Executing the following with nsupdate seems to have fixed replication. update add 28f7281f-3955-4885-8a7d-42a36ee87590._msdcs.mediture.dom. 900 A 192.168.222.5 show send update add 8b750a53-3d39-4bc0-8fe9-9bffa9e413aa._msdcs.mediture.dom. 900 A 172.16.1.106 show send update add fe066b13-6f9e-4f3c-beb4-37df1292b8cb._msdcs.mediture.dom. 900 A 192.168.168.65 show send New DNS records I create don't resolve though. Also, I get an error when I open Active Directory Users and Computers, "The RPC server is unavailable". Thanks, Arthur On 10/17/2016 11:44 AM, Arthur Ramsey wrote:> I increased the debug level to 10 and found this dreplsrv_notify: > Failed to send DsReplicaSync to > fe066b13-6f9e-4f3c-beb4-37df1292b8cb._msdcs.mediture.dom for > DC=DomainDnsZones,DC=mediture,DC=dom - NT_STATUS_OBJECT_NAME_NOT_FOUND > : WERR_BADFILE. I manually created the DNS entry, but it doesn't > resolve. Other DNS records supplied by BIND_DLZ are working. I tried > adding a host file entry, but that didn't see to work either. I see > similar for all other DCs (different UUID values in log). > > When I run /usr/local/samba/sbin/samba_dnsupdate I get no error > messages, but I noticed it reports it isn't the master when it is. > > [root at dc01 ~]# samba-tool fsmo show > SchemaMasterRole owner: CN=NTDS > Settings,CN=DC01,CN=Servers,CN=vsc,CN=Sites,CN=Configuration,DC=mediture,DC=dom > InfrastructureMasterRole owner: CN=NTDS > Settings,CN=DC01,CN=Servers,CN=vsc,CN=Sites,CN=Configuration,DC=mediture,DC=dom > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=DC01,CN=Servers,CN=vsc,CN=Sites,CN=Configuration,DC=mediture,DC=dom > PdcEmulationMasterRole owner: CN=NTDS > Settings,CN=DC01,CN=Servers,CN=vsc,CN=Sites,CN=Configuration,DC=mediture,DC=dom > DomainNamingMasterRole owner: CN=NTDS > Settings,CN=DC01,CN=Servers,CN=vsc,CN=Sites,CN=Configuration,DC=mediture,DC=dom > DomainDnsZonesMasterRole owner: CN=NTDS > Settings,CN=DC01,CN=Servers,CN=vsc,CN=Sites,CN=Configuration,DC=mediture,DC=dom > ForestDnsZonesMasterRole owner: CN=NTDS > Settings,CN=DC01,CN=Servers,CN=vsc,CN=Sites,CN=Configuration,DC=mediture,DC=dom > > [root at dc01 ~]# /usr/local/samba/sbin/samba_dnsupdate -d 100 2>&1 | > grep master > schema_fsmo_init: we are master[no] updates allowed[no] > schema_fsmo_init: we are master[no] updates allowed[no] > > Thanks, > Arthur > > On 10/14/2016 05:12 PM, Arthur Ramsey wrote: >> Replication has been running smoothly until I upgraded to 4.5.0. I >> had various errors with all BDCs and a force sync didn't resolve it. >> I shutdown all BDCs, demoted them with --remove-other-dead-server >> then joined new BDCs with new names. At first replication was >> intermittently failing (consecutive failures counter kept resetting), >> but it seemed OK, just slow if anything. Now they all say >> WERR_BADFILE and I can only get the consecutive failure counter to >> reset with a force sync. >> >> I also see "The RPC server is unavailable" when trying to connect to >> any DC via Active Directory Users and Computers. >> >> I've had a ton of issues after upgrading to 4.5.0. Could I safely >> upgrade? >> >> Thanks, >> Arthur >-- Arthur Ramsey System Administrator Mediture arthur_ramsey at mediture.com 952.400.0323 This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
Arthur Ramsey
2016-Oct-17  17:32 UTC
[Samba] Replications errors on 4.5.0 (WERR_BADFILE) [solved]
This fixed DNS issues. samba_upgradedns --dns-backend=BIND9_DLZ /usr/local/samba/bin/samba-tool domain exportkeytab /usr/local/samba/private/dns.keytab --realm=mediture.dom --principal HOST/dc01.mediture.dom chgrp named /usr/local/samba/private/dns.keytab chmod g+r /usr/local/samba/private/dns.keytab service named restart /usr/local/samba/sbin/samba_dnsupdate -d 100 Restarting Samba fixed the ADUC issue. This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
Achim Gottinger
2016-Oct-17  17:51 UTC
[Samba] Replications errors on 4.5.0 (WERR_BADFILE) [solved]
Am 17.10.2016 um 19:32 schrieb Arthur Ramsey via samba:> This fixed DNS issues. > > samba_upgradedns --dns-backend=BIND9_DLZ > /usr/local/samba/bin/samba-tool domain exportkeytab > /usr/local/samba/private/dns.keytab --realm=mediture.dom --principal > HOST/dc01.mediture.dom > chgrp named /usr/local/samba/private/dns.keytab > chmod g+r /usr/local/samba/private/dns.keytab > service named restart > /usr/local/samba/sbin/samba_dnsupdate -d 100 > > Restarting Samba fixed the ADUC issue. > > > This e-mail and any attachments may contain CONFIDENTIAL information, > including PROTECTED HEALTH INFORMATION. If you are not the intended > recipient, any use or disclosure of this information is STRICTLY > PROHIBITED; you are requested to delete this e-mail and any > attachments, notify the sender immediately, and notify the Mediture > Privacy Officer at privacyofficer at mediture.com. > >Thanks you for the information, I ran into the WERR_BADFILE error on my test environment once and could not resolve it.
The errors went away, but replication still isn't working properly. There are objects missing on all DCs, but it isn't consistent at all. showrepl: http://pastebin.com/bYfCZcNG Thanks, Arthur On 10/17/2016 12:32 PM, Arthur Ramsey wrote:> This fixed DNS issues. > > samba_upgradedns --dns-backend=BIND9_DLZ > /usr/local/samba/bin/samba-tool domain exportkeytab > /usr/local/samba/private/dns.keytab --realm=mediture.dom --principal > HOST/dc01.mediture.dom > chgrp named /usr/local/samba/private/dns.keytab > chmod g+r /usr/local/samba/private/dns.keytab > service named restart > /usr/local/samba/sbin/samba_dnsupdate -d 100 > > Restarting Samba fixed the ADUC issue. >This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.