Solved ! Thanks for the script. In my case, it was just too late. I have just found a ugly but working solution: From Configuration, Schema, Domaindnszones, forestdnszones and principal, I remove using ldbdel a "repsTo" binary object. No more trouble with drs showrepl :-) -----Message d'origine----- De : samba [mailto:samba-bounces at lists.samba.org] De la part de Stefan Kania Envoyé : vendredi 22 janvier 2016 09:35 À : samba at lists.samba.org Objet : Re: [Samba] showrepl is showing a deleted connexion -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You shoud remove alle DC-date with this script: https://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f 97-0e1cc4d577f3 Than you can ben sure that alle the metadate is removed. Then clean only the DNS-entries by hand Am 21.01.2016 um 20:09 schrieb MORILLO Jordi:> Hi everybody, > > One of my DC crash this afternoon (dead disk). I can't remove this DC > server from windows GUI (computer object from < users and computers >) > and NTDS settings from < sites and services > because windows GUI > error. > > So i manually remove this old server : > > - Clean all DNS stuff (tpc, sites, kerberos, kpasswd, srv > entries.....) > > - With apache directory studio, i connect to ldap and > remove NTDS settings under site's tree (configuration -> sites -> > my_old_site) After that, windows GUI is good, no more DC's computer > object or NTDS settings > > But A samba-tool drs showrepl gives : > > ==== OUTBOUND NEIGHBORS ==== .... > DC=pr,DC=educationetformation,DC=fr NTDS DN: CN=NTDS > Settings\0ADEL:1e23b3de-ae49-406d-bd33-e233b168945c,CN=DC540\0ADEL:ceeb7300-2411-4e05-83e2-e4ebf521f145,CN=Servers\0ADEL:85d2165b-0a31-4f90-be 71-e2b73c8eb88a,CN=SaintSaens\0ADEL:f23842e5-e22b-4ad2-9cb3-a72fe0dd73dd ,CN=Sites,CN=Configuration,DC=pr,DC=educationetformation,DC=fr> >DSA object GUID: 1e23b3de-ae49-406d-bd33-e233b168945c> Last attempt @ Thu Jan 21 19:44:00 2016 CET failed, result 87 > (WERR_INVALID_PARAM) 1932 consecutive failure(s). Last success @ > NTTIME(0) .... > > This object is not visible from ldap but is visible with ldbsearch on > CONFIGURATION ldb If I ldbdel this object, samba-tool drs showrepl > failed : > > ==== OUTBOUND NEIGHBORS ===> > ERROR(runtime): DsReplicaGetInfo of type 4294967294 failed - (8442, > 'WERR_DS_DRA_INTERNAL_ERROR') > > So I ldbadd this object (previously backup up), no more > ERROR(runtime) but i can see again wrong connexion from samba-tool drs > showrepl.... Any idea to clean drs showrepl from this deleted object ? > Thanks for all Samba 4.3.3 >- -- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre E-Mail. Weiter Informationen unter http://www.gnupg.org Mein Schlüssel liegt auf hkp://subkeys.pgp.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlah5CEACgkQ2JOGcNAHDTbmoQCfdKK0uNK5QUmqyN0B6ZW1Sqvr 0jwAoKNnsFZmSNIXitYMmP8Wqr1CBXwj =dZgV -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Hi Jordi,> Solved ! > Thanks for the script. > In my case, it was just too late. > I have just found a ugly but working solution: > From Configuration, Schema, Domaindnszones, forestdnszones and principal, I remove using ldbdel a "repsTo" binary object. > No more trouble with drs showrepl :-)Indeed, samba-tool drs showrepl show in fact the repsfrom/repsto attributes. They should be created / deleted by kcc. However I have seen lingering repsto attributes in the past too and had to ldbedit to cleanup the mess. Ldbdel'eting an entry in "CN=Deleted Object" should be done with care. In your case, you still had a repsto referencing the GUID of that object, hence among other things the crash of samba-tool drs showrepl on the OUTBOUND NEIGHBOR part of the listing. However, I guess the initial condition is a bug and it should be the job of the KCC (or integrity check) to delete a repsto pointing to an object in Deleted Objects. Should check with Douglas and the dev team... Cheers, Denis> > -----Message d'origine----- > De : samba [mailto:samba-bounces at lists.samba.org] De la part de Stefan Kania > Envoyé : vendredi 22 janvier 2016 09:35 > À : samba at lists.samba.org > Objet : Re: [Samba] showrepl is showing a deleted connexion > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You shoud remove alle DC-date with this script: > https://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f > 97-0e1cc4d577f3 > Than you can ben sure that alle the metadate is removed. Then clean only the DNS-entries by hand > > Am 21.01.2016 um 20:09 schrieb MORILLO Jordi: >> Hi everybody, >> >> One of my DC crash this afternoon (dead disk). I can't remove this DC >> server from windows GUI (computer object from < users and computers >) >> and NTDS settings from < sites and services > because windows GUI >> error. >> >> So i manually remove this old server : >> >> - Clean all DNS stuff (tpc, sites, kerberos, kpasswd, srv >> entries.....) >> >> - With apache directory studio, i connect to ldap and >> remove NTDS settings under site's tree (configuration -> sites -> >> my_old_site) After that, windows GUI is good, no more DC's computer >> object or NTDS settings >> >> But A samba-tool drs showrepl gives : >> >> ==== OUTBOUND NEIGHBORS ==== .... >> DC=pr,DC=educationetformation,DC=fr NTDS DN: CN=NTDS >> Settings\0ADEL:1e23b3de-ae49-406d-bd33-e233b168945c,CN=DC540\0ADEL:cee > b7300-2411-4e05-83e2-e4ebf521f145,CN=Servers\0ADEL:85d2165b-0a31-4f90-be > 71-e2b73c8eb88a,CN=SaintSaens\0ADEL:f23842e5-e22b-4ad2-9cb3-a72fe0dd73dd > ,CN=Sites,CN=Configuration,DC=pr,DC=educationetformation,DC=fr >> >> > DSA object GUID: 1e23b3de-ae49-406d-bd33-e233b168945c >> Last attempt @ Thu Jan 21 19:44:00 2016 CET failed, result 87 >> (WERR_INVALID_PARAM) 1932 consecutive failure(s). Last success @ >> NTTIME(0) .... >> >> This object is not visible from ldap but is visible with ldbsearch on >> CONFIGURATION ldb If I ldbdel this object, samba-tool drs showrepl >> failed : >> >> ==== OUTBOUND NEIGHBORS ===>> >> ERROR(runtime): DsReplicaGetInfo of type 4294967294 failed - (8442, >> 'WERR_DS_DRA_INTERNAL_ERROR') >> >> So I ldbadd this object (previously backup up), no more >> ERROR(runtime) but i can see again wrong connexion from samba-tool drs >> showrepl.... Any idea to clean drs showrepl from this deleted object ? >> Thanks for all Samba 4.3.3 >> > > > - -- > Stefan Kania > Landweg 13 > 25693 St. Michaelisdonn > > > Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre > E-Mail. Weiter Informationen unter http://www.gnupg.org > > Mein Schlüssel liegt auf > > hkp://subkeys.pgp.net > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iEYEARECAAYFAlah5CEACgkQ2JOGcNAHDTbmoQCfdKK0uNK5QUmqyN0B6ZW1Sqvr > 0jwAoKNnsFZmSNIXitYMmP8Wqr1CBXwj > =dZgV > -----END PGP SIGNATURE----- >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr
Hi Denis, I have seen in an old post that you have tested new KCC from full mesh to bridge head at a french school. Is your "drs showrepl" correct on such DC's ? In my case, a drs showrepl is showing a full mesh on inbound and outbound (not good) but only 1 KCC connection objects (good) Where is a full description of my trouble: https://lists.samba.org/archive/samba/2015-December/196844.html Best regards -----Message d'origine----- De : Denis Cardon [mailto:denis.cardon at tranquil-it-systems.fr] Envoyé : vendredi 22 janvier 2016 14:31 À : MORILLO Jordi <J.Morillo at educationetformation.fr>; samba at lists.samba.org Objet : Re: [Samba] showrepl is showing a deleted connexion Hi Jordi,> Solved ! > Thanks for the script. > In my case, it was just too late. > I have just found a ugly but working solution: > From Configuration, Schema, Domaindnszones, forestdnszones and principal, I remove using ldbdel a "repsTo" binary object. > No more trouble with drs showrepl :-)Indeed, samba-tool drs showrepl show in fact the repsfrom/repsto attributes. They should be created / deleted by kcc. However I have seen lingering repsto attributes in the past too and had to ldbedit to cleanup the mess. Ldbdel'eting an entry in "CN=Deleted Object" should be done with care. In your case, you still had a repsto referencing the GUID of that object, hence among other things the crash of samba-tool drs showrepl on the OUTBOUND NEIGHBOR part of the listing. However, I guess the initial condition is a bug and it should be the job of the KCC (or integrity check) to delete a repsto pointing to an object in Deleted Objects. Should check with Douglas and the dev team... Cheers, Denis> > -----Message d'origine----- > De : samba [mailto:samba-bounces at lists.samba.org] De la part de Stefan > Kania Envoyé : vendredi 22 janvier 2016 09:35 À : > samba at lists.samba.org Objet : Re: [Samba] showrepl is showing a > deleted connexion > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You shoud remove alle DC-date with this script: > https://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede- > 9f > 97-0e1cc4d577f3 > Than you can ben sure that alle the metadate is removed. Then clean > only the DNS-entries by hand > > Am 21.01.2016 um 20:09 schrieb MORILLO Jordi: >> Hi everybody, >> >> One of my DC crash this afternoon (dead disk). I can't remove this DC >> server from windows GUI (computer object from < users and computers >> >) and NTDS settings from < sites and services > because windows GUI >> error. >> >> So i manually remove this old server : >> >> - Clean all DNS stuff (tpc, sites, kerberos, kpasswd, srv >> entries.....) >> >> - With apache directory studio, i connect to ldap and >> remove NTDS settings under site's tree (configuration -> sites -> >> my_old_site) After that, windows GUI is good, no more DC's computer >> object or NTDS settings >> >> But A samba-tool drs showrepl gives : >> >> ==== OUTBOUND NEIGHBORS ==== .... >> DC=pr,DC=educationetformation,DC=fr NTDS DN: CN=NTDS >> Settings\0ADEL:1e23b3de-ae49-406d-bd33-e233b168945c,CN=DC540\0ADEL:ce >> e > b7300-2411-4e05-83e2-e4ebf521f145,CN=Servers\0ADEL:85d2165b-0a31-4f90- > be > 71-e2b73c8eb88a,CN=SaintSaens\0ADEL:f23842e5-e22b-4ad2-9cb3-a72fe0dd73 > dd ,CN=Sites,CN=Configuration,DC=pr,DC=educationetformation,DC=fr >> >> > DSA object GUID: 1e23b3de-ae49-406d-bd33-e233b168945c >> Last attempt @ Thu Jan 21 19:44:00 2016 CET failed, result 87 >> (WERR_INVALID_PARAM) 1932 consecutive failure(s). Last success @ >> NTTIME(0) .... >> >> This object is not visible from ldap but is visible with ldbsearch on >> CONFIGURATION ldb If I ldbdel this object, samba-tool drs showrepl >> failed : >> >> ==== OUTBOUND NEIGHBORS ===>> >> ERROR(runtime): DsReplicaGetInfo of type 4294967294 failed - (8442, >> 'WERR_DS_DRA_INTERNAL_ERROR') >> >> So I ldbadd this object (previously backup up), no more >> ERROR(runtime) but i can see again wrong connexion from samba-tool >> drs showrepl.... Any idea to clean drs showrepl from this deleted object ? >> Thanks for all Samba 4.3.3 >> > > > - -- > Stefan Kania > Landweg 13 > 25693 St. Michaelisdonn > > > Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre > E-Mail. Weiter Informationen unter http://www.gnupg.org > > Mein Schlüssel liegt auf > > hkp://subkeys.pgp.net > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iEYEARECAAYFAlah5CEACgkQ2JOGcNAHDTbmoQCfdKK0uNK5QUmqyN0B6ZW1Sqvr > 0jwAoKNnsFZmSNIXitYMmP8Wqr1CBXwj > =dZgV > -----END PGP SIGNATURE----- >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr