On 16/11/15 14:33, mathias dufresne wrote:> Another error coming often: > [2015/11/16 15:11:07.592598, 0] > ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv) > Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for > ncacn_ip_tcp:10.156.248.219[1024,seal,krb5,target_hostname=231cc777-1ab8-4b15-be6c-dcd218df48e9._msdcs.samba.domain.tld,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.156.248.221] > NT_STATUS_INVALID_PARAMETER > > Digging a bit further there is no "servicePrincipalName" for last added DC. > Using samba_spnupdate on FSMO owner or on newly added DC has no effect. > > I'm about to create these servicePrincipalName by hand to see if it could > solve my little issue. > > Cheers, > > mathias > > > 2015-11-16 14:40 GMT+01:00 mathias dufresne <infractory at gmail.com>: > >> Hi all, >> >> I have 3 DCs running Samba 4.3.1 in the same domain. They seem to work >> quiet well with coherent databases on each of them. >> >> After rebuilding my RPM to include systemd units, I've joined a Samba >> 4.3.1 today, using --domain-critical-only. The join was successful, the >> replication was not. This DC has only 146 objects in the DB when it should >> have a bit less than 50000 objects. >> >> As I was suspecting the newly built RPMs, I set up another DC using same >> RPMs as the ones used to prepare first 3 DC. I joined that 5th DC to the >> domain, successfully, but replication does not work too. >> >> Finally I installed 4.2.5 sernet's version, join it to the domain and >> still replication does not work. >> >> In log.samba from newly added DC there are lines: >> [2015/11/16 14:25:05.966500, 0] >> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit) >> ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit >> of transaction: operations error at >> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 >> [2015/11/16 14:25:05.968151, 0] >> ../source4/dsdb/repl/drepl_out_helpers.c:770(dreplsrv_op_pull_source_apply_changes_trigger) >> Failed to commit objects: >> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE >> >> Coming repetitively. >> >> One important thing is I changed FSMO owner on that domain once I switched >> from 4.3.0 to 4.3.1. >> As already discussed seizing FSMO does not modify DNS entry for SOA so I'd >> modified that manually plus lot of others entries to remove traces of old >> DCs. There is no more LDAP entry for these old DCs. >> >> If someone has some idea to solve that, he would be welcomed :) >> >> Cheers, >> >> mathias >> >>Have a look here: https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
That did not work. I've added DNS entries mentioned in that wiki page. I also forced creation of all entries mentioned by samba_dnsupdate --all-names --verbose. So I expect all needed DNS entries are present. If some are still missing they are not mentioned by samba_dnsupdate. And as samba_dnsupdate job is to create missing DNS entries, I dare rely on it. I expect the issue comes from missing servicePrincipalName. I'm wondering why these LDAP fields are not filled... Cheers, mathias 2015-11-16 15:39 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com>:> On 16/11/15 14:33, mathias dufresne wrote: > >> Another error coming often: >> [2015/11/16 15:11:07.592598, 0] >> ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv) >> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for >> >> ncacn_ip_tcp:10.156.248.219[1024,seal,krb5,target_hostname=231cc777-1ab8-4b15-be6c-dcd218df48e9._msdcs.samba.domain.tld,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.156.248.221] >> NT_STATUS_INVALID_PARAMETER >> >> Digging a bit further there is no "servicePrincipalName" for last added >> DC. >> Using samba_spnupdate on FSMO owner or on newly added DC has no effect. >> >> I'm about to create these servicePrincipalName by hand to see if it could >> solve my little issue. >> >> Cheers, >> >> mathias >> >> >> 2015-11-16 14:40 GMT+01:00 mathias dufresne <infractory at gmail.com>: >> >> Hi all, >>> >>> I have 3 DCs running Samba 4.3.1 in the same domain. They seem to work >>> quiet well with coherent databases on each of them. >>> >>> After rebuilding my RPM to include systemd units, I've joined a Samba >>> 4.3.1 today, using --domain-critical-only. The join was successful, the >>> replication was not. This DC has only 146 objects in the DB when it >>> should >>> have a bit less than 50000 objects. >>> >>> As I was suspecting the newly built RPMs, I set up another DC using same >>> RPMs as the ones used to prepare first 3 DC. I joined that 5th DC to the >>> domain, successfully, but replication does not work too. >>> >>> Finally I installed 4.2.5 sernet's version, join it to the domain and >>> still replication does not work. >>> >>> In log.samba from newly added DC there are lines: >>> [2015/11/16 14:25:05.966500, 0] >>> >>> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit) >>> ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit >>> of transaction: operations error at >>> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 >>> [2015/11/16 14:25:05.968151, 0] >>> >>> ../source4/dsdb/repl/drepl_out_helpers.c:770(dreplsrv_op_pull_source_apply_changes_trigger) >>> Failed to commit objects: >>> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE >>> >>> Coming repetitively. >>> >>> One important thing is I changed FSMO owner on that domain once I >>> switched >>> from 4.3.0 to 4.3.1. >>> As already discussed seizing FSMO does not modify DNS entry for SOA so >>> I'd >>> modified that manually plus lot of others entries to remove traces of old >>> DCs. There is no more LDAP entry for these old DCs. >>> >>> If someone has some idea to solve that, he would be welcomed :) >>> >>> Cheers, >>> >>> mathias >>> >>> >>> > Have a look here: > https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 16/11/15 15:09, mathias dufresne wrote:> That did not work. I've added DNS entries mentioned in that wiki page. I > also forced creation of all entries mentioned by samba_dnsupdate > --all-names --verbose. > So I expect all needed DNS entries are present. If some are still missing > they are not mentioned by samba_dnsupdate. And as samba_dnsupdate job is to > create missing DNS entries, I dare rely on it. > > I expect the issue comes from missing servicePrincipalName. > > I'm wondering why these LDAP fields are not filled... > > Cheers, > > mathias > > 2015-11-16 15:39 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > >> On 16/11/15 14:33, mathias dufresne wrote: >> >>> Another error coming often: >>> [2015/11/16 15:11:07.592598, 0] >>> ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv) >>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for >>> >>> ncacn_ip_tcp:10.156.248.219[1024,seal,krb5,target_hostname=231cc777-1ab8-4b15-be6c-dcd218df48e9._msdcs.samba.domain.tld,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.156.248.221] >>> NT_STATUS_INVALID_PARAMETER >>> >>> Digging a bit further there is no "servicePrincipalName" for last added >>> DC. >>> Using samba_spnupdate on FSMO owner or on newly added DC has no effect. >>> >>> I'm about to create these servicePrincipalName by hand to see if it could >>> solve my little issue. >>> >>> Cheers, >>> >>> mathias >>> >>> >>> 2015-11-16 14:40 GMT+01:00 mathias dufresne <infractory at gmail.com>: >>> >>> Hi all, >>>> I have 3 DCs running Samba 4.3.1 in the same domain. They seem to work >>>> quiet well with coherent databases on each of them. >>>> >>>> After rebuilding my RPM to include systemd units, I've joined a Samba >>>> 4.3.1 today, using --domain-critical-only. The join was successful, the >>>> replication was not. This DC has only 146 objects in the DB when it >>>> should >>>> have a bit less than 50000 objects. >>>> >>>> As I was suspecting the newly built RPMs, I set up another DC using same >>>> RPMs as the ones used to prepare first 3 DC. I joined that 5th DC to the >>>> domain, successfully, but replication does not work too. >>>> >>>> Finally I installed 4.2.5 sernet's version, join it to the domain and >>>> still replication does not work. >>>> >>>> In log.samba from newly added DC there are lines: >>>> [2015/11/16 14:25:05.966500, 0] >>>> >>>> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit) >>>> ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit >>>> of transaction: operations error at >>>> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 >>>> [2015/11/16 14:25:05.968151, 0] >>>> >>>> ../source4/dsdb/repl/drepl_out_helpers.c:770(dreplsrv_op_pull_source_apply_changes_trigger) >>>> Failed to commit objects: >>>> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE >>>> >>>> Coming repetitively. >>>> >>>> One important thing is I changed FSMO owner on that domain once I >>>> switched >>>> from 4.3.0 to 4.3.1. >>>> As already discussed seizing FSMO does not modify DNS entry for SOA so >>>> I'd >>>> modified that manually plus lot of others entries to remove traces of old >>>> DCs. There is no more LDAP entry for these old DCs. >>>> >>>> If someone has some idea to solve that, he would be welcomed :) >>>> >>>> Cheers, >>>> >>>> mathias >>>> >>>> >>>> >> Have a look here: >> https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >>Before you do anything else, have you tried rebooting the DC? Rowland