Help, my Samba DC's refuse to sync :-(
I have 2 Samba 4.1.17 DC servers. I made some changes via Active Directory
USer and Computers on Windows. However even after a weekend the changes do
not appear on the second DC.
If I run
samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator
--filter=msDS-NcType,serverState,subrefs
I see:
************************************************************
Password for [OFFICE\administrator]:
* Comparing [DOMAIN] context...
* DN lists have different size: 397 != 396
CN=NICO-PC-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office
CN=NICO-VM,CN=Computers,DC=win,DC=office
CN=dcim,CN=Computers,DC=win,DC=office
CN=NICO-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office
CN=dcim,OU=Servers,OU=DomainComputers,DC=win,DC=office
* Objects to be compared: 394
Comparing:
'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc1]
'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc2]
Difference in attribute values:
homeDirectory =>
['\\\\storage\\virtpc']
['\\\\storage.office\\virtpc']
FAILED
...[snip removed lots of similar errors for all other users]...
* Result for [DOMAIN]: FAILURE
SUMMARY
---------
Attributes with different values:
homeDirectory
Attributes found only in ldap://dc2:
description
* Comparing [CONFIGURATION] context...
* Objects to be compared: 1615
* Result for [CONFIGURATION]: SUCCESS
* Comparing [SCHEMA] context...
* Objects to be compared: 1550
* Result for [SCHEMA]: SUCCESS
* Comparing [DNSDOMAIN] context...
* Objects to be compared: 56
* Result for [DNSDOMAIN]: SUCCESS
* Comparing [DNSFOREST] context...
* Objects to be compared: 18
* Result for [DNSFOREST]: SUCCESS
ERROR: Compare failed: -1
*************************************************************************
Running a manual replication seems to work fine:
samba-tool drs replicate dc2 dc1 DC=win,DC=office
Replicate from dc1 to dc2 was successful.
However nothing changes, when I do an ldapcmp I still see the same errors.
What am I doing wrong? (Note: the clocks are synchronised) I've been
trying to solve this for a week now but I cannot figure out what is going
wrong.
Nico
--
Nico De Ranter
Operations Engineer
T. +32 16 40 12 82
M. +32 497 91 53 78
<http://www.esaturnus.com>
eSATURNUS
Romeinse straat 12
3001 Leuven – Belgium
T. +32 16 40 12 82
F. +32 16 40 84 77
www.esaturnus.com
<http://www.esaturnus.com/>
Hai, Reboot both servers first, DC1 and wait until its fully up, then reboot DC2, and run the replicate again but now like this : samba-tool drs replicate dc_WITH_FSMO_ROLES dc_TO_SYNC_TO DC=win,DC=office report if this worked. And check with this one, you can run it on any samba DC. https://secure.bazuin.nl/scripts/samba-check-db-repl.sh configure it, and run it, and report back. For the configure, NT_ADMIN_USER/PASS is sufficient. And set CONFIGURED to yes Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nico De Ranter > Verzonden: maandag 18 januari 2016 11:34 > Aan: samba > Onderwerp: [Samba] Samba DC sync issues - help > > Help, my Samba DC's refuse to sync :-( > > I have 2 Samba 4.1.17 DC servers. I made some changes via Active > Directory > USer and Computers on Windows. However even after a weekend the changes > do > not appear on the second DC. > > If I run > samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator > --filter=msDS-NcType,serverState,subrefs > > I see: > > ************************************************************ > > Password for [OFFICE\administrator]: > > * Comparing [DOMAIN] context... > > * DN lists have different size: 397 != 396 > CN=NICO-PC-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office > CN=NICO-VM,CN=Computers,DC=win,DC=office > CN=dcim,CN=Computers,DC=win,DC=office > CN=NICO-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office > CN=dcim,OU=Servers,OU=DomainComputers,DC=win,DC=office > > * Objects to be compared: 394 > Comparing: > 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc1] > 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc2] > Difference in attribute values: > homeDirectory => > ['\\\\storage\\virtpc'] > ['\\\\storage.office\\virtpc'] > FAILED > ...[snip removed lots of similar errors for all other users]... > > * Result for [DOMAIN]: FAILURE > > SUMMARY > --------- > > Attributes with different values: > > homeDirectory > > Attributes found only in ldap://dc2: > > description > > * Comparing [CONFIGURATION] context... > > * Objects to be compared: 1615 > > * Result for [CONFIGURATION]: SUCCESS > > * Comparing [SCHEMA] context... > > * Objects to be compared: 1550 > > * Result for [SCHEMA]: SUCCESS > > * Comparing [DNSDOMAIN] context... > > * Objects to be compared: 56 > > * Result for [DNSDOMAIN]: SUCCESS > > * Comparing [DNSFOREST] context... > > * Objects to be compared: 18 > > * Result for [DNSFOREST]: SUCCESS > ERROR: Compare failed: -1 > > ************************************************************************* > > Running a manual replication seems to work fine: > samba-tool drs replicate dc2 dc1 DC=win,DC=office > Replicate from dc1 to dc2 was successful. > > However nothing changes, when I do an ldapcmp I still see the same errors. > What am I doing wrong? (Note: the clocks are synchronised) I've been > trying to solve this for a week now but I cannot figure out what is going > wrong. > > Nico > > > > -- > Nico De Ranter > > Operations Engineer > > T. +32 16 40 12 82 > > M. +32 497 91 53 78 > > > <http://www.esaturnus.com> > > > > eSATURNUS > Romeinse straat 12 > 3001 Leuven – Belgium > > T. +32 16 40 12 82 > F. +32 16 40 84 77 > www.esaturnus.com > > > > > > <http://www.esaturnus.com/> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Hello Nico, Your completely right, sorry about that. samba-tool drs replicate dc_2_REPLICATE2 SOURCE DC=win,DC=office and if needed you can try one of the options --full-sync Still errors after a reboot? Greetz, Louis Van: Nico De Ranter [mailto:nico.deranter at esaturnus.com] Verzonden: maandag 18 januari 2016 15:19 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] Samba DC sync issues - help Hi Louis, just to make sure I'm not going to overwrite my working dc with the one which is out of sync: samba-tool drs replicate dc_WITH_FSMO_ROLES dc_TO_SYNC_TO DC=win,DC=office according to the man page the first dc is the destination, the second is the source. In my case that would mean syncing from dc2 to dc1. Is that really what I should do as dc2 is the one which is out of sync. Nico On Mon, Jan 18, 2016 at 12:04 PM, L.P.H. van Belle <belle at bazuin.nl> wrote: Hai, Reboot both servers first, DC1 and wait until its fully up, then reboot DC2, and run the replicate again but now like this : samba-tool drs replicate dc_WITH_FSMO_ROLES dc_TO_SYNC_TO DC=win,DC=office report if this worked. And check with this one, you can run it on any samba DC. https://secure.bazuin.nl/scripts/samba-check-db-repl.sh configure it, and run it, and report back. For the configure, NT_ADMIN_USER/PASS is sufficient. And set CONFIGURED to yes Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nico De Ranter > Verzonden: maandag 18 januari 2016 11:34 > Aan: samba > Onderwerp: [Samba] Samba DC sync issues - help> > Help, my Samba DC's refuse to sync :-( > > I have 2 Samba 4.1.17 DC servers. I made some changes via Active > Directory > USer and Computers on Windows. However even after a weekend the changes > do > not appear on the second DC. > > If I run > samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator > --filter=msDS-NcType,serverState,subrefs > > I see: > > ************************************************************ > > Password for [OFFICE\administrator]: > > * Comparing [DOMAIN] context... > > * DN lists have different size: 397 != 396 > CN=NICO-PC-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office > CN=NICO-VM,CN=Computers,DC=win,DC=office > CN=dcim,CN=Computers,DC=win,DC=office > CN=NICO-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office > CN=dcim,OU=Servers,OU=DomainComputers,DC=win,DC=office > > * Objects to be compared: 394 > Comparing: > 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc1] > 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc2] > Difference in attribute values: > homeDirectory => > ['\\\\storage\\virtpc'] > ['\\\\storage.office\\virtpc'] > FAILED > ...[snip removed lots of similar errors for all other users]... > > * Result for [DOMAIN]: FAILURE > > SUMMARY > --------- > > Attributes with different values: > > homeDirectory > > Attributes found only in ldap://dc2: > > description > > * Comparing [CONFIGURATION] context... > > * Objects to be compared: 1615 > > * Result for [CONFIGURATION]: SUCCESS > > * Comparing [SCHEMA] context... > > * Objects to be compared: 1550 > > * Result for [SCHEMA]: SUCCESS > > * Comparing [DNSDOMAIN] context... > > * Objects to be compared: 56 > > * Result for [DNSDOMAIN]: SUCCESS > > * Comparing [DNSFOREST] context... > > * Objects to be compared: 18 > > * Result for [DNSFOREST]: SUCCESS > ERROR: Compare failed: -1 > > ************************************************************************* > > Running a manual replication seems to work fine: > samba-tool drs replicate dc2 dc1 DC=win,DC=office > Replicate from dc1 to dc2 was successful. > > However nothing changes, when I do an ldapcmp I still see the same errors. > What am I doing wrong? (Note: the clocks are synchronised) I've been > trying to solve this for a week now but I cannot figure out what is going > wrong. > > Nico > > > > -- > Nico De Ranter > > Operations Engineer > > T. +32 16 40 12 82 > > M. +32 497 91 53 78 > >> <http://www.esaturnus.com> > > > > eSATURNUS > Romeinse straat 12 > 3001 Leuven – Belgium > > T. +32 16 40 12 82 > F. +32 16 40 84 77 > www.esaturnus.com > > > > > > <http://www.esaturnus.com/> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Nico De Ranter Operations Engineer T. +32 16 40 12 82 M. +32 497 91 53 78 eSATURNUS Romeinse straat 12 3001 Leuven – Belgium T. +32 16 40 12 82 F. +32 16 40 84 77 www.esaturnus.com
Hi Louis, Rebooted DC1 Rebooted DC2 Ran "samba-tool drs replicate dc1 dc2 DC=win,DC=office" Replicate from dc2 to dc1 was successful. Unfortunately samba-check-db-repl.sh seems to be hanging when doing 'kinit Administrator ' (if seems ' echo"pwd" | kinit Administrator' doesn't seem to manage to pass on the password for some reason) However when I now run an ldapcmp I see success everywhere. When I update something via Windows and run ldapcmp afterwards everything is still ok. So either the reboot of dc1 fixed it (I didn't try that before as it was the one running my whole network as dc2 was down) or the reverse replicate fixed it (am I totaly misunderstaning 'samba-tool drs replcate destination source' or is the manual wrong?) Thank you very much for your help! Nico On Mon, Jan 18, 2016 at 12:04 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:> Hai, > > Reboot both servers first, DC1 and wait until its fully up, then reboot > DC2, and run the replicate again but now like this : > > samba-tool drs replicate dc_WITH_FSMO_ROLES dc_TO_SYNC_TO DC=win,DC=office > > report if this worked. > > And check with this one, you can run it on any samba DC. > https://secure.bazuin.nl/scripts/samba-check-db-repl.sh > > configure it, and run it, and report back. > For the configure, NT_ADMIN_USER/PASS is sufficient. > And set CONFIGURED to yes > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nico De Ranter > > Verzonden: maandag 18 januari 2016 11:34 > > Aan: samba > > Onderwerp: [Samba] Samba DC sync issues - help > > > > Help, my Samba DC's refuse to sync :-( > > > > I have 2 Samba 4.1.17 DC servers. I made some changes via Active > > Directory > > USer and Computers on Windows. However even after a weekend the changes > > do > > not appear on the second DC. > > > > If I run > > samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator > > --filter=msDS-NcType,serverState,subrefs > > > > I see: > > > > ************************************************************ > > > > Password for [OFFICE\administrator]: > > > > * Comparing [DOMAIN] context... > > > > * DN lists have different size: 397 != 396 > > CN=NICO-PC-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office > > CN=NICO-VM,CN=Computers,DC=win,DC=office > > CN=dcim,CN=Computers,DC=win,DC=office > > CN=NICO-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office > > CN=dcim,OU=Servers,OU=DomainComputers,DC=win,DC=office > > > > * Objects to be compared: 394 > > Comparing: > > 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc1] > > 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc2] > > Difference in attribute values: > > homeDirectory => > > ['\\\\storage\\virtpc'] > > ['\\\\storage.office\\virtpc'] > > FAILED > > ...[snip removed lots of similar errors for all other users]... > > > > * Result for [DOMAIN]: FAILURE > > > > SUMMARY > > --------- > > > > Attributes with different values: > > > > homeDirectory > > > > Attributes found only in ldap://dc2: > > > > description > > > > * Comparing [CONFIGURATION] context... > > > > * Objects to be compared: 1615 > > > > * Result for [CONFIGURATION]: SUCCESS > > > > * Comparing [SCHEMA] context... > > > > * Objects to be compared: 1550 > > > > * Result for [SCHEMA]: SUCCESS > > > > * Comparing [DNSDOMAIN] context... > > > > * Objects to be compared: 56 > > > > * Result for [DNSDOMAIN]: SUCCESS > > > > * Comparing [DNSFOREST] context... > > > > * Objects to be compared: 18 > > > > * Result for [DNSFOREST]: SUCCESS > > ERROR: Compare failed: -1 > > > > ************************************************************************* > > > > Running a manual replication seems to work fine: > > samba-tool drs replicate dc2 dc1 DC=win,DC=office > > Replicate from dc1 to dc2 was successful. > > > > However nothing changes, when I do an ldapcmp I still see the same > errors. > > What am I doing wrong? (Note: the clocks are synchronised) I've been > > trying to solve this for a week now but I cannot figure out what is going > > wrong. > > > > Nico > > > > >-- Nico De Ranter Operations Engineer T. +32 16 40 12 82 M. +32 497 91 53 78 <http://www.esaturnus.com> eSATURNUS Romeinse straat 12 3001 Leuven – Belgium T. +32 16 40 12 82 F. +32 16 40 84 77 www.esaturnus.com <http://www.esaturnus.com/>
Hai Nico, Ok great, its fixed, and yes, i do think that the reboot fixed it, dont ask my why, i dont know.. i only know the fix ;-) Seen this few times before.. About the script, did you run it without the password in the script or with the password in the script? So i can check whats wrong there. Your running samba 4.1.17 ? on which os? Greetz, Louis Van: Nico De Ranter [mailto:nico.deranter at esaturnus.com] Verzonden: maandag 18 januari 2016 15:57 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] Samba DC sync issues - help Hi Louis, Rebooted DC1 Rebooted DC2 Ran "samba-tool drs replicate dc1 dc2 DC=win,DC=office" Replicate from dc2 to dc1 was successful. Unfortunately samba-check-db-repl.sh seems to be hanging when doing 'kinit Administrator ' (if seems ' echo"pwd" | kinit Administrator' doesn't seem to manage to pass on the password for some reason) However when I now run an ldapcmp I see success everywhere. When I update something via Windows and run ldapcmp afterwards everything is still ok. So either the reboot of dc1 fixed it (I didn't try that before as it was the one running my whole network as dc2 was down) or the reverse replicate fixed it (am I totaly misunderstaning 'samba-tool drs replcate destination source' or is the manual wrong?) Thank you very much for your help! Nico On Mon, Jan 18, 2016 at 12:04 PM, L.P.H. van Belle <belle at bazuin.nl> wrote: Hai, Reboot both servers first, DC1 and wait until its fully up, then reboot DC2, and run the replicate again but now like this : samba-tool drs replicate dc_WITH_FSMO_ROLES dc_TO_SYNC_TO DC=win,DC=office report if this worked. And check with this one, you can run it on any samba DC. https://secure.bazuin.nl/scripts/samba-check-db-repl.sh configure it, and run it, and report back. For the configure, NT_ADMIN_USER/PASS is sufficient. And set CONFIGURED to yes Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nico De Ranter > Verzonden: maandag 18 januari 2016 11:34 > Aan: samba > Onderwerp: [Samba] Samba DC sync issues - help> > Help, my Samba DC's refuse to sync :-( > > I have 2 Samba 4.1.17 DC servers. I made some changes via Active > Directory > USer and Computers on Windows. However even after a weekend the changes > do > not appear on the second DC. > > If I run > samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator > --filter=msDS-NcType,serverState,subrefs > > I see: > > ************************************************************ > > Password for [OFFICE\administrator]: > > * Comparing [DOMAIN] context... > > * DN lists have different size: 397 != 396 > CN=NICO-PC-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office > CN=NICO-VM,CN=Computers,DC=win,DC=office > CN=dcim,CN=Computers,DC=win,DC=office > CN=NICO-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office > CN=dcim,OU=Servers,OU=DomainComputers,DC=win,DC=office > > * Objects to be compared: 394 > Comparing: > 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc1] > 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc2] > Difference in attribute values: > homeDirectory => > ['\\\\storage\\virtpc'] > ['\\\\storage.office\\virtpc'] > FAILED > ...[snip removed lots of similar errors for all other users]... > > * Result for [DOMAIN]: FAILURE > > SUMMARY > --------- > > Attributes with different values: > > homeDirectory > > Attributes found only in ldap://dc2: > > description > > * Comparing [CONFIGURATION] context... > > * Objects to be compared: 1615 > > * Result for [CONFIGURATION]: SUCCESS > > * Comparing [SCHEMA] context... > > * Objects to be compared: 1550 > > * Result for [SCHEMA]: SUCCESS > > * Comparing [DNSDOMAIN] context... > > * Objects to be compared: 56 > > * Result for [DNSDOMAIN]: SUCCESS > > * Comparing [DNSFOREST] context... > > * Objects to be compared: 18 > > * Result for [DNSFOREST]: SUCCESS > ERROR: Compare failed: -1 > > ************************************************************************* > > Running a manual replication seems to work fine: > samba-tool drs replicate dc2 dc1 DC=win,DC=office > Replicate from dc1 to dc2 was successful. > > However nothing changes, when I do an ldapcmp I still see the same errors. > What am I doing wrong? (Note: the clocks are synchronised) I've been > trying to solve this for a week now but I cannot figure out what is going > wrong. > > Nico > >-- Nico De Ranter Operations Engineer T. +32 16 40 12 82 M. +32 497 91 53 78 eSATURNUS Romeinse straat 12 3001 Leuven – Belgium T. +32 16 40 12 82 F. +32 16 40 84 77 www.esaturnus.com