Hi
I have tried using FQDN for DC1 and DC2 but still it is failing.Please
assist to fix
samba-tool drs replicate iumdcdp01.iumnet.edu.na iumsvrpdc
DC=iumnet,DC=edu,DC=na --sync-forced -UAdministrator
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 0
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[softshare]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:iumdcdp01.iumnet.edu.na[,seal,print]
Mapped to DCERPC endpoint 135
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name iumdcdp01.iumnet.edu.na
<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
Mapped to DCERPC endpoint 1024
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name iumdcdp01.iumnet.edu.na
<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [IUMNET\Administrator]:
Received smb_krb5 packet of length 271
Received smb_krb5 packet of length 1397
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
drsuapi_DsBind: struct drsuapi_DsBind
in: struct drsuapi_DsBind
bind_guid : *
bind_guid :
e24d201a-4fd6-11d1-a3da-0000f875ae0d
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x0fefff7f (267386751)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
00000000-0000-0000-0000-000000000000
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
drsuapi_DsBind: struct drsuapi_DsBind
out: struct drsuapi_DsBind
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x2fffff6f (805306223)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
29e318da-d660-4a24-94d9-81e86b5a1e82
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
4b1eea79-e969-408c-a3b1-84ca1fe9a0eb
result : WERR_OK
lpcfg_servicenumber: couldn't find ldb
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name iumdcdp01.iumnet.edu.na
<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 271
Received smb_krb5 packet of length 1397
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
in: struct drsuapi_DsReplicaSync
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
4b1eea79-e969-408c-a3b1-84ca1fe9a0eb
level : 0x00000001 (1)
req : *
req : union
drsuapi_DsReplicaSyncRequest(case 1)
req1: struct drsuapi_DsReplicaSyncRequest1
naming_context : *
naming_context: struct
drsuapi_DsReplicaObjectIdentifier
__ndr_size : 0x00000066 (102)
__ndr_size_sid : 0x00000000 (0)
guid :
00000000-0000-0000-0000-000000000000
sid : S-0-0
__ndr_size_dn : 0x00000016 (22)
dn :
'DC=iumnet,DC=edu,DC=na'
source_dsa_guid :
27182378-a9c7-451e-bb95-7b2172a5f311
source_dsa_dns : NULL
options : 0x02000010 (33554448)
0: DRSUAPI_DRS_ASYNC_OP
0: DRSUAPI_DRS_GETCHG_CHECK
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
0: DRSUAPI_DRS_ADD_REF
0: DRSUAPI_DRS_SYNC_ALL
0: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
0: DRSUAPI_DRS_INIT_SYNC
0: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
0: DRSUAPI_DRS_FULL_SYNC_NOW
0: DRSUAPI_DRS_NO_SOURCE
0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
0: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
1: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
0: DRSUAPI_DRS_USE_COMPRESSION
0: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
out: struct drsuapi_DsReplicaSync
result : WERR_BAD_NET_RESP
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
386, in
run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
in
sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
On Thu, Jan 11, 2018 at 6:04 PM, lingpanda101 via samba <
samba at lists.samba.org> wrote:
> On 1/11/2018 10:39 AM, Harsh Kukreja via samba wrote:
>
>> Hi
>>
>> The DRS sync between two Domain Controllers connected on one network is
>> failing. I have enabled the log level 9.
>>
>> samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na
>> --full-sync -UAdministrator
>> INFO: Current debug levels:
>> all: 9
>> tdb: 9
>> printdrivers: 9
>> lanman: 9
>> smb: 9
>> rpc_parse: 9
>> rpc_srv: 9
>> rpc_cli: 9
>> passdb: 9
>> sam: 9
>> auth: 9
>> winbind: 9
>> vfs: 9
>> idmap: 9
>> quota: 9
>> acls: 9
>> locking: 9
>> msdfs: 9
>> dmapi: 9
>> registry: 9
>> scavenger: 9
>> dns: 0
>> ldb: 9
>> tevent: 9
>> auth_audit: 9
>> auth_json_audit: 9
>> kerberos: 9
>> drs_repl: 9
>> Processing section "[netlogon]"
>> Processing section "[sysvol]"
>> Processing section "[softshare]"
>> pm_process() returned Yes
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'naclrpc_as_system' registered
>> GENSEC backend 'sasl-EXTERNAL' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'ntlmssp_resume_ccache' registered
>> GENSEC backend 'http_basic' registered
>> GENSEC backend 'http_ntlm' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> Using binding ncacn_ip_tcp:172.16.10.5[,seal,print]
>> Mapped to DCERPC endpoint 135
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> Mapped to DCERPC endpoint 1024
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> Starting GENSEC mechanism spnego
>> Starting GENSEC submechanism gssapi_krb5
>> Cannot do GSSAPI to an IP address
>> Failed to start GENSEC client mech gssapi_krb5:
>> NT_STATUS_INVALID_PARAMETER
>> Starting GENSEC submechanism ntlmssp
>> Got challenge flags:
>> Got NTLMSSP neg_flags=0x62898235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_TARGET_TYPE_DOMAIN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_TARGET_INFO
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> Password for [IUMNET\Administrator]:
>> NTLMSSP: Set final flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> drsuapi_DsBind: struct drsuapi_DsBind
>> in: struct drsuapi_DsBind
>> bind_guid : *
>> bind_guid :
>> e24d201a-4fd6-11d1-a3da-0000f875ae0d
>> bind_info : *
>> bind_info: struct drsuapi_DsBindInfoCtr
>> length : 0x0000001c (28)
>> __ndr_length : 0x0000001c (28)
>> info : union
>> drsuapi_DsBindInfo(case 28)
>> info28: struct drsuapi_DsBindInfo28
>> supported_extensions : 0x0fefff7f
(267386751)
>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>> 1: DRSUAPI_SUPPORTED_EXTENSION_KC
>> C_EXECUTE
>> 1: DRSUAPI_SUPPORTED_EXTENSION_AD
>> DENTRY_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
>> 1: DRSUAPI_SUPPORTED_EXTENSION_CR
>> YPTO_BIND
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> T_REPL_INFO
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
>> 0: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V5
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V6
>> 1: DRSUAPI_SUPPORTED_EXTENSION_NO
>> NDOMAIN_NCS
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V8
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V5
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V6
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V7
>> 1: DRSUAPI_SUPPORTED_EXTENSION_VE
>> RIFY_OBJECT
>> 0:
>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
>> 0: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V10
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART2
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART3
>> site_guid :
>> 00000000-0000-0000-0000-000000000000
>> pid : 0x00000000 (0)
>> repl_epoch : 0x00000000 (0)
>> drsuapi_DsBind: struct drsuapi_DsBind
>> out: struct drsuapi_DsBind
>> bind_info : *
>> bind_info: struct drsuapi_DsBindInfoCtr
>> length : 0x0000001c (28)
>> __ndr_length : 0x0000001c (28)
>> info : union
>> drsuapi_DsBindInfo(case 28)
>> info28: struct drsuapi_DsBindInfo28
>> supported_extensions : 0x2fffff6f
(805306223)
>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
>> 0:
>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>> 1: DRSUAPI_SUPPORTED_EXTENSION_KC
>> C_EXECUTE
>> 1: DRSUAPI_SUPPORTED_EXTENSION_AD
>> DENTRY_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
>> 1: DRSUAPI_SUPPORTED_EXTENSION_CR
>> YPTO_BIND
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> T_REPL_INFO
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
>> 1:
DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V5
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V6
>> 1: DRSUAPI_SUPPORTED_EXTENSION_NO
>> NDOMAIN_NCS
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V8
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V5
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V6
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V7
>> 1: DRSUAPI_SUPPORTED_EXTENSION_VE
>> RIFY_OBJECT
>> 0:
>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V10
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART2
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART3
>> site_guid :
>> 29e318da-d660-4a24-94d9-81e86b5a1e82
>> pid : 0x00000000 (0)
>> repl_epoch : 0x00000000 (0)
>> bind_handle : *
>> bind_handle: struct policy_handle
>> handle_type : 0x00000000 (0)
>> uuid :
>> 2cb3f3b5-b29a-4958-a912-51a0881976da
>> result : WERR_OK
>> lpcfg_servicenumber: couldn't find ldb
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> Starting GENSEC mechanism spnego
>> Starting GENSEC submechanism gssapi_krb5
>> Cannot do GSSAPI to an IP address
>> Failed to start GENSEC client mech gssapi_krb5:
>> NT_STATUS_INVALID_PARAMETER
>> Starting GENSEC submechanism ntlmssp
>> Got challenge flags:
>> Got NTLMSSP neg_flags=0x62898235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_TARGET_TYPE_DOMAIN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_TARGET_INFO
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP: Set final flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>> in: struct drsuapi_DsReplicaSync
>> bind_handle : *
>> bind_handle: struct policy_handle
>> handle_type : 0x00000000 (0)
>> uuid :
>> 2cb3f3b5-b29a-4958-a912-51a0881976da
>> level : 0x00000001 (1)
>> req : *
>> req : union
>> drsuapi_DsReplicaSyncRequest(case 1)
>> req1: struct drsuapi_DsReplicaSyncRequest1
>> naming_context : *
>> naming_context: struct
>> drsuapi_DsReplicaObjectIdentifier
>> __ndr_size : 0x00000066
(102)
>> __ndr_size_sid : 0x00000000 (0)
>> guid :
>> 00000000-0000-0000-0000-000000000000
>> sid : S-0-0
>> __ndr_size_dn : 0x00000016 (22)
>> dn :
>> 'DC=iumnet,DC=edu,DC=na'
>> source_dsa_guid :
>> 27182378-a9c7-451e-bb95-7b2172a5f311
>> source_dsa_dns : NULL
>> options : 0x00008010 (32784)
>> 0: DRSUAPI_DRS_ASYNC_OP
>> 0: DRSUAPI_DRS_GETCHG_CHECK
>> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION
>> 0: DRSUAPI_DRS_ADD_REF
>> 0: DRSUAPI_DRS_SYNC_ALL
>> 0: DRSUAPI_DRS_DEL_REF
>> 1: DRSUAPI_DRS_WRIT_REP
>> 0: DRSUAPI_DRS_INIT_SYNC
>> 0: DRSUAPI_DRS_PER_SYNC
>> 0: DRSUAPI_DRS_MAIL_REP
>> 0: DRSUAPI_DRS_ASYNC_REP
>> 0: DRSUAPI_DRS_IGNORE_ERROR
>> 0: DRSUAPI_DRS_TWOWAY_SYNC
>> 0: DRSUAPI_DRS_CRITICAL_ONLY
>> 0: DRSUAPI_DRS_GET_ANC
>> 0: DRSUAPI_DRS_GET_NC_SIZE
>> 0: DRSUAPI_DRS_LOCAL_ONLY
>> 0: DRSUAPI_DRS_NONGC_RO_REP
>> 0: DRSUAPI_DRS_SYNC_BYNAME
>> 0: DRSUAPI_DRS_REF_OK
>> 1: DRSUAPI_DRS_FULL_SYNC_NOW
>> 1: DRSUAPI_DRS_NO_SOURCE
>> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
>> 0: DRSUAPI_DRS_FULL_SYNC_PACKET
>> 0: DRSUAPI_DRS_SYNC_REQUEUE
>> 0: DRSUAPI_DRS_SYNC_URGENT
>> 0: DRSUAPI_DRS_REF_GCSPN
>> 0: DRSUAPI_DRS_NO_DISCARD
>> 0: DRSUAPI_DRS_NEVER_SYNCED
>> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
>> 0: DRSUAPI_DRS_INIT_SYNC_NOW
>> 0: DRSUAPI_DRS_PREEMPTED
>> 0: DRSUAPI_DRS_SYNC_FORCED
>> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
>> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
>> 0: DRSUAPI_DRS_USE_COMPRESSION
>> 0: DRSUAPI_DRS_NEVER_NOTIFY
>> 0: DRSUAPI_DRS_SYNC_PAS
>> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>> out: struct drsuapi_DsReplicaSync
>> result : WERR_BAD_NET_RESP
>> ERROR(<class 'samba.drs_utils.drsException'>):
DsReplicaSync failed -
>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
>> File
"/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
>> 386, in
>> run
>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>> source_dsa_guid, NC, req_options)
>> File
"/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
>> in
>> sendDsReplicaSync
>> raise drsException("DsReplicaSync failed %s" % estr)
>>
>> *Harsh Kukreja *Systems Administrator
>> *International University of Namibia *Tel: 061-4336000 - E-mail:
h.kukreja
>> @ium.edu.na - Web:
>> *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
>> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
>>
>
> Not sure what your issue is but have you tried using the fqdn for DC1 and
> DC2? I've experienced issues with manual replication when using a IP
and
> not the dns or fqdn name.
>
> --
> --
> James
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
On 1/11/2018 1:57 PM, Harsh Kukreja wrote:> Hi > > I have tried using FQDN for DC1 and DC2 but still it is > failing.Please assist to fix > > samba-tool drs replicate iumdcdp01.iumnet.edu.na > <http://iumdcdp01.iumnet.edu.na> iumsvrpdc DC=iumnet,DC=edu,DC=na > --sync-forced -UAdministrator > INFO: Current debug levels: > all: 9 > tdb: 9 > printdrivers: 9 > lanman: 9 > smb: 9 > rpc_parse: 9 > rpc_srv: 9 > rpc_cli: 9 > passdb: 9 > sam: 9 > auth: 9 > winbind: 9 > vfs: 9 > idmap: 9 > quota: 9 > acls: 9 > locking: 9 > msdfs: 9 > dmapi: 9 > registry: 9 > scavenger: 9 > dns: 0 > ldb: 9 > tevent: 9 > auth_audit: 9 > auth_json_audit: 9 > kerberos: 9 > drs_repl: 9 > Processing section "[netlogon]" > Processing section "[sysvol]" > Processing section "[softshare]" > pm_process() returned Yes > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Using binding ncacn_ip_tcp:iumdcdp01.iumnet.edu.na > <http://iumdcdp01.iumnet.edu.na>[,seal,print] > Mapped to DCERPC endpoint 135 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > resolve_lmhosts: Attempting lmhosts lookup for name > iumdcdp01.iumnet.edu.na <http://iumdcdp01.iumnet.edu.na><0x20> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > Mapped to DCERPC endpoint 1024 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > resolve_lmhosts: Attempting lmhosts lookup for name > iumdcdp01.iumnet.edu.na <http://iumdcdp01.iumnet.edu.na><0x20> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Password for [IUMNET\Administrator]: > Received smb_krb5 packet of length 271 > Received smb_krb5 packet of length 1397 > gensec_gssapi: NO credentials were delegated > GSSAPI Connection will be cryptographically sealed > drsuapi_DsBind: struct drsuapi_DsBind > in: struct drsuapi_DsBind > bind_guid : * > bind_guid : > e24d201a-4fd6-11d1-a3da-0000f875ae0d > bind_info : * > bind_info: struct drsuapi_DsBindInfoCtr > length : 0x0000001c (28) > __ndr_length : 0x0000001c (28) > info : union > drsuapi_DsBindInfo(case 28) > info28: struct drsuapi_DsBindInfo28 > supported_extensions : 0x0fefff7f (267386751) > 1: DRSUAPI_SUPPORTED_EXTENSION_BASE > 1: > DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI > 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 > 1: > DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION > 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY > 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE > 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD > 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO > 1: > DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 > 1: > DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY > 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 > 0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 > 1: > DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT > 0: > DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS > 0: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 > site_guid : > 00000000-0000-0000-0000-000000000000 > pid : 0x00000000 (0) > repl_epoch : 0x00000000 (0) > drsuapi_DsBind: struct drsuapi_DsBind > out: struct drsuapi_DsBind > bind_info : * > bind_info: struct drsuapi_DsBindInfoCtr > length : 0x0000001c (28) > __ndr_length : 0x0000001c (28) > info : union > drsuapi_DsBindInfo(case 28) > info28: struct drsuapi_DsBindInfo28 > supported_extensions : 0x2fffff6f (805306223) > 1: DRSUAPI_SUPPORTED_EXTENSION_BASE > 1: > DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI > 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 > 0: > DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 > 1: > DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION > 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY > 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE > 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD > 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO > 1: > DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 > 1: > DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY > 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 > 1: > DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT > 0: > DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 > site_guid : > 29e318da-d660-4a24-94d9-81e86b5a1e82 > pid : 0x00000000 (0) > repl_epoch : 0x00000000 (0) > bind_handle : * > bind_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > 4b1eea79-e969-408c-a3b1-84ca1fe9a0eb > result : WERR_OK > lpcfg_servicenumber: couldn't find ldb > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > resolve_lmhosts: Attempting lmhosts lookup for name > iumdcdp01.iumnet.edu.na <http://iumdcdp01.iumnet.edu.na><0x20> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Received smb_krb5 packet of length 271 > Received smb_krb5 packet of length 1397 > gensec_gssapi: NO credentials were delegated > GSSAPI Connection will be cryptographically signed > drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync > in: struct drsuapi_DsReplicaSync > bind_handle : * > bind_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > 4b1eea79-e969-408c-a3b1-84ca1fe9a0eb > level : 0x00000001 (1) > req : * > req : union > drsuapi_DsReplicaSyncRequest(case 1) > req1: struct drsuapi_DsReplicaSyncRequest1 > naming_context : * > naming_context: struct > drsuapi_DsReplicaObjectIdentifier > __ndr_size : 0x00000066 (102) > __ndr_size_sid : 0x00000000 (0) > guid : > 00000000-0000-0000-0000-000000000000 > sid : S-0-0 > __ndr_size_dn : 0x00000016 (22) > dn : > 'DC=iumnet,DC=edu,DC=na' > source_dsa_guid : > 27182378-a9c7-451e-bb95-7b2172a5f311 > source_dsa_dns : NULL > options : 0x02000010 (33554448) > 0: DRSUAPI_DRS_ASYNC_OP > 0: DRSUAPI_DRS_GETCHG_CHECK > 0: DRSUAPI_DRS_UPDATE_NOTIFICATION > 0: DRSUAPI_DRS_ADD_REF > 0: DRSUAPI_DRS_SYNC_ALL > 0: DRSUAPI_DRS_DEL_REF > 1: DRSUAPI_DRS_WRIT_REP > 0: DRSUAPI_DRS_INIT_SYNC > 0: DRSUAPI_DRS_PER_SYNC > 0: DRSUAPI_DRS_MAIL_REP > 0: DRSUAPI_DRS_ASYNC_REP > 0: DRSUAPI_DRS_IGNORE_ERROR > 0: DRSUAPI_DRS_TWOWAY_SYNC > 0: DRSUAPI_DRS_CRITICAL_ONLY > 0: DRSUAPI_DRS_GET_ANC > 0: DRSUAPI_DRS_GET_NC_SIZE > 0: DRSUAPI_DRS_LOCAL_ONLY > 0: DRSUAPI_DRS_NONGC_RO_REP > 0: DRSUAPI_DRS_SYNC_BYNAME > 0: DRSUAPI_DRS_REF_OK > 0: DRSUAPI_DRS_FULL_SYNC_NOW > 0: DRSUAPI_DRS_NO_SOURCE > 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS > 0: DRSUAPI_DRS_FULL_SYNC_PACKET > 0: DRSUAPI_DRS_SYNC_REQUEUE > 0: DRSUAPI_DRS_SYNC_URGENT > 0: DRSUAPI_DRS_REF_GCSPN > 0: DRSUAPI_DRS_NO_DISCARD > 0: DRSUAPI_DRS_NEVER_SYNCED > 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING > 0: DRSUAPI_DRS_INIT_SYNC_NOW > 0: DRSUAPI_DRS_PREEMPTED > 1: DRSUAPI_DRS_SYNC_FORCED > 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC > 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC > 0: DRSUAPI_DRS_USE_COMPRESSION > 0: DRSUAPI_DRS_NEVER_NOTIFY > 0: DRSUAPI_DRS_SYNC_PAS > 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP > drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync > out: struct drsuapi_DsReplicaSync > result : WERR_BAD_NET_RESP > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line > 386, in run > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > source_dsa_guid, NC, req_options) > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, > in sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > *Harsh Kukreja *Systems Administrator > > **International University of Namibia**Tel: 061-4336000 - E-mail: > h.kukreja at ium.edu.na <mailto:h.kukreja at ium.edu.na> - Web: > _http://www.ium.edu.na <http://www.ium.edu.na/> > _Private Bag 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, > Windhoek, NAMIBIA > > > > > > > > > > > > On Thu, Jan 11, 2018 at 6:04 PM, lingpanda101 via samba > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: > > On 1/11/2018 10:39 AM, Harsh Kukreja via samba wrote: > > Hi > > The DRS sync between two Domain Controllers connected on one > network is > failing. I have enabled the log level 9. > > samba-tool drs replicate 172.16.10.5 iumsvrpdc > DC=iumnet,DC=edu,DC=na > --full-sync -UAdministrator > INFO: Current debug levels: > all: 9 > tdb: 9 > printdrivers: 9 > lanman: 9 > smb: 9 > rpc_parse: 9 > rpc_srv: 9 > rpc_cli: 9 > passdb: 9 > sam: 9 > auth: 9 > winbind: 9 > vfs: 9 > idmap: 9 > quota: 9 > acls: 9 > locking: 9 > msdfs: 9 > dmapi: 9 > registry: 9 > scavenger: 9 > dns: 0 > ldb: 9 > tevent: 9 > auth_audit: 9 > auth_json_audit: 9 > kerberos: 9 > drs_repl: 9 > Processing section "[netlogon]" > Processing section "[sysvol]" > Processing section "[softshare]" > pm_process() returned Yes > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Using binding ncacn_ip_tcp:172.16.10.5[,seal,print] > Mapped to DCERPC endpoint 135 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > Mapped to DCERPC endpoint 1024 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Cannot do GSSAPI to an IP address > Failed to start GENSEC client mech gssapi_krb5: > NT_STATUS_INVALID_PARAMETER > Starting GENSEC submechanism ntlmssp > Got challenge flags: > Got NTLMSSP neg_flags=0x62898235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_TARGET_TYPE_DOMAIN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > Password for [IUMNET\Administrator]: > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > drsuapi_DsBind: struct drsuapi_DsBind > in: struct drsuapi_DsBind > bind_guid : * > bind_guid : > e24d201a-4fd6-11d1-a3da-0000f875ae0d > bind_info : * > bind_info: struct drsuapi_DsBindInfoCtr > length : 0x0000001c (28) > __ndr_length : 0x0000001c (28) > info : union > drsuapi_DsBindInfo(case 28) > info28: struct drsuapi_DsBindInfo28 > supported_extensions : 0x0fefff7f > (267386751) > 1: > DRSUAPI_SUPPORTED_EXTENSION_BASE > 1: > DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION > 1: > DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI > 1: > DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS > 1: > DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 > 1: > DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION > 0: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY > 1: > DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION > 1: > DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD > 1: > DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO > 1: > DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION > 1: > DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 > 1: > DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY > 1: > DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 > 0: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 > 1: > DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT > 0: > DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS > 0: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 > site_guid : > 00000000-0000-0000-0000-000000000000 > pid : 0x00000000 (0) > repl_epoch : 0x00000000 (0) > drsuapi_DsBind: struct drsuapi_DsBind > out: struct drsuapi_DsBind > bind_info : * > bind_info: struct drsuapi_DsBindInfoCtr > length : 0x0000001c (28) > __ndr_length : 0x0000001c (28) > info : union > drsuapi_DsBindInfo(case 28) > info28: struct drsuapi_DsBindInfo28 > supported_extensions : 0x2fffff6f > (805306223) > 1: > DRSUAPI_SUPPORTED_EXTENSION_BASE > 1: > DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION > 1: > DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI > 1: > DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 > 0: > DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS > 1: > DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 > 1: > DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION > 0: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY > 1: > DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION > 1: > DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD > 1: > DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO > 1: > DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION > 1: > DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 > 1: > DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY > 1: > DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 > 1: > DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT > 0: > DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 > site_guid : > 29e318da-d660-4a24-94d9-81e86b5a1e82 > pid : 0x00000000 (0) > repl_epoch : 0x00000000 (0) > bind_handle : * > bind_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > 2cb3f3b5-b29a-4958-a912-51a0881976da > result : WERR_OK > lpcfg_servicenumber: couldn't find ldb > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Cannot do GSSAPI to an IP address > Failed to start GENSEC client mech gssapi_krb5: > NT_STATUS_INVALID_PARAMETER > Starting GENSEC submechanism ntlmssp > Got challenge flags: > Got NTLMSSP neg_flags=0x62898235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_TARGET_TYPE_DOMAIN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync > in: struct drsuapi_DsReplicaSync > bind_handle : * > bind_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > 2cb3f3b5-b29a-4958-a912-51a0881976da > level : 0x00000001 (1) > req : * > req : union > drsuapi_DsReplicaSyncRequest(case 1) > req1: struct drsuapi_DsReplicaSyncRequest1 > naming_context : * > naming_context: struct > drsuapi_DsReplicaObjectIdentifier > __ndr_size : 0x00000066 (102) > __ndr_size_sid : 0x00000000 (0) > guid : > 00000000-0000-0000-0000-000000000000 > sid : S-0-0 > __ndr_size_dn : 0x00000016 (22) > dn : > 'DC=iumnet,DC=edu,DC=na' > source_dsa_guid : > 27182378-a9c7-451e-bb95-7b2172a5f311 > source_dsa_dns : NULL > options : 0x00008010 (32784) > 0: DRSUAPI_DRS_ASYNC_OP > 0: DRSUAPI_DRS_GETCHG_CHECK > 0: DRSUAPI_DRS_UPDATE_NOTIFICATION > 0: DRSUAPI_DRS_ADD_REF > 0: DRSUAPI_DRS_SYNC_ALL > 0: DRSUAPI_DRS_DEL_REF > 1: DRSUAPI_DRS_WRIT_REP > 0: DRSUAPI_DRS_INIT_SYNC > 0: DRSUAPI_DRS_PER_SYNC > 0: DRSUAPI_DRS_MAIL_REP > 0: DRSUAPI_DRS_ASYNC_REP > 0: DRSUAPI_DRS_IGNORE_ERROR > 0: DRSUAPI_DRS_TWOWAY_SYNC > 0: DRSUAPI_DRS_CRITICAL_ONLY > 0: DRSUAPI_DRS_GET_ANC > 0: DRSUAPI_DRS_GET_NC_SIZE > 0: DRSUAPI_DRS_LOCAL_ONLY > 0: DRSUAPI_DRS_NONGC_RO_REP > 0: DRSUAPI_DRS_SYNC_BYNAME > 0: DRSUAPI_DRS_REF_OK > 1: DRSUAPI_DRS_FULL_SYNC_NOW > 1: DRSUAPI_DRS_NO_SOURCE > 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS > 0: DRSUAPI_DRS_FULL_SYNC_PACKET > 0: DRSUAPI_DRS_SYNC_REQUEUE > 0: DRSUAPI_DRS_SYNC_URGENT > 0: DRSUAPI_DRS_REF_GCSPN > 0: DRSUAPI_DRS_NO_DISCARD > 0: DRSUAPI_DRS_NEVER_SYNCED > 0: > DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING > 0: DRSUAPI_DRS_INIT_SYNC_NOW > 0: DRSUAPI_DRS_PREEMPTED > 0: DRSUAPI_DRS_SYNC_FORCED > 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC > 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC > 0: DRSUAPI_DRS_USE_COMPRESSION > 0: DRSUAPI_DRS_NEVER_NOTIFY > 0: DRSUAPI_DRS_SYNC_PAS > 0: > DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP > drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync > out: struct drsuapi_DsReplicaSync > result : WERR_BAD_NET_RESP > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync > failed - > drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') > File > "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line > 386, in > run > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > source_dsa_guid, NC, req_options) > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", > line 85, in > sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > *Harsh Kukreja *Systems Administrator > *International University of Namibia *Tel: 061-4336000 - > E-mail: h.kukreja > @ium.edu.na <http://ium.edu.na> - Web: > *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag > 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, > NAMIBIA > > > Not sure what your issue is but have you tried using the fqdn for > DC1 and DC2? I've experienced issues with manual replication when > using a IP and not the dns or fqdn name. > > -- > -- > James > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > <https://lists.samba.org/mailman/options/samba> > >I would verify the dns entries for 'iumsvrpdc'. hots -t A iumsvrpdc (use it's fqdn as well) Search for 'iumsvrpdc' objectGUID ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid host -t CNAME objectGUID-for-iumsvrpdc._msdcs.samdom.example.com Reference the wiki if needed. https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record Just to confirm you are attempting to replicate from 'iumsvrpdc' to 'iumdcdp01.iumnet.edu.na <http://iumdcdp01.iumnet.edu.na>'? -- -- James
Hi James Thanks for your response. hots -t A iumsvrpdc (use it's fqdn as well) I have verified it with the FQDN which says that the record iumsvrpdc.iumnet.edu.na exists Search for 'iumsvrpdc' objectGUID ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid : it shows 2 records found # record 1 dn: CN=NTDS Settings,CN=IUMDCDP01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=iumnet,DC=edu,DC=na # record 2 dn: CN=NTDS Settings,CN=IUMSVRPDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=iumnet,DC=edu,DC=na # returned 2 records # 2 entries # 0 referrals host -t CNAME objectGUID-for-iumsvrpdc._msdcs.samdom.example.com host -t CNAME iumsvrpdc._msdcs.iumnet.edu.na iumsvrpdc._msdcs.iumnet.edu.na is an alias for 27182378-a9c7-451e-bb95-7b2172a5f311._msdcs.iumnet.edu.na Reference the wiki if needed. https://wiki.samba.org/index. php/Verifying_and_Creating_a_DC_DNS_Record Just to confirm you are attempting to replicate from 'iumsvrpdc' to ' iumdcdp01.iumnet.edu.na'? YES Please assist to resolve this issue. *Harsh Kukreja *Systems Administrator *International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja @ium.edu.na - Web: *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA On Thu, Jan 11, 2018 at 9:20 PM, lingpanda101 <lingpanda101 at gmail.com> wrote:> On 1/11/2018 1:57 PM, Harsh Kukreja wrote: > > Hi > > I have tried using FQDN for DC1 and DC2 but still it is failing.Please > assist to fix > > samba-tool drs replicate iumdcdp01.iumnet.edu.na iumsvrpdc > DC=iumnet,DC=edu,DC=na --sync-forced -UAdministrator > INFO: Current debug levels: > all: 9 > tdb: 9 > printdrivers: 9 > lanman: 9 > smb: 9 > rpc_parse: 9 > rpc_srv: 9 > rpc_cli: 9 > passdb: 9 > sam: 9 > auth: 9 > winbind: 9 > vfs: 9 > idmap: 9 > quota: 9 > acls: 9 > locking: 9 > msdfs: 9 > dmapi: 9 > registry: 9 > scavenger: 9 > dns: 0 > ldb: 9 > tevent: 9 > auth_audit: 9 > auth_json_audit: 9 > kerberos: 9 > drs_repl: 9 > Processing section "[netlogon]" > Processing section "[sysvol]" > Processing section "[softshare]" > pm_process() returned Yes > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Using binding ncacn_ip_tcp:iumdcdp01.iumnet.edu.na[,seal,print] > Mapped to DCERPC endpoint 135 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > resolve_lmhosts: Attempting lmhosts lookup for name > iumdcdp01.iumnet.edu.na<0x20> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > Mapped to DCERPC endpoint 1024 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > resolve_lmhosts: Attempting lmhosts lookup for name > iumdcdp01.iumnet.edu.na<0x20> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Password for [IUMNET\Administrator]: > Received smb_krb5 packet of length 271 > Received smb_krb5 packet of length 1397 > gensec_gssapi: NO credentials were delegated > GSSAPI Connection will be cryptographically sealed > drsuapi_DsBind: struct drsuapi_DsBind > in: struct drsuapi_DsBind > bind_guid : * > bind_guid : e24d201a-4fd6-11d1-a3da- > 0000f875ae0d > bind_info : * > bind_info: struct drsuapi_DsBindInfoCtr > length : 0x0000001c (28) > __ndr_length : 0x0000001c (28) > info : union > drsuapi_DsBindInfo(case 28) > info28: struct drsuapi_DsBindInfo28 > supported_extensions : 0x0fefff7f (267386751) > 1: DRSUAPI_SUPPORTED_EXTENSION_BASE > 1: DRSUAPI_SUPPORTED_EXTENSION_ > ASYNC_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI > 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GETCHG_COMPRESS > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > RESTORE_USN_OPTIMIZATION > 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY > 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE > 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > LINKED_VALUE_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > INSTANCE_TYPE_NOT_REQ_ON_MOD > 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GET_REPL_INFO > 1: DRSUAPI_SUPPORTED_EXTENSION_ > STRONG_ENCRYPTION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > TRANSITIVE_MEMBERSHIP > 1: DRSUAPI_SUPPORTED_EXTENSION_ > ADD_SID_HISTORY > 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 > 0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GET_MEMBERSHIPS2 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > NONDOMAIN_NCS > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GETCHGREPLY_V5 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GETCHGREPLY_V6 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > ADDENTRYREPLY_V3 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GETCHGREPLY_V7 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > VERIFY_OBJECT > 0: DRSUAPI_SUPPORTED_EXTENSION_ > XPRESS_COMPRESS > 0: DRSUAPI_SUPPORTED_EXTENSION_ > GETCHGREQ_V10 > 0: DRSUAPI_SUPPORTED_EXTENSION_ > RESERVED_PART2 > 0: DRSUAPI_SUPPORTED_EXTENSION_ > RESERVED_PART3 > site_guid : 00000000-0000-0000-0000- > 000000000000 > pid : 0x00000000 (0) > repl_epoch : 0x00000000 (0) > drsuapi_DsBind: struct drsuapi_DsBind > out: struct drsuapi_DsBind > bind_info : * > bind_info: struct drsuapi_DsBindInfoCtr > length : 0x0000001c (28) > __ndr_length : 0x0000001c (28) > info : union > drsuapi_DsBindInfo(case 28) > info28: struct drsuapi_DsBindInfo28 > supported_extensions : 0x2fffff6f (805306223) > 1: DRSUAPI_SUPPORTED_EXTENSION_BASE > 1: DRSUAPI_SUPPORTED_EXTENSION_ > ASYNC_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI > 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 > 0: DRSUAPI_SUPPORTED_EXTENSION_ > GETCHG_COMPRESS > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > RESTORE_USN_OPTIMIZATION > 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY > 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE > 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > LINKED_VALUE_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > INSTANCE_TYPE_NOT_REQ_ON_MOD > 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GET_REPL_INFO > 1: DRSUAPI_SUPPORTED_EXTENSION_ > STRONG_ENCRYPTION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > TRANSITIVE_MEMBERSHIP > 1: DRSUAPI_SUPPORTED_EXTENSION_ > ADD_SID_HISTORY > 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GET_MEMBERSHIPS2 > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > NONDOMAIN_NCS > 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GETCHGREPLY_V5 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GETCHGREPLY_V6 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > ADDENTRYREPLY_V3 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GETCHGREPLY_V7 > 1: DRSUAPI_SUPPORTED_EXTENSION_ > VERIFY_OBJECT > 0: DRSUAPI_SUPPORTED_EXTENSION_ > XPRESS_COMPRESS > 1: DRSUAPI_SUPPORTED_EXTENSION_ > GETCHGREQ_V10 > 0: DRSUAPI_SUPPORTED_EXTENSION_ > RESERVED_PART2 > 0: DRSUAPI_SUPPORTED_EXTENSION_ > RESERVED_PART3 > site_guid : 29e318da-d660-4a24-94d9- > 81e86b5a1e82 > pid : 0x00000000 (0) > repl_epoch : 0x00000000 (0) > bind_handle : * > bind_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 4b1eea79-e969-408c-a3b1- > 84ca1fe9a0eb > result : WERR_OK > lpcfg_servicenumber: couldn't find ldb > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 > netmask=255.255.255.0 > resolve_lmhosts: Attempting lmhosts lookup for name > iumdcdp01.iumnet.edu.na<0x20> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Received smb_krb5 packet of length 271 > Received smb_krb5 packet of length 1397 > gensec_gssapi: NO credentials were delegated > GSSAPI Connection will be cryptographically signed > drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync > in: struct drsuapi_DsReplicaSync > bind_handle : * > bind_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 4b1eea79-e969-408c-a3b1- > 84ca1fe9a0eb > level : 0x00000001 (1) > req : * > req : union > drsuapi_DsReplicaSyncRequest(case 1) > req1: struct drsuapi_DsReplicaSyncRequest1 > naming_context : * > naming_context: struct drsuapi_ > DsReplicaObjectIdentifier > __ndr_size : 0x00000066 (102) > __ndr_size_sid : 0x00000000 (0) > guid : > 00000000-0000-0000-0000-000000000000 > sid : S-0-0 > __ndr_size_dn : 0x00000016 (22) > dn : > 'DC=iumnet,DC=edu,DC=na' > source_dsa_guid : 27182378-a9c7-451e-bb95- > 7b2172a5f311 > source_dsa_dns : NULL > options : 0x02000010 (33554448) > 0: DRSUAPI_DRS_ASYNC_OP > 0: DRSUAPI_DRS_GETCHG_CHECK > 0: DRSUAPI_DRS_UPDATE_NOTIFICATION > 0: DRSUAPI_DRS_ADD_REF > 0: DRSUAPI_DRS_SYNC_ALL > 0: DRSUAPI_DRS_DEL_REF > 1: DRSUAPI_DRS_WRIT_REP > 0: DRSUAPI_DRS_INIT_SYNC > 0: DRSUAPI_DRS_PER_SYNC > 0: DRSUAPI_DRS_MAIL_REP > 0: DRSUAPI_DRS_ASYNC_REP > 0: DRSUAPI_DRS_IGNORE_ERROR > 0: DRSUAPI_DRS_TWOWAY_SYNC > 0: DRSUAPI_DRS_CRITICAL_ONLY > 0: DRSUAPI_DRS_GET_ANC > 0: DRSUAPI_DRS_GET_NC_SIZE > 0: DRSUAPI_DRS_LOCAL_ONLY > 0: DRSUAPI_DRS_NONGC_RO_REP > 0: DRSUAPI_DRS_SYNC_BYNAME > 0: DRSUAPI_DRS_REF_OK > 0: DRSUAPI_DRS_FULL_SYNC_NOW > 0: DRSUAPI_DRS_NO_SOURCE > 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS > 0: DRSUAPI_DRS_FULL_SYNC_PACKET > 0: DRSUAPI_DRS_SYNC_REQUEUE > 0: DRSUAPI_DRS_SYNC_URGENT > 0: DRSUAPI_DRS_REF_GCSPN > 0: DRSUAPI_DRS_NO_DISCARD > 0: DRSUAPI_DRS_NEVER_SYNCED > 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING > 0: DRSUAPI_DRS_INIT_SYNC_NOW > 0: DRSUAPI_DRS_PREEMPTED > 1: DRSUAPI_DRS_SYNC_FORCED > 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC > 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC > 0: DRSUAPI_DRS_USE_COMPRESSION > 0: DRSUAPI_DRS_NEVER_NOTIFY > 0: DRSUAPI_DRS_SYNC_PAS > 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP > drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync > out: struct drsuapi_DsReplicaSync > result : WERR_BAD_NET_RESP > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 386, > in run > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > source_dsa_guid, NC, req_options) > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, in > sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > *Harsh Kukreja *Systems Administrator > *International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja > @ium.edu.na - Web: > *http://www.ium.edu.na <http://www.ium.edu.na/> *Private Bag > 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA > > > > > > > > > On Thu, Jan 11, 2018 at 6:04 PM, lingpanda101 via samba < > samba at lists.samba.org> wrote: > >> On 1/11/2018 10:39 AM, Harsh Kukreja via samba wrote: >> >>> Hi >>> >>> The DRS sync between two Domain Controllers connected on one network is >>> failing. I have enabled the log level 9. >>> >>> samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na >>> --full-sync -UAdministrator >>> INFO: Current debug levels: >>> all: 9 >>> tdb: 9 >>> printdrivers: 9 >>> lanman: 9 >>> smb: 9 >>> rpc_parse: 9 >>> rpc_srv: 9 >>> rpc_cli: 9 >>> passdb: 9 >>> sam: 9 >>> auth: 9 >>> winbind: 9 >>> vfs: 9 >>> idmap: 9 >>> quota: 9 >>> acls: 9 >>> locking: 9 >>> msdfs: 9 >>> dmapi: 9 >>> registry: 9 >>> scavenger: 9 >>> dns: 0 >>> ldb: 9 >>> tevent: 9 >>> auth_audit: 9 >>> auth_json_audit: 9 >>> kerberos: 9 >>> drs_repl: 9 >>> Processing section "[netlogon]" >>> Processing section "[sysvol]" >>> Processing section "[softshare]" >>> pm_process() returned Yes >>> GENSEC backend 'gssapi_spnego' registered >>> GENSEC backend 'gssapi_krb5' registered >>> GENSEC backend 'gssapi_krb5_sasl' registered >>> GENSEC backend 'spnego' registered >>> GENSEC backend 'schannel' registered >>> GENSEC backend 'naclrpc_as_system' registered >>> GENSEC backend 'sasl-EXTERNAL' registered >>> GENSEC backend 'ntlmssp' registered >>> GENSEC backend 'ntlmssp_resume_ccache' registered >>> GENSEC backend 'http_basic' registered >>> GENSEC backend 'http_ntlm' registered >>> GENSEC backend 'krb5' registered >>> GENSEC backend 'fake_gssapi_krb5' registered >>> Using binding ncacn_ip_tcp:172.16.10.5[,seal,print] >>> Mapped to DCERPC endpoint 135 >>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 >>> netmask=255.255.255.0 >>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 >>> netmask=255.255.255.0 >>> Mapped to DCERPC endpoint 1024 >>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 >>> netmask=255.255.255.0 >>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 >>> netmask=255.255.255.0 >>> Starting GENSEC mechanism spnego >>> Starting GENSEC submechanism gssapi_krb5 >>> Cannot do GSSAPI to an IP address >>> Failed to start GENSEC client mech gssapi_krb5: >>> NT_STATUS_INVALID_PARAMETER >>> Starting GENSEC submechanism ntlmssp >>> Got challenge flags: >>> Got NTLMSSP neg_flags=0x62898235 >>> NTLMSSP_NEGOTIATE_UNICODE >>> NTLMSSP_REQUEST_TARGET >>> NTLMSSP_NEGOTIATE_SIGN >>> NTLMSSP_NEGOTIATE_SEAL >>> NTLMSSP_NEGOTIATE_NTLM >>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> NTLMSSP_TARGET_TYPE_DOMAIN >>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >>> NTLMSSP_NEGOTIATE_TARGET_INFO >>> NTLMSSP_NEGOTIATE_VERSION >>> NTLMSSP_NEGOTIATE_128 >>> NTLMSSP_NEGOTIATE_KEY_EXCH >>> Password for [IUMNET\Administrator]: >>> NTLMSSP: Set final flags: >>> Got NTLMSSP neg_flags=0x62088235 >>> NTLMSSP_NEGOTIATE_UNICODE >>> NTLMSSP_REQUEST_TARGET >>> NTLMSSP_NEGOTIATE_SIGN >>> NTLMSSP_NEGOTIATE_SEAL >>> NTLMSSP_NEGOTIATE_NTLM >>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >>> NTLMSSP_NEGOTIATE_VERSION >>> NTLMSSP_NEGOTIATE_128 >>> NTLMSSP_NEGOTIATE_KEY_EXCH >>> NTLMSSP Sign/Seal - Initialising with flags: >>> Got NTLMSSP neg_flags=0x62088235 >>> NTLMSSP_NEGOTIATE_UNICODE >>> NTLMSSP_REQUEST_TARGET >>> NTLMSSP_NEGOTIATE_SIGN >>> NTLMSSP_NEGOTIATE_SEAL >>> NTLMSSP_NEGOTIATE_NTLM >>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >>> NTLMSSP_NEGOTIATE_VERSION >>> NTLMSSP_NEGOTIATE_128 >>> NTLMSSP_NEGOTIATE_KEY_EXCH >>> NTLMSSP Sign/Seal - Initialising with flags: >>> Got NTLMSSP neg_flags=0x62088235 >>> NTLMSSP_NEGOTIATE_UNICODE >>> NTLMSSP_REQUEST_TARGET >>> NTLMSSP_NEGOTIATE_SIGN >>> NTLMSSP_NEGOTIATE_SEAL >>> NTLMSSP_NEGOTIATE_NTLM >>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >>> NTLMSSP_NEGOTIATE_VERSION >>> NTLMSSP_NEGOTIATE_128 >>> NTLMSSP_NEGOTIATE_KEY_EXCH >>> drsuapi_DsBind: struct drsuapi_DsBind >>> in: struct drsuapi_DsBind >>> bind_guid : * >>> bind_guid : >>> e24d201a-4fd6-11d1-a3da-0000f875ae0d >>> bind_info : * >>> bind_info: struct drsuapi_DsBindInfoCtr >>> length : 0x0000001c (28) >>> __ndr_length : 0x0000001c (28) >>> info : union >>> drsuapi_DsBindInfo(case 28) >>> info28: struct drsuapi_DsBindInfo28 >>> supported_extensions : 0x0fefff7f >>> (267386751) >>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI >>> 1: DRSUAPI_SUPPORTED_EXTENSION_MO >>> VEREQ_V2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION >>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY >>> 1: DRSUAPI_SUPPORTED_EXTENSION_KC >>> C_EXECUTE >>> 1: DRSUAPI_SUPPORTED_EXTENSION_AD >>> DENTRY_V2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD >>> 1: DRSUAPI_SUPPORTED_EXTENSION_CR >>> YPTO_BIND >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> T_REPL_INFO >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DC >>> INFO_V01 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY >>> 1: DRSUAPI_SUPPORTED_EXTENSION_PO >>> ST_BETA3 >>> 0: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREQ_V5 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREQ_V6 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_NO >>> NDOMAIN_NCS >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREQ_V8 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREPLY_V5 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREPLY_V6 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREPLY_V7 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_VE >>> RIFY_OBJECT >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS >>> 0: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREQ_V10 >>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE >>> SERVED_PART2 >>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE >>> SERVED_PART3 >>> site_guid : >>> 00000000-0000-0000-0000-000000000000 >>> pid : 0x00000000 (0) >>> repl_epoch : 0x00000000 (0) >>> drsuapi_DsBind: struct drsuapi_DsBind >>> out: struct drsuapi_DsBind >>> bind_info : * >>> bind_info: struct drsuapi_DsBindInfoCtr >>> length : 0x0000001c (28) >>> __ndr_length : 0x0000001c (28) >>> info : union >>> drsuapi_DsBindInfo(case 28) >>> info28: struct drsuapi_DsBindInfo28 >>> supported_extensions : 0x2fffff6f >>> (805306223) >>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI >>> 1: DRSUAPI_SUPPORTED_EXTENSION_MO >>> VEREQ_V2 >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION >>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY >>> 1: DRSUAPI_SUPPORTED_EXTENSION_KC >>> C_EXECUTE >>> 1: DRSUAPI_SUPPORTED_EXTENSION_AD >>> DENTRY_V2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD >>> 1: DRSUAPI_SUPPORTED_EXTENSION_CR >>> YPTO_BIND >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> T_REPL_INFO >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DC >>> INFO_V01 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY >>> 1: DRSUAPI_SUPPORTED_EXTENSION_PO >>> ST_BETA3 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREQ_V5 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREQ_V6 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_NO >>> NDOMAIN_NCS >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREQ_V8 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREPLY_V5 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREPLY_V6 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREPLY_V7 >>> 1: DRSUAPI_SUPPORTED_EXTENSION_VE >>> RIFY_OBJECT >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS >>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE >>> TCHGREQ_V10 >>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE >>> SERVED_PART2 >>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE >>> SERVED_PART3 >>> site_guid : >>> 29e318da-d660-4a24-94d9-81e86b5a1e82 >>> pid : 0x00000000 (0) >>> repl_epoch : 0x00000000 (0) >>> bind_handle : * >>> bind_handle: struct policy_handle >>> handle_type : 0x00000000 (0) >>> uuid : >>> 2cb3f3b5-b29a-4958-a912-51a0881976da >>> result : WERR_OK >>> lpcfg_servicenumber: couldn't find ldb >>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 >>> netmask=255.255.255.0 >>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255 >>> netmask=255.255.255.0 >>> Starting GENSEC mechanism spnego >>> Starting GENSEC submechanism gssapi_krb5 >>> Cannot do GSSAPI to an IP address >>> Failed to start GENSEC client mech gssapi_krb5: >>> NT_STATUS_INVALID_PARAMETER >>> Starting GENSEC submechanism ntlmssp >>> Got challenge flags: >>> Got NTLMSSP neg_flags=0x62898235 >>> NTLMSSP_NEGOTIATE_UNICODE >>> NTLMSSP_REQUEST_TARGET >>> NTLMSSP_NEGOTIATE_SIGN >>> NTLMSSP_NEGOTIATE_SEAL >>> NTLMSSP_NEGOTIATE_NTLM >>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> NTLMSSP_TARGET_TYPE_DOMAIN >>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >>> NTLMSSP_NEGOTIATE_TARGET_INFO >>> NTLMSSP_NEGOTIATE_VERSION >>> NTLMSSP_NEGOTIATE_128 >>> NTLMSSP_NEGOTIATE_KEY_EXCH >>> NTLMSSP: Set final flags: >>> Got NTLMSSP neg_flags=0x62088235 >>> NTLMSSP_NEGOTIATE_UNICODE >>> NTLMSSP_REQUEST_TARGET >>> NTLMSSP_NEGOTIATE_SIGN >>> NTLMSSP_NEGOTIATE_SEAL >>> NTLMSSP_NEGOTIATE_NTLM >>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >>> NTLMSSP_NEGOTIATE_VERSION >>> NTLMSSP_NEGOTIATE_128 >>> NTLMSSP_NEGOTIATE_KEY_EXCH >>> NTLMSSP Sign/Seal - Initialising with flags: >>> Got NTLMSSP neg_flags=0x62088235 >>> NTLMSSP_NEGOTIATE_UNICODE >>> NTLMSSP_REQUEST_TARGET >>> NTLMSSP_NEGOTIATE_SIGN >>> NTLMSSP_NEGOTIATE_SEAL >>> NTLMSSP_NEGOTIATE_NTLM >>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >>> NTLMSSP_NEGOTIATE_VERSION >>> NTLMSSP_NEGOTIATE_128 >>> NTLMSSP_NEGOTIATE_KEY_EXCH >>> NTLMSSP Sign/Seal - Initialising with flags: >>> Got NTLMSSP neg_flags=0x62088235 >>> NTLMSSP_NEGOTIATE_UNICODE >>> NTLMSSP_REQUEST_TARGET >>> NTLMSSP_NEGOTIATE_SIGN >>> NTLMSSP_NEGOTIATE_SEAL >>> NTLMSSP_NEGOTIATE_NTLM >>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >>> NTLMSSP_NEGOTIATE_VERSION >>> NTLMSSP_NEGOTIATE_128 >>> NTLMSSP_NEGOTIATE_KEY_EXCH >>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync >>> in: struct drsuapi_DsReplicaSync >>> bind_handle : * >>> bind_handle: struct policy_handle >>> handle_type : 0x00000000 (0) >>> uuid : >>> 2cb3f3b5-b29a-4958-a912-51a0881976da >>> level : 0x00000001 (1) >>> req : * >>> req : union >>> drsuapi_DsReplicaSyncRequest(case 1) >>> req1: struct drsuapi_DsReplicaSyncRequest1 >>> naming_context : * >>> naming_context: struct >>> drsuapi_DsReplicaObjectIdentifier >>> __ndr_size : 0x00000066 (102) >>> __ndr_size_sid : 0x00000000 (0) >>> guid : >>> 00000000-0000-0000-0000-000000000000 >>> sid : S-0-0 >>> __ndr_size_dn : 0x00000016 (22) >>> dn : >>> 'DC=iumnet,DC=edu,DC=na' >>> source_dsa_guid : >>> 27182378-a9c7-451e-bb95-7b2172a5f311 >>> source_dsa_dns : NULL >>> options : 0x00008010 (32784) >>> 0: DRSUAPI_DRS_ASYNC_OP >>> 0: DRSUAPI_DRS_GETCHG_CHECK >>> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION >>> 0: DRSUAPI_DRS_ADD_REF >>> 0: DRSUAPI_DRS_SYNC_ALL >>> 0: DRSUAPI_DRS_DEL_REF >>> 1: DRSUAPI_DRS_WRIT_REP >>> 0: DRSUAPI_DRS_INIT_SYNC >>> 0: DRSUAPI_DRS_PER_SYNC >>> 0: DRSUAPI_DRS_MAIL_REP >>> 0: DRSUAPI_DRS_ASYNC_REP >>> 0: DRSUAPI_DRS_IGNORE_ERROR >>> 0: DRSUAPI_DRS_TWOWAY_SYNC >>> 0: DRSUAPI_DRS_CRITICAL_ONLY >>> 0: DRSUAPI_DRS_GET_ANC >>> 0: DRSUAPI_DRS_GET_NC_SIZE >>> 0: DRSUAPI_DRS_LOCAL_ONLY >>> 0: DRSUAPI_DRS_NONGC_RO_REP >>> 0: DRSUAPI_DRS_SYNC_BYNAME >>> 0: DRSUAPI_DRS_REF_OK >>> 1: DRSUAPI_DRS_FULL_SYNC_NOW >>> 1: DRSUAPI_DRS_NO_SOURCE >>> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS >>> 0: DRSUAPI_DRS_FULL_SYNC_PACKET >>> 0: DRSUAPI_DRS_SYNC_REQUEUE >>> 0: DRSUAPI_DRS_SYNC_URGENT >>> 0: DRSUAPI_DRS_REF_GCSPN >>> 0: DRSUAPI_DRS_NO_DISCARD >>> 0: DRSUAPI_DRS_NEVER_SYNCED >>> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING >>> 0: DRSUAPI_DRS_INIT_SYNC_NOW >>> 0: DRSUAPI_DRS_PREEMPTED >>> 0: DRSUAPI_DRS_SYNC_FORCED >>> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC >>> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC >>> 0: DRSUAPI_DRS_USE_COMPRESSION >>> 0: DRSUAPI_DRS_NEVER_NOTIFY >>> 0: DRSUAPI_DRS_SYNC_PAS >>> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP >>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync >>> out: struct drsuapi_DsReplicaSync >>> result : WERR_BAD_NET_RESP >>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') >>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line >>> 386, in >>> run >>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, >>> source_dsa_guid, NC, req_options) >>> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, >>> in >>> sendDsReplicaSync >>> raise drsException("DsReplicaSync failed %s" % estr) >>> >>> *Harsh Kukreja *Systems Administrator >>> *International University of Namibia *Tel: 061-4336000 - E-mail: >>> h.kukreja >>> @ium.edu.na - Web: >>> *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag >>> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA >>> >> >> Not sure what your issue is but have you tried using the fqdn for DC1 and >> DC2? I've experienced issues with manual replication when using a IP and >> not the dns or fqdn name. >> >> -- >> -- >> James >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > I would verify the dns entries for 'iumsvrpdc'. > > hots -t A iumsvrpdc (use it's fqdn as well) > > Search for 'iumsvrpdc' objectGUID > > ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)' > --cross-ncs objectguid > > host -t CNAME objectGUID-for-iumsvrpdc._msdcs.samdom.example.com > > Reference the wiki if needed. https://wiki.samba.org/index. > php/Verifying_and_Creating_a_DC_DNS_Record > > Just to confirm you are attempting to replicate from 'iumsvrpdc' to ' > iumdcdp01.iumnet.edu.na'? > > -- > -- > James > >
Yes they exists on both the DC’s.
DC1 Samba 4.6.12
DC2 Samba 4.7.4
Sent from my iPhone
On 12 Jan 2018, at 6:34 PM, lingpanda101 <lingpanda101 at gmail.com>
wrote:
On 1/12/2018 3:27 AM, Harsh Kukreja wrote:
Hi James
Thanks for your response.
hots -t A iumsvrpdc (use it's fqdn as well) I have verified it with the
FQDN which says that the record iumsvrpdc.iumnet.edu.na exists
Search for 'iumsvrpdc' objectGUID
ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)'
--cross-ncs objectguid : it shows 2 records found
# record 1
dn: CN=NTDS
Settings,CN=IUMDCDP01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=iumnet,DC=edu,DC=na
# record 2
dn: CN=NTDS
Settings,CN=IUMSVRPDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=iumnet,DC=edu,DC=na
# returned 2 records
# 2 entries
# 0 referrals
host -t CNAME objectGUID-for-iumsvrpdc._msdcs.samdom.example.com
host -t CNAME iumsvrpdc._msdcs.iumnet.edu.na
iumsvrpdc._msdcs.iumnet.edu.na is an alias for
27182378-a9c7-451e-bb95-7b2172a5f311._msdcs.iumnet.edu.na
Reference the wiki if needed. https://wiki.samba.org/index.
php/Verifying_and_Creating_a_DC_DNS_Record
Just to confirm you are attempting to replicate from 'iumsvrpdc' to
'
iumdcdp01.iumnet.edu.na'? YES
Please assist to resolve this issue.
*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/> *Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
Harsh,
Do those records exists on both DC's? What version of Samba are you
running?
--
--
James
On 1/12/2018 11:57 AM, Kukreja H.Kukreja wrote:> Yes they exists on both the DC’s. > > DC1 Samba 4.6.12 > DC2 Samba 4.7.4 > > Sent from my iPhone > > On 12 Jan 2018, at 6:34 PM, lingpanda101 <lingpanda101 at gmail.com > <mailto:lingpanda101 at gmail.com>> wrote: > >> On 1/12/2018 3:27 AM, Harsh Kukreja wrote: >>> Hi James >>> >>> Thanks for your response. >>> >>> hots -t A iumsvrpdc (use it's fqdn as well) I have verified it with >>> the FQDN which says that the record iumsvrpdc.iumnet.edu.na >>> <http://iumsvrpdc.iumnet.edu.na> exists >>> >>> Search for 'iumsvrpdc' objectGUID >>> >>> ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)' >>> --cross-ncs objectguid :it shows 2 records found >>> >>> # record 1 >>> >>> dn: CN=NTDS >>> Settings,CN=IUMDCDP01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=iumnet,DC=edu,DC=na >>> >>> # record 2 >>> >>> dn: CN=NTDS >>> Settings,CN=IUMSVRPDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=iumnet,DC=edu,DC=na >>> >>> # returned 2 records >>> >>> # 2 entries >>> >>> # 0 referrals >>> >>> host -t CNAME objectGUID-for-iumsvrpdc._msdcs.samdom.example.com >>> <http://msdcs.samdom.example.com/> >>> >>> host -t CNAME iumsvrpdc._msdcs.iumnet.edu.na >>> <http://msdcs.iumnet.edu.na> >>> >>> iumsvrpdc._msdcs.iumnet.edu.na <http://msdcs.iumnet.edu.na> is an >>> alias for 27182378-a9c7-451e-bb95-7b2172a5f311._msdcs.iumnet.edu.na >>> <http://msdcs.iumnet.edu.na> >>> >>> >>> Reference the wiki if needed. >>> https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record >>> <https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record> >>> >>> Just to confirm you are attempting to replicate from 'iumsvrpdc' to >>> 'iumdcdp01.iumnet.edu.na <http://iumdcdp01.iumnet.edu.na/>'? YES >>> >>> >>> Please assist to resolve this issue. >>> >>> >>> *Harsh Kukreja *Systems Administrator >>> >>> **International University of Namibia**Tel: 061-4336000 - E-mail: >>> h.kukreja at ium.edu.na <mailto:h.kukreja at ium.edu.na> - Web: >>> _http://www.ium.edu.na <http://www.ium.edu.na/> >>> _Private Bag 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, >>> Windhoek, NAMIBIA >>> >>> >>> >>> >> Harsh, >> >> Do those records exists on both DC's? What version of Samba are >> you running? >> -- >> -- >> JamesI do not know. Was there a recent update/upgrade that caused the replication failure? The issue looks similar to this bug in versions prior to 4.7.0. https://bugzilla.samba.org/show_bug.cgi?id=12858 -- -- James