samba - Apr 2016 - Demote a working DC fails with uncaught exception

Thanks Rowland.    Have submitted a bug report (No 11818).
spindles7
On Thu, 31 Mar 2016 09:38:02 +0100, Rowland penny <rpenny at samba.org>
wrote:
>On 30/03/16 23:26, spindles7 wrote:
>> Hi all,
>> I am consistently getting the error:
>>
>> root at dc2:~# samba-tool domain demote -Uadministrator
>> Using dc1.microlynx.com as partner server for the demotion
>> Password for [MICROLYNX\administrator]:
>> Deactivating inbound replication
>> Asking partner server dc1.microlynx.com to synchronize from us
>> Changing userControl and container
>> ERROR(<type 'exceptions.TypeError'>): uncaught exception
- remove_sysvol_references() takes exactly 3 arguments (2 given)
>>    File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
>>      return self.run(*args, **kwargs)
>>    File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line 943, in run
>>      remove_dc.remove_sysvol_references(remote_samdb, dc_name)
>> root at dc2:~#
>>
>> Samba version is 4.4.0 running on Debian Jessie.    Replication was
working OK before the demotion attempt as was SysVol replication
>> and samba-tool ntacl sysvolcheck produced no errors.   All 7 FSMO roles
reside on dc1.
>>
>> Was able to remove the DC by using the --remove-other-dead-server
option.
>>
>> Any ideas how to troubleshoot this problem?
>>
>> Thanks,
>>
>> spindles7
>>
>>
>
>HI, it would seem you have found a bug, line 943 in 'domain.py'
sends this:
>
>         remove_dc.remove_sysvol_references(remote_samdb, dc_name)
>
>to 'remove_dc.py' , which expects to receive this:
>
>def remove_sysvol_references(samdb, logger, dc_name):
>
>Definitely a bug, logger is set earlier in the 'cmd_domain_demote'
class.
>
>Can you create a bug report at: https://bugzilla.samba.org/
>
>I will then create a patch.
>
>Rowland

Hi Rowland,
Have tried your patch, and now the Demote succeeds:

root at dc3:~# samba-tool domain demote -Uadministrator
Using dc1.microlynx.com as partner server for the demotion
Password for [MICROLYNX\administrator]:
Deactivating inbound replication
Asking partner server dc1.microlynx.com to synchronize from us
Changing userControl and container
Removing Sysvol reference: CN=DC3,CN=Enterprise,CN=Microsoft System
Volumes,CN=System,CN=Configuration,DC=microlynx,DC=com
Removing Sysvol reference: CN=DC3,CN=microlynx.com,CN=Microsoft System
Volumes,CN=System,CN=Configuration,DC=microlynx,DC=com
Removing Sysvol reference: CN=DC3,CN=Domain System Volumes (SYSVOL
share),CN=File Replication Service,CN=System,DC=microlynx,DC=com
Removing Sysvol reference: CN=DC3,CN=Topology,CN=Domain System
Volume,CN=DFSR-GlobalSettings,CN=System,DC=microlynx,DC=com
Demote successful
root at dc3:~#

but it leaves the demoted DC's DNS entries in place.   So there's still
something missing in the demote process.

Thanks,

spindles7

On Thu, 31 Mar 2016 12:20:22 +0100, spindles7 <spindles7-2 at yahoo.co.uk>
wrote:
>Thanks Rowland.    Have submitted a bug report (No 11818).
>spindles7
>On Thu, 31 Mar 2016 09:38:02 +0100, Rowland penny <rpenny at
samba.org> wrote:
>
>>On 30/03/16 23:26, spindles7 wrote:
>>> Hi all,
>>> I am consistently getting the error:
>>>
>>> root at dc2:~# samba-tool domain demote -Uadministrator
>>> Using dc1.microlynx.com as partner server for the demotion
>>> Password for [MICROLYNX\administrator]:
>>> Deactivating inbound replication
>>> Asking partner server dc1.microlynx.com to synchronize from us
>>> Changing userControl and container
>>> ERROR(<type 'exceptions.TypeError'>): uncaught
exception - remove_sysvol_references() takes exactly 3 arguments (2 given)
>>>    File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
>>>      return self.run(*args, **kwargs)
>>>    File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line 943, in run
>>>      remove_dc.remove_sysvol_references(remote_samdb, dc_name)
>>> root at dc2:~#
>>>
>>> Samba version is 4.4.0 running on Debian Jessie.    Replication was
working OK before the demotion attempt as was SysVol replication
>>> and samba-tool ntacl sysvolcheck produced no errors.   All 7 FSMO
roles reside on dc1.
>>>
>>> Was able to remove the DC by using the --remove-other-dead-server
option.
>>>
>>> Any ideas how to troubleshoot this problem?
>>>
>>> Thanks,
>>>
>>> spindles7
>>>
>>>
>>
>>HI, it would seem you have found a bug, line 943 in 'domain.py'
sends this:
>>
>>         remove_dc.remove_sysvol_references(remote_samdb, dc_name)
>>
>>to 'remove_dc.py' , which expects to receive this:
>>
>>def remove_sysvol_references(samdb, logger, dc_name):
>>
>>Definitely a bug, logger is set earlier in the
'cmd_domain_demote' class.
>>
>>Can you create a bug report at: https://bugzilla.samba.org/
>>
>>I will then create a patch.
>>
>>Rowland

On 01/04/16 22:38, spindles7 wrote:
> Hi Rowland,
> Have tried your patch, and now the Demote succeeds:
>
> root at dc3:~# samba-tool domain demote -Uadministrator
> Using dc1.microlynx.com as partner server for the demotion
> Password for [MICROLYNX\administrator]:
> Deactivating inbound replication
> Asking partner server dc1.microlynx.com to synchronize from us
> Changing userControl and container
> Removing Sysvol reference: CN=DC3,CN=Enterprise,CN=Microsoft System
Volumes,CN=System,CN=Configuration,DC=microlynx,DC=com
> Removing Sysvol reference: CN=DC3,CN=microlynx.com,CN=Microsoft System
Volumes,CN=System,CN=Configuration,DC=microlynx,DC=com
> Removing Sysvol reference: CN=DC3,CN=Domain System Volumes (SYSVOL
share),CN=File Replication Service,CN=System,DC=microlynx,DC=com
> Removing Sysvol reference: CN=DC3,CN=Topology,CN=Domain System
Volume,CN=DFSR-GlobalSettings,CN=System,DC=microlynx,DC=com
> Demote successful
> root at dc3:~#
>
> but it leaves the demoted DC's DNS entries in place.   So there's
still something missing in the demote process.
>
> Thanks,
>
> spindles7
>
>
The patch has been pushed, so it is good to get proof that it works :-)

As for the DNS entries, not sure about this, perhaps another switch 
'--removedns' . This way the entries would only be removed if the 
machine wasn't coming back, some people may turn the machine into a 
member server or similar.

There is another way of removing a DC from the domain, 'samba-tool 
domain demote' now has a switch '--remove-other-dead-server' , this
is
supposed to totally remove everything about a DC from AD, but this is 
not without its problems. The main problem being the SOA record, which, 
as standard, only contains the 'NS' & 'A' records of the
first
provisioned DC, any subsequent DCs do not get added to the SOA (I did 
propose a patch for this to happen, but it never got anywhere, even 
though it is really needed). So if you remove the first DC with 
'demote', you do not have a SOA.

Rowland