samba - Jan 2016 - showrepl is showing a deleted connexion

Hi everybody,

One of my DC crash this afternoon (dead disk).
I can't remove this DC server from windows GUI (computer object from <
users and computers >) and NTDS settings from < sites and services >
because windows GUI error.

So i manually remove this old server :

-          Clean all DNS stuff (tpc, sites, kerberos, kpasswd, srv entries.....)

-          With apache directory studio, i connect to ldap and remove NTDS
settings under site's tree (configuration -> sites -> my_old_site)
After that, windows GUI is good, no more DC's computer object or NTDS
settings

But
A samba-tool drs showrepl gives :

==== OUTBOUND NEIGHBORS ===....
DC=pr,DC=educationetformation,DC=fr
        NTDS DN: CN=NTDS
Settings\0ADEL:1e23b3de-ae49-406d-bd33-e233b168945c,CN=DC540\0ADEL:ceeb7300-2411-4e05-83e2-e4ebf521f145,CN=Servers\0ADEL:85d2165b-0a31-4f90-be71-e2b73c8eb88a,CN=SaintSaens\0ADEL:f23842e5-e22b-4ad2-9cb3-a72fe0dd73dd,CN=Sites,CN=Configuration,DC=pr,DC=educationetformation,DC=fr
                DSA object GUID: 1e23b3de-ae49-406d-bd33-e233b168945c
                Last attempt @ Thu Jan 21 19:44:00 2016 CET failed, result 87
(WERR_INVALID_PARAM)
                1932 consecutive failure(s).
                Last success @ NTTIME(0)
....

This object is not visible from ldap but is visible with ldbsearch on
CONFIGURATION ldb
If I ldbdel this object, samba-tool drs showrepl failed :

==== OUTBOUND NEIGHBORS ===
ERROR(runtime): DsReplicaGetInfo of type 4294967294 failed - (8442,
'WERR_DS_DRA_INTERNAL_ERROR')

So I ldbadd this object (previously backup up), no more ERROR(runtime) but i can
see again wrong connexion from samba-tool drs showrepl....
Any idea to clean drs showrepl from this deleted object ?
Thanks for all
Samba 4.3.3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You shoud remove alle DC-date with this script:
https://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f
97-0e1cc4d577f3
Than you can ben sure that alle the metadate is removed. Then clean
only the DNS-entries by hand

Am 21.01.2016 um 20:09 schrieb MORILLO Jordi:
> Hi everybody,
> 
> One of my DC crash this afternoon (dead disk). I can't remove this
> DC server from windows GUI (computer object from < users and
> computers >) and NTDS settings from < sites and services > because
> windows GUI error.
> 
> So i manually remove this old server :
> 
> -          Clean all DNS stuff (tpc, sites, kerberos, kpasswd, srv
> entries.....)
> 
> -          With apache directory studio, i connect to ldap and
> remove NTDS settings under site's tree (configuration -> sites ->
> my_old_site) After that, windows GUI is good, no more DC's computer
> object or NTDS settings
> 
> But A samba-tool drs showrepl gives :
> 
> ==== OUTBOUND NEIGHBORS ==== .... 
> DC=pr,DC=educationetformation,DC=fr NTDS DN: CN=NTDS
> Settings\0ADEL:1e23b3de-ae49-406d-bd33-e233b168945c,CN=DC540\0ADEL:cee
b7300-2411-4e05-83e2-e4ebf521f145,CN=Servers\0ADEL:85d2165b-0a31-4f90-be
71-e2b73c8eb88a,CN=SaintSaens\0ADEL:f23842e5-e22b-4ad2-9cb3-a72fe0dd73dd
,CN=Sites,CN=Configuration,DC=pr,DC=educationetformation,DC=fr
>
> 
DSA object GUID: 1e23b3de-ae49-406d-bd33-e233b168945c
> Last attempt @ Thu Jan 21 19:44:00 2016 CET failed, result 87
> (WERR_INVALID_PARAM) 1932 consecutive failure(s). Last success @
> NTTIME(0) ....
> 
> This object is not visible from ldap but is visible with ldbsearch
> on CONFIGURATION ldb If I ldbdel this object, samba-tool drs
> showrepl failed :
> 
> ==== OUTBOUND NEIGHBORS ===> 
> ERROR(runtime): DsReplicaGetInfo of type 4294967294 failed - (8442,
> 'WERR_DS_DRA_INTERNAL_ERROR')
> 
> So I ldbadd this object (previously backup up), no more
> ERROR(runtime) but i can see again wrong connexion from samba-tool
> drs showrepl.... Any idea to clean drs showrepl from this deleted
> object ? Thanks for all Samba 4.3.3
> 

- -- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlah5CEACgkQ2JOGcNAHDTbmoQCfdKK0uNK5QUmqyN0B6ZW1Sqvr
0jwAoKNnsFZmSNIXitYMmP8Wqr1CBXwj
=dZgV
-----END PGP SIGNATURE-----

Solved !
Thanks for the script.
In my case, it was just too late.
I have just found a ugly but working solution:
From Configuration, Schema, Domaindnszones, forestdnszones and principal, I
remove using ldbdel a "repsTo" binary object.
No more trouble with drs showrepl :-)

-----Message d'origine-----
De : samba [mailto:samba-bounces at lists.samba.org] De la part de Stefan Kania
Envoyé : vendredi 22 janvier 2016 09:35
À : samba at lists.samba.org
Objet : Re: [Samba] showrepl is showing a deleted connexion

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You shoud remove alle DC-date with this script:
https://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f
97-0e1cc4d577f3
Than you can ben sure that alle the metadate is removed. Then clean only the
DNS-entries by hand

Am 21.01.2016 um 20:09 schrieb MORILLO Jordi:
> Hi everybody,
> 
> One of my DC crash this afternoon (dead disk). I can't remove this DC 
> server from windows GUI (computer object from < users and computers
>)
> and NTDS settings from < sites and services > because windows GUI 
> error.
> 
> So i manually remove this old server :
> 
> -          Clean all DNS stuff (tpc, sites, kerberos, kpasswd, srv
> entries.....)
> 
> -          With apache directory studio, i connect to ldap and
> remove NTDS settings under site's tree (configuration -> sites ->
> my_old_site) After that, windows GUI is good, no more DC's computer 
> object or NTDS settings
> 
> But A samba-tool drs showrepl gives :
> 
> ==== OUTBOUND NEIGHBORS ==== .... 
> DC=pr,DC=educationetformation,DC=fr NTDS DN: CN=NTDS 
> Settings\0ADEL:1e23b3de-ae49-406d-bd33-e233b168945c,CN=DC540\0ADEL:cee
b7300-2411-4e05-83e2-e4ebf521f145,CN=Servers\0ADEL:85d2165b-0a31-4f90-be
71-e2b73c8eb88a,CN=SaintSaens\0ADEL:f23842e5-e22b-4ad2-9cb3-a72fe0dd73dd
,CN=Sites,CN=Configuration,DC=pr,DC=educationetformation,DC=fr
>
> 
DSA object GUID: 1e23b3de-ae49-406d-bd33-e233b168945c
> Last attempt @ Thu Jan 21 19:44:00 2016 CET failed, result 87
> (WERR_INVALID_PARAM) 1932 consecutive failure(s). Last success @
> NTTIME(0) ....
> 
> This object is not visible from ldap but is visible with ldbsearch on 
> CONFIGURATION ldb If I ldbdel this object, samba-tool drs showrepl 
> failed :
> 
> ==== OUTBOUND NEIGHBORS ===> 
> ERROR(runtime): DsReplicaGetInfo of type 4294967294 failed - (8442,
> 'WERR_DS_DRA_INTERNAL_ERROR')
> 
> So I ldbadd this object (previously backup up), no more
> ERROR(runtime) but i can see again wrong connexion from samba-tool drs 
> showrepl.... Any idea to clean drs showrepl from this deleted object ? 
> Thanks for all Samba 4.3.3
> 

- --
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlah5CEACgkQ2JOGcNAHDTbmoQCfdKK0uNK5QUmqyN0B6ZW1Sqvr
0jwAoKNnsFZmSNIXitYMmP8Wqr1CBXwj
=dZgV
-----END PGP SIGNATURE-----

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba