Hello guys:
I'm running two Zentyal servers with Samba 4.1.17 on each one. We're
experiencing some problems such as:
- When a user changes his password, it is not replicated the change on
secondary DC.
- Some Windows machines have reported trust relationship broken.
On DC1 I run this:
params.c:pm_process() - Processing configuration file
"/etc/samba/shares.conf"
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:dc01.mycompany.corp[,seal]
Default-First-Site-Name\DC01
DSA Options: 0x00000001
DSA object GUID: 0a3adb77-a18e-4284-94f6-97c169e8d7f4
DSA invocationId: 055634e1-d57e-45de-bed8-4f57e001e992
==== INBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=mycompany,DC=corp
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 65ff32e1-30a4-4697-a83f-d32815f31035
Last attempt @ Mon Apr 10 10:02:16 2017 PET failed,
result 2 (WERR_BADFILE)
21101 consecutive failure(s).
Last success @ Sat Jan 28 07:56:07 2017 PET
DC=DomainDnsZones,DC=mycompany,DC=corp
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 65ff32e1-30a4-4697-a83f-d32815f31035
Last attempt @ Mon Apr 10 10:02:16 2017 PET failed,
result 2 (WERR_BADFILE)
24634 consecutive failure(s).
Last success @ Sat Jan 28 07:57:51 2017 PET
DC=mycompany,DC=corp
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 65ff32e1-30a4-4697-a83f-d32815f31035
Last attempt @ Mon Apr 10 10:02:54 2017 PET failed,
result 2 (WERR_BADFILE)
25134 consecutive failure(s).
Last success @ Sat Jan 28 07:59:26 2017 PET
CN=Schema,CN=Configuration,DC=mycompany,DC=corp
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 65ff32e1-30a4-4697-a83f-d32815f31035
Last attempt @ Mon Apr 10 10:02:16 2017 PET failed,
result 2 (WERR_BADFILE)
21096 consecutive failure(s).
Last success @ Sat Jan 28 07:56:07 2017 PET
CN=Configuration,DC=mycompany,DC=corp
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 65ff32e1-30a4-4697-a83f-d32815f31035
Last attempt @ Mon Apr 10 10:02:16 2017 PET failed,
result 2 (WERR_BADFILE)
21096 consecutive failure(s).
Last success @ Sat Jan 28 07:56:07 2017 PET
==== OUTBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=mycompany,DC=corp
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 65ff32e1-30a4-4697-a83f-d32815f31035
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=mycompany,DC=corp
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 65ff32e1-30a4-4697-a83f-d32815f31035
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=mycompany,DC=corp
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 65ff32e1-30a4-4697-a83f-d32815f31035
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=mycompany,DC=corp
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 65ff32e1-30a4-4697-a83f-d32815f31035
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=mycompany,DC=corp
Default-First-Site-Name\DC02 via RPC
DSA object GUID: 65ff32e1-30a4-4697-a83f-d32815f31035
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: dc96898f-800c-4007-a410-7787b4a62753
Enabled : TRUE
Server DNS name : dc02.mycompany.corp
Server DN name : CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mycompany,DC=corp
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
I wish someone could help me or give me some ideas about what settings to check.
Thanks in advance.
