lingpanda101 at gmail.com
2016-Sep-19 18:33 UTC
[Samba] Error "Failed extended allocation RID pool operation..."
On 9/19/2016 1:37 PM, Rowland Penny via samba wrote:> On Mon, 19 Sep 2016 19:19:08 +0200 > Achim Gottinger via samba <samba at lists.samba.org> wrote: > >> >> Am 19.09.2016 um 19:08 schrieb Achim Gottinger via samba: >>> >>> Am 19.09.2016 um 18:21 schrieb Rowland Penny via samba: >>>> On Mon, 19 Sep 2016 11:57:38 -0400 >>>> Adam Tauno Williams via samba <samba at lists.samba.org> wrote: >>>> >>>>> On Mon, 2016-09-19 at 16:15 +0100, Rowland Penny via samba wrote: >>>>>> On Mon, 19 Sep 2016 10:42:34 -0400 >>>>>> Adam Tauno Williams via samba <samba at lists.samba.org> wrote: >>>>>>> On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba >>>>>>> wrote: >>>>>>>> No it shouldn't be replicated, the big hint is >>>>>>>> 'FLAG_ATTR_NOT_REPLICATED', it should only be on the DC that >>>>>>>> holds the RID master FSMO role, so I supposed the question is, >>>>>>>> what does 'samba-tool fsmo show' display for the >>>>>>>> RidAllocationMasterRole ? >>>>>> Log into a DC, run 'samba-tool fsmo show' and look at the line >>>>>> that starts 'RidAllocationmasterRole' >>>>>> It should show 'CN=NTDS Settings,CN=LARKIN27' >>>>> [root at larkin28 ~]# samba-tool fsmo show >>>>> .. >>>>> RidAllocationMasterRole owner: CN=NTDS >>>>> Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site >>>>> -Name,CN=Sites,CN=Configuration,DC=micore,DC=us >>>>> ... >>>>> >>>>>>> Try running this on the DC: ldbsearch >>>>>>> -H/usr/local/samba/private/sa m.ldb '(objectClass=rIDSet)' dn >>>>>>> rIDNextRID >>>>>> It should should show the DN's of your DCs followed by the >>>>>> contents of the 'rIDNextRID' attributes. these should be '0' on >>>>>> all DC's except the RID master. >>>>> [root at larkin28 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb >>>>> '(objectClass=rIDSet)' dn rIDNextRID >>>>> # record 1 >>>>> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us >>>>> # record 2 >>>>> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us >>>>> # record 3 >>>>> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us >>>>> rIDNextRID: 53611 >>>>> # Referral >>>>> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us >>>>> # Referral >>>>> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us >>>>> # Referral >>>>> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us >>>>> # returned 6 records >>>>> # 3 entries >>>>> # 3 referrals >>>>> >>>>> >>>>> [root at larkin27 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb >>>>> '(objectClass=rIDSet)' dn rIDNextRID >>>>> # record 1 >>>>> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us >>>>> # record 2 >>>>> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us >>>>> rIDNextRID: 55584 >>>>> # record 3 >>>>> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us >>>>> # Referral >>>>> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us >>>>> # Referral >>>>> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us >>>>> # Referral >>>>> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us >>>>> # returned 6 records >>>>> # 3 entries >>>>> # 3 referrals >>>>> >>>>> >>>>> [root at larkin27 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb >>>>> '(objectClass=rIDSet)' dn rIDNextRID >>>>> # record 1 >>>>> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us >>>>> # record 2 >>>>> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us >>>>> rIDNextRID: 55584 >>>>> # record 3 >>>>> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us >>>>> # Referral >>>>> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us >>>>> # Referral >>>>> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us >>>>> # Referral >>>>> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us >>>>> # returned 6 records >>>>> # 3 entries >>>>> # 3 referrals >>>>> >>>>> >>>> OK, on the DC that holds the RID master role: >>>> >>>> root at dc1:~# ldbsearch -H /usr/local/samba/private/sam.ldb >>>> '(objectClass=rIDSet)' dn rIDNextRID >>>> # record 1 >>>> dn: CN=RID Set,CN=MEMBER1,OU=Domain >>>> Controllers,DC=samdom,DC=example,DC=com >>>> rIDNextRID: 0 >>>> >>>> # record 2 >>>> dn: CN=RID Set,CN=DC1,OU=Domain >>>> Controllers,DC=samdom,DC=example,DC=com rIDNextRID: 1152 >>>> >>>> and on my other DC: >>>> >>>> root at member1:~# ldbsearch -H /usr/local/samba/private/sam.ldb >>>> '(objectClass=rIDSet)' dn rIDNextRID >>>> # record 1 >>>> dn: CN=RID Set,CN=MEMBER1,OU=Domain >>>> Controllers,DC=samdom,DC=example,DC=com >>>> >>>> # record 2 >>>> dn: CN=RID Set,CN=DC1,OU=Domain >>>> Controllers,DC=samdom,DC=example,DC=com >>>> >>>> So as far as I understanding it, you should only have the >>>> 'rIDNextRID' attribute on the DC that holds the RID master role. I >>>> suggest you run 'samba-tool dbcheck' on your DCs >>>> >>>> Rowland >>>> >>> On my 4.4.5 test environment i also get these results. On an >>> production domain running server 4.2.13 i get the following results. >>> 1.server with fsmo rid master role: nextRid>0 for the server and >>> nextRid=0 for all other server. >>> 2. Other servers: nextRid>0 for the (other) server. No nextRid >>> attribute for the other server. >>> I have no issues on both environments atm. >> After creating an user on my second and third dc in the 4.4.5 test >> environment these also have an rIDNextDrid attribute and behave like >> the 4.2.13 domain. On both environments the rIDNextDrid is different >> on all dc's. >> So it behaves like described in the article James posted. >> >> >> > Hmm, I always create users on the first DC, so I created one on the > second DC and I now have a 'rIDNextRID' attribute on the second DC > with, has expected, a different range, but it doesn't replicate (again > as expected). > > Rowland > >To see rid pool info run the following from a Windows command prompt. dcdiag /s:DCNAME /test:ridmanager /v Replace DCNAME with the dns name of your Domain Controller. I wonder if OP has exhausted his RID pool. Unlikely but possible. I also see a similar post on this same issue. https://lists.samba.org/archive/samba/2016-April/198879.html -- -James
Adam Tauno Williams
2016-Sep-19 19:15 UTC
[Samba] Error "Failed extended allocation RID pool operation..."
> To see rid pool info run the following from a Windows command prompt. > dcdiag /s:DCNAME /test:ridmanager /v > Replace DCNAME with the dns name of your Domain Controller. I wonder > if OP has exhausted his RID pool. Unlikely but possible. I also see a > similar post on this same issue. > https://lists.samba.org/archive/samba/2016-April/198879.html#### LARKIN26 C:\Users\adam>dcdiag /s:larkin26.micore.us /test:ridmanager /v Directory Server Diagnosis Performing initial setup: * Connecting to directory service on server larkin26.micore.us. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=micore,DC=us,LDA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings), The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First -Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=micore,DC=us,LDA P_SCOPE_SUBTREE,(objectClass=ntDSDsa), The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=LARKIN26,CN=Servers,CN=Default-First-Site -Name,CN=Sites,CN=Configuration,DC=micore,DC=us objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site -Name,CN=Sites,CN=Configuration,DC=micore,DC=us objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site -Name,CN=Sites,CN=Configuration,DC=micore,DC=us objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. Got error while checking if the DC is using FRS or DFSR. Error: A device attached to the system is not functioning.The VerifyReferences, FrsEvent and DfsrEvent tests might fail because of this error. * Found 3 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\LARKIN26 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity * Active Directory RPC Services Check ......................... LARKIN26 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\LARKIN26 Test omitted by user request: Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Test omitted by user request: FrsEvent Test omitted by user request: DFSREvent Test omitted by user request: SysVolCheck Test omitted by user request: KccEvent Test omitted by user request: KnowsOfRoleHolders Test omitted by user request: MachineAccount Test omitted by user request: NCSecDesc Test omitted by user request: NetLogons Test omitted by user request: ObjectsReplicated Test omitted by user request: OutboundSecureChannels Test omitted by user request: Replications Starting test: RidManager * Available RID Pool for the Domain is 62343 to 1073741823 * LARKIN27.micore.us is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 56343 to 56842 * rIDPreviousAllocationPool is 56343 to 56842 * rIDNextRID: 56462 ......................... LARKIN26 passed test RidManager Test omitted by user request: Services Test omitted by user request: SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : Configuration Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : DomainDnsZones Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : micore Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : ForestDnsZones Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : Schema Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running enterprise tests on : micore.us Test omitted by user request: DNS Test omitted by user request: DNS Test omitted by user request: LocatorCheck Test omitted by user request: Intersite #### LARKIN27 C:\Users\adam>dcdiag /s:larkin27.micore.us /test:ridmanager /v Directory Server Diagnosis Performing initial setup: * Connecting to directory service on server larkin27.micore.us. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=micore,DC=us,LDA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings), The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First -Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=micore,DC=us,LDA P_SCOPE_SUBTREE,(objectClass=ntDSDsa), The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=LARKIN26,CN=Servers,CN=Default-First-Site -Name,CN=Sites,CN=Configuration,DC=micore,DC=us objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site -Name,CN=Sites,CN=Configuration,DC=micore,DC=us objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site -Name,CN=Sites,CN=Configuration,DC=micore,DC=us objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. Got error while checking if the DC is using FRS or DFSR. Error: A device attached to the system is not functioning.The VerifyReferences, FrsEvent and DfsrEvent tests might fail because of this error. * Found 3 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\LARKIN27 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity * Active Directory RPC Services Check ......................... LARKIN27 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\LARKIN27 Test omitted by user request: Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Test omitted by user request: FrsEvent Test omitted by user request: DFSREvent Test omitted by user request: SysVolCheck Test omitted by user request: KccEvent Test omitted by user request: KnowsOfRoleHolders Test omitted by user request: MachineAccount Test omitted by user request: NCSecDesc Test omitted by user request: NetLogons Test omitted by user request: ObjectsReplicated Test omitted by user request: OutboundSecureChannels Test omitted by user request: Replications Starting test: RidManager * Available RID Pool for the Domain is 62343 to 1073741823 * LARKIN27.micore.us is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 55343 to 55842 * rIDPreviousAllocationPool is 55343 to 55842 * rIDNextRID: 55584 ......................... LARKIN27 passed test RidManager Test omitted by user request: Services Test omitted by user request: SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : Configuration Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : DomainDnsZones Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : micore Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : ForestDnsZones Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : Schema Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running enterprise tests on : micore.us Test omitted by user request: DNS Test omitted by user request: DNS Test omitted by user request: LocatorCheck Test omitted by user request: Intersite #### LARKIN28 C:\Users\adam>dcdiag /s:larkin28.micore.us /test:ridmanager /v Directory Server Diagnosis Performing initial setup: * Connecting to directory service on server larkin28.micore.us. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=micore,DC=us,LDA P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings), The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First -Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=micore,DC=us,LDA P_SCOPE_SUBTREE,(objectClass=ntDSDsa), The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=LARKIN26,CN=Servers,CN=Default-First-Site -Name,CN=Sites,CN=Configuration,DC=micore,DC=us objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site -Name,CN=Sites,CN=Configuration,DC=micore,DC=us objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=LARKIN28,CN=Servers,CN =Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. Got error while checking if the DC is using FRS or DFSR. Error: A device attached to the system is not functioning.The VerifyReferences, FrsEvent and DfsrEvent tests might fail because of this error. * Found 3 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\LARKIN28 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity * Active Directory RPC Services Check ......................... LARKIN28 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\LARKIN28 Test omitted by user request: Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Test omitted by user request: FrsEvent Test omitted by user request: DFSREvent Test omitted by user request: SysVolCheck Test omitted by user request: KccEvent Test omitted by user request: KnowsOfRoleHolders Test omitted by user request: MachineAccount Test omitted by user request: NCSecDesc Test omitted by user request: NetLogons Test omitted by user request: ObjectsReplicated Test omitted by user request: OutboundSecureChannels Test omitted by user request: Replications Starting test: RidManager * Available RID Pool for the Domain is 62343 to 1073741823 * LARKIN27.micore.us is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 53343 to 53842 * rIDPreviousAllocationPool is 53343 to 53842 * rIDNextRID: 53611 ......................... LARKIN28 passed test RidManager Test omitted by user request: Services Test omitted by user request: SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : Configuration Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : DomainDnsZones Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : micore Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : ForestDnsZones Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : Schema Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running enterprise tests on : micore.us Test omitted by user request: DNS Test omitted by user request: DNS Test omitted by user request: LocatorCheck Test omitted by user request: Intersite
lingpanda101 at gmail.com
2016-Sep-19 19:45 UTC
[Samba] Error "Failed extended allocation RID pool operation..."
On 9/19/2016 3:15 PM, Adam Tauno Williams via samba wrote:>> To see rid pool info run the following from a Windows command prompt. >> dcdiag /s:DCNAME /test:ridmanager /v >> Replace DCNAME with the dns name of your Domain Controller. I wonder >> if OP has exhausted his RID pool. Unlikely but possible. I also see a >> similar post on this same issue. >> https://lists.samba.org/archive/samba/2016-April/198879.html > > Snip > >What version did you upgrade from? -- -James