samba - Mar 2016 - Error in Second Samba Domain Controller

So a little background, in my domain we have 2 domain controllers, the main
(A Windows Server 2008 R2), and a secondary that is was recently migrated
from Server 2003 R2 to Samba. Both domain controllers are offsite so we use
OpenVpn to connect them, dns is set to the samba domain controller then the
Windows server, this is due that the samba domain controller is up 24/7
while the Windows is only up for certain hours. So heres the problem, I can
still login to the domain when the main domain controller is online,
however as soon as it goes offline I can no longer login, I can still get
online so I know DNS is kinda working, however when issuing "samba-tool drs
showrepl"on the second domain controller I get

**ERROR(<class 'samba.drs_utils.drsException'*










*>): DRS connection toip-172-31-15-16.ad.mydomain.com
<http://ip-172-31-15-16.ad.mydomain.com/> <
<http://ip-172-31-15-16.ad.mydomain.com/>http://ip-172-31-15-16.ad
<http://ip-172-31-15-16.ad/> .mydomain.com
<http://mydomain.com>>failed -
drsException: DRS connection to ip-172-31-15-16.ad.mydomain.com
<http://ip-172-31-15-16.ad.mydomain.com/><
<http://ip-172-31-15-16.ad.mydomain.com/>http://ip-172-31-15-16.ad
<http://ip-172-31-15-16.ad/> .mydomain.com <http://mydomain.com>>
failed:
(-1073741772, 'The objectname is not found.')**  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py",line
39,
in drsuapi_connect**    (ctx.drsuapi, ctx.drsuapi_handle,
ctx.bind_supported_extensions) =drs_utils.drsuapi_connect(ctx.server,
ctx.lp, ctx.creds)**  File
"/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",line
54,
in drsuapi_connect**    raise drsException("DRS connection to %s failed:
%s" % (server, e))**

This is interesting becuase the IP that it is looking for is not mine, mine
is ip-172-31-15-161.ad.mylocaldomain.com

, I have logged into the DNS
management console many times and checked the records on the second (and
first) domain controller and the records look correct. Any suggestions?
-- 
Nicholas Rudd

Very short reply as I have to leave the office in few minutes...

I remember have read something about issues when using OpenVPN. For now I
don't remind what were these issues.

About log in issue: do you use AD Sites? As far as I understood this is THE
way to get failover. You create a site, you attribute a network (CIDR form)
to that site and then client would try to connect on one DC in the site
they belong. If no DC is available in the AD Site, the client will re-do
the DC search without including site in DNS request. This means the client
will try to find an available DC among all DC of your domain.

Could be also DNS issue I think but not enough information to tell for now.


2016-03-23 14:21 GMT+01:00 Nicholas Rudd <nicholas.m.rudd at gmail.com>:
> So a little background, in my domain we have 2 domain controllers, the main
> (A Windows Server 2008 R2), and a secondary that is was recently migrated
> from Server 2003 R2 to Samba. Both domain controllers are offsite so we use
> OpenVpn to connect them, dns is set to the samba domain controller then the
> Windows server, this is due that the samba domain controller is up 24/7
> while the Windows is only up for certain hours. So heres the problem, I can
> still login to the domain when the main domain controller is online,
> however as soon as it goes offline I can no longer login, I can still get
> online so I know DNS is kinda working, however when issuing
"samba-tool drs
> showrepl"on the second domain controller I get
>
> **ERROR(<class 'samba.drs_utils.drsException'*
>
>
>
>
>
>
>
>
>
>
> *>): DRS connection toip-172-31-15-16.ad.mydomain.com
> <http://ip-172-31-15-16.ad.mydomain.com/> <
> <http://ip-172-31-15-16.ad.mydomain.com/>http://ip-172-31-15-16.ad
> <http://ip-172-31-15-16.ad/> .mydomain.com
<http://mydomain.com>>failed -
> drsException: DRS connection to ip-172-31-15-16.ad.mydomain.com
> <http://ip-172-31-15-16.ad.mydomain.com/><
> <http://ip-172-31-15-16.ad.mydomain.com/>http://ip-172-31-15-16.ad
> <http://ip-172-31-15-16.ad/> .mydomain.com
<http://mydomain.com>> failed:
> (-1073741772, 'The objectname is not found.')**  File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py",line
39,
> in drsuapi_connect**    (ctx.drsuapi, ctx.drsuapi_handle,
> ctx.bind_supported_extensions) =drs_utils.drsuapi_connect(ctx.server,
> ctx.lp, ctx.creds)**  File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",line
54,
> in drsuapi_connect**    raise drsException("DRS connection to %s
failed:
> %s" % (server, e))**
>
> This is interesting becuase the IP that it is looking for is not mine, mine
> is ip-172-31-15-161.ad.mylocaldomain.com
>
> , I have logged into the DNS
> management console many times and checked the records on the second (and
> first) domain controller and the records look correct. Any suggestions?
> --
> Nicholas Rudd
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

I do not use AD sites, however I am willing to here you out a simple guide
would help since I have not used sites before, As for the error that I had
when trying to replication it was fixed by a simple entry in hosts file on
the samba computer. I am suspecting a DNS error is occurring somewhere
because I am having LDAP (my Macs log shows that after looking for the
cached ip address it timeout, Windows clams that a DNS record is not
correct) issues when only the second domain controller is online. Openvpn
doesn't appear to have any issues because on a different domain I have the
same setup (but with no Windows DC and only a Samba domain controller) and
it works fine.

On Thu, Mar 24, 2016 at 12:26 PM, mathias dufresne <infractory at
gmail.com>
wrote:
> Very short reply as I have to leave the office in few minutes...
>
> I remember have read something about issues when using OpenVPN. For now I
> don't remind what were these issues.
>
> About log in issue: do you use AD Sites? As far as I understood this is
> THE way to get failover. You create a site, you attribute a network (CIDR
> form) to that site and then client would try to connect on one DC in the
> site they belong. If no DC is available in the AD Site, the client will
> re-do the DC search without including site in DNS request. This means the
> client will try to find an available DC among all DC of your domain.
>
> Could be also DNS issue I think but not enough information to tell for now.
>
>
> 2016-03-23 14:21 GMT+01:00 Nicholas Rudd <nicholas.m.rudd at
gmail.com>:
>
>> So a little background, in my domain we have 2 domain controllers, the
>> main
>> (A Windows Server 2008 R2), and a secondary that is was recently
migrated
>> from Server 2003 R2 to Samba. Both domain controllers are offsite so we
>> use
>> OpenVpn to connect them, dns is set to the samba domain controller then
>> the
>> Windows server, this is due that the samba domain controller is up 24/7
>> while the Windows is only up for certain hours. So heres the problem, I
>> can
>> still login to the domain when the main domain controller is online,
>> however as soon as it goes offline I can no longer login, I can still
get
>> online so I know DNS is kinda working, however when issuing
"samba-tool
>> drs
>> showrepl"on the second domain controller I get
>>
>> **ERROR(<class 'samba.drs_utils.drsException'*
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *>): DRS connection toip-172-31-15-16.ad.mydomain.com
>> <http://ip-172-31-15-16.ad.mydomain.com/> <
>>
<http://ip-172-31-15-16.ad.mydomain.com/>http://ip-172-31-15-16.ad
>> <http://ip-172-31-15-16.ad/> .mydomain.com
<http://mydomain.com>>failed -
>> drsException: DRS connection to ip-172-31-15-16.ad.mydomain.com
>> <http://ip-172-31-15-16.ad.mydomain.com/><
>>
<http://ip-172-31-15-16.ad.mydomain.com/>http://ip-172-31-15-16.ad
>> <http://ip-172-31-15-16.ad/> .mydomain.com
<http://mydomain.com>> failed:
>> (-1073741772, 'The objectname is not found.')**  File
>>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py",line
>> 39,
>> in drsuapi_connect**    (ctx.drsuapi, ctx.drsuapi_handle,
>> ctx.bind_supported_extensions) =drs_utils.drsuapi_connect(ctx.server,
>> ctx.lp, ctx.creds)**  File
>>
"/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",line
54,
>> in drsuapi_connect**    raise drsException("DRS connection to %s
failed:
>> %s" % (server, e))**
>>
>> This is interesting becuase the IP that it is looking for is not mine,
>> mine
>> is ip-172-31-15-161.ad.mylocaldomain.com
>>
>> , I have logged into the DNS
>> management console many times and checked the records on the second
(and
>> first) domain controller and the records look correct. Any suggestions?
>> --
>> Nicholas Rudd
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>

-- 
Thanks,
Nicholas Rudd
nicholas.m.rudd at gmail.com