GUID: cb1b21b6-e525-426d-a277-c86110644b38
DSA invocationId: 5a66b068-ae8b-4f7b-8a6a-aa9aeb33ab2e
==== INBOUND NEIGHBORS ===
CN=Schema,CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\TILBURG via RPC
DSA object GUID: 0799ccb2-20c6-4f32-999c-ddb7a48a0ed6
Last attempt @ Sat Jul 19 12:25:49 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:25:49 2014 CEST
CN=Schema,CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:25:50 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:25:50 2014 CEST
CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\TILBURG via RPC
DSA object GUID: 0799ccb2-20c6-4f32-999c-ddb7a48a0ed6
Last attempt @ Sat Jul 19 12:25:50 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:25:50 2014 CEST
CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:25:51 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:25:51 2014 CEST
DC=DomainDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\TILBURG via RPC
DSA object GUID: 0799ccb2-20c6-4f32-999c-ddb7a48a0ed6
Last attempt @ Sat Jul 19 12:25:47 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:25:47 2014 CEST
DC=DomainDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:25:48 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:25:48 2014 CEST
DC=ForestDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\TILBURG via RPC
DSA object GUID: 0799ccb2-20c6-4f32-999c-ddb7a48a0ed6
Last attempt @ Sat Jul 19 12:25:48 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:25:48 2014 CEST
DC=ForestDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:25:49 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:25:49 2014 CEST
DC=solid-optics,DC=local
Default-First-Site-Name\TILBURG via RPC
DSA object GUID: 0799ccb2-20c6-4f32-999c-ddb7a48a0ed6
Last attempt @ Sat Jul 19 12:25:52 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:25:52 2014 CEST
DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:25:52 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:25:52 2014 CEST
==== OUTBOUND NEIGHBORS ===
CN=Schema,CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\TILBURG via RPC
DSA object GUID: 0799ccb2-20c6-4f32-999c-ddb7a48a0ed6
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\TILBURG via RPC
DSA object GUID: 0799ccb2-20c6-4f32-999c-ddb7a48a0ed6
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:24:23 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:24:23 2014 CEST
DC=DomainDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\TILBURG via RPC
DSA object GUID: 0799ccb2-20c6-4f32-999c-ddb7a48a0ed6
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\TILBURG via RPC
DSA object GUID: 0799ccb2-20c6-4f32-999c-ddb7a48a0ed6
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Fri Jul 18 17:18:06 2014 CEST was successful
0 consecutive failure(s).
Last success @ Fri Jul 18 17:18:06 2014 CEST
DC=solid-optics,DC=local
Default-First-Site-Name\TILBURG via RPC
DSA object GUID: 0799ccb2-20c6-4f32-999c-ddb7a48a0ed6
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: 01ddbc6d-9eb3-43cd-9cf3-b77e279c1305
Enabled : TRUE
Server DNS name : TILBURG.solid-optics.local
Server DN name : CN=NTDS
Settings,CN=TILBURG,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 3addea62-2b75-4f83-a56b-b3407db5ea27
Enabled : TRUE
Server DNS name : HOORN.solid-optics.local
Server DN name : CN=NTDS
Settings,CN=HOORN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
root at volendam:/home/newhang#
TILBURG
root at tilburg:/home/newhang# samba-tool fsmo show
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
SchemaMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
root at tilburg:/home/newhang# samba-tool drs showrepl
Default-First-Site-Name\TILBURG
DSA Options: 0x00000001
DSA object GUID: 0799ccb2-20c6-4f32-999c-ddb7a48a0ed6
DSA invocationId: d3b37458-35cf-4719-aed1-000335ccf439
==== INBOUND NEIGHBORS ===
CN=Schema,CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\VOLENDAM via RPC
DSA object GUID: cb1b21b6-e525-426d-a277-c86110644b38
Last attempt @ Sat Jul 19 12:26:31 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:26:31 2014 CEST
CN=Schema,CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:26:32 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:26:32 2014 CEST
CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\VOLENDAM via RPC
DSA object GUID: cb1b21b6-e525-426d-a277-c86110644b38
Last attempt @ Sat Jul 19 12:26:32 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:26:32 2014 CEST
CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:26:33 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:26:33 2014 CEST
DC=DomainDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\VOLENDAM via RPC
DSA object GUID: cb1b21b6-e525-426d-a277-c86110644b38
Last attempt @ Sat Jul 19 12:26:30 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:26:30 2014 CEST
DC=DomainDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:26:30 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:26:30 2014 CEST
DC=ForestDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\VOLENDAM via RPC
DSA object GUID: cb1b21b6-e525-426d-a277-c86110644b38
Last attempt @ Sat Jul 19 12:26:30 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:26:30 2014 CEST
DC=ForestDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:26:31 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:26:31 2014 CEST
DC=solid-optics,DC=local
Default-First-Site-Name\VOLENDAM via RPC
DSA object GUID: cb1b21b6-e525-426d-a277-c86110644b38
Last attempt @ Sat Jul 19 12:26:33 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:26:33 2014 CEST
DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:26:34 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:26:34 2014 CEST
==== OUTBOUND NEIGHBORS ===
CN=Schema,CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\VOLENDAM via RPC
DSA object GUID: cb1b21b6-e525-426d-a277-c86110644b38
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=solid-optics,DC=local
Default-First-Site-Name\VOLENDAM via RPC
DSA object GUID: cb1b21b6-e525-426d-a277-c86110644b38
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Sat Jul 19 12:24:23 2014 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jul 19 12:24:23 2014 CEST
DC=DomainDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\VOLENDAM via RPC
DSA object GUID: cb1b21b6-e525-426d-a277-c86110644b38
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=solid-optics,DC=local
Default-First-Site-Name\VOLENDAM via RPC
DSA object GUID: cb1b21b6-e525-426d-a277-c86110644b38
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=solid-optics,DC=local
Default-First-Site-Name\HOORN via RPC
DSA object GUID: b8bbec55-2f48-47b5-b606-d22e318b7c1f
Last attempt @ Fri Jul 18 17:18:06 2014 CEST was successful
0 consecutive failure(s).
Last success @ Fri Jul 18 17:18:06 2014 CEST
DC=solid-optics,DC=local
Default-First-Site-Name\VOLENDAM via RPC
DSA object GUID: cb1b21b6-e525-426d-a277-c86110644b38
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: 6d55f4b5-22e0-420b-a27f-e313a423079c
Enabled : TRUE
Server DNS name : VOLENDAM.solid-optics.local
Server DN name : CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 73f3d261-4ed7-4a3f-9822-47ec62d0c159
Enabled : TRUE
Server DNS name : HOORN.solid-optics.local
Server DN name : CN=NTDS
Settings,CN=HOORN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
root at tilburg:/home/newhang#
Hoorn
root at hoorn:/home/newhang# samba-tool fsmo show
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
SchemaMasterRole owner: CN=NTDS
Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
root at hoorn:/home/newhang# samba-tool drs showrepl
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
hoorn.solid-optics.local failed - drsException: DRS connection to
hoorn.solid-optics.local failed: (-1073741643, 'NT_STATUS_IO_TIMEOUT')
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py",
line
39, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions)
drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",
line
54, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server,
e))
root at hoorn:/home/newhang#
Even thath, hoorn can not ping to the domain, but it finds it on the DNS.
All DC points the roles to the shame DC, but hoorn is not replicating
from the other ones.root at hoorn:/home/newhang# ping solid-optics.local
ping: unknown host solid-optics.local
root at hoorn:/home/newhang# nslookup solid-optics.local
Server: 192.168.10.42
Address: 192.168.10.42#53
Name: solid-optics.local
Address: 192.168.10.42
Name: solid-optics.local
Address: 192.168.10.41
Name: solid-optics.local
Address: 192.168.10.37
root at hoorn:/home/newhang# cat /etc/resolv.conf
domain solid-optics.local
search solid-optics.local
nameserver 192.168.10.42
nameserver 192.168.10.41
nameserver 192.168.10.37
root at hoorn:/home/newhang#
Thanks for your help.