Arthur Ramsey
2017-Sep-28 15:45 UTC
[Samba] Samba 4.7.0 replication issue: failed get spanning tree edges
[2017/09/28 03:46:51.256663, 1] ../source4/dsdb/kcc/kcc_topology.c:2730(kcctpl_get_spanning_tree_edges) ../source4/dsdb/kcc/kcc_topology.c:2730: failed to run Kruskal's algorithm: NT_STATUS_INVALID_PARAMETER [2017/09/28 03:46:51.256953, 1] ../source4/dsdb/kcc/kcc_topology.c:3283(kcctpl_create_connections) ../source4/dsdb/kcc/kcc_topology.c:3283: failed get spanning tree edges: NT_STATUS_INVALID_PARAMETER I also have objects out of sync that were in sync prior to updating. All DCs are running 4.7.0. There are duplicate members in some groups too. When I try to remove all members from one of these affected groups I get "The following Active Directory Domain Services error occurred: The environment is incorrect." Thanks, Arthur This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
Arthur Ramsey
2017-Sep-28 21:02 UTC
[Samba] Samba 4.7.0 replication issue: failed get spanning tree edges
I fixed this with the following process.
1. Identify affected groups with "samba-tool dbcheck --cross-ncs",
which reports errors like "ERROR: orphaned backlink attribute
'memberOf'".
2. Create new group
3. Execute "perl ad_clone_group.pl 'Foobar_Group'
''New_Group" to copy
members from broken group to new group: https://pastebin.com/6L8NZPRC
4. Delete bad group
5. Rename new group to name of bad group
6. Expunge tombstone with "samba-tool domain tombstones expunge
--tombstone-lifetime=0"
7. Check with "samba-tool dbcheck --cross-ncs --fix" again
Thanks,
Arthur
This e-mail and any attachments may contain CONFIDENTIAL information, including
PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or
disclosure of this information is STRICTLY PROHIBITED; you are requested to
delete this e-mail and any attachments, notify the sender immediately, and
notify the Mediture Privacy Officer at privacyofficer at mediture.com.
Garming Sam
2017-Sep-28 21:21 UTC
[Samba] Samba 4.7.0 replication issue: failed get spanning tree edges
Did you check that these groups were actually consistent before you upgraded (have you got a backup to look at the old groups)? The consistency checking definitely got stricter in 4.7, but there may still be a bug here. Cheers, Garming On 29/09/17 10:02, Arthur Ramsey via samba wrote:> I fixed this with the following process. > > 1. Identify affected groups with "samba-tool dbcheck --cross-ncs", > which reports errors like "ERROR: orphaned backlink attribute > 'memberOf'". > 2. Create new group > 3. Execute "perl ad_clone_group.pl 'Foobar_Group' ''New_Group" to copy > members from broken group to new group: https://pastebin.com/6L8NZPRC > 4. Delete bad group > 5. Rename new group to name of bad group > 6. Expunge tombstone with "samba-tool domain tombstones expunge > --tombstone-lifetime=0" > 7. Check with "samba-tool dbcheck --cross-ncs --fix" again > > Thanks, > Arthur > > > > This e-mail and any attachments may contain CONFIDENTIAL information, > including PROTECTED HEALTH INFORMATION. If you are not the intended > recipient, any use or disclosure of this information is STRICTLY > PROHIBITED; you are requested to delete this e-mail and any > attachments, notify the sender immediately, and notify the Mediture > Privacy Officer at privacyofficer at mediture.com.