samba - Feb 2018 - after a couple of year of success is not possible to add workstations to domain

*//*
Il 05/02/2018 16:41, Rowland Penny ha scritto:
> On Mon, 5 Feb 2018 16:01:27 +0100
> "Massimo Donato - Adcom.it via samba" <samba at
lists.samba.org> wrote:
>
>> */Hi all,
>>      after a couple of year of successfully working samba AD DC is
>> not possible to add workstations to domain
>> since a few day ago in windows i get a messagge complaining that the
>> account previously exists. ant that to try access with a different
>> account. after some investigation i found that the backupDC  was in
>> hardware fault. the primary seems to work great, but still unable to
>> add workstation to domain.
>> seems like something is missing,
>> samba version is 4.7.4(upgraded during investigation)
>>
>> any advice ? where to look ?
>>
> One of the problems here is that you are thinking in terms of
'primary'
> and 'backup' DCs. You haven't got a 'primary' DC or a
'backup' DC, you
> just have two DCs and they should both contain exactly the same data in
> AD. Problem is, when your second DC became faulty, it may have
> corrupted AD on the DC and then replicated this corruption to the
> first DC.
>
> I would turn off the faulty DC (if it is still running), demote the
> dead DC and then run 'samba-tool dbcheck'
>
> But, before I tried to do anything, I would ensure that the first DC
> was fully backed up.
>
> Rowland
>
>
thank you Rowland for your answer.,
i understend what you mean regarding DC, there was just two dc.
the faulty DC is no more in our datacenter(disk dead)
so i have one DC that is corrupted, i have a backup, but only after 
corruption.
dbcheck is good, even with ncs option, 0 errors
any other advice to check ?



---
Questa email è stata esaminata alla ricerca di virus da AVG.
http://www.avg.com

Hi Massimo,
> Il 05/02/2018 16:41, Rowland Penny ha scritto:
>> On Mon, 5 Feb 2018 16:01:27 +0100
>> "Massimo Donato - Adcom.it via samba" <samba at
lists.samba.org> wrote:
>>
>>> */Hi all,
>>>      after a couple of year of successfully working samba AD DC is
>>> not possible to add workstations to domain
>>> since a few day ago in windows i get a messagge complaining that
the
>>> account previously exists. ant that to try access with a different
>>> account. after some investigation i found that the backupDC  was in
>>> hardware fault. the primary seems to work great, but still unable
to
>>> add workstation to domain.
>>> seems like something is missing,
>>> samba version is 4.7.4(upgraded during investigation)
>>>
>>> any advice ? where to look ?
>>>
>> One of the problems here is that you are thinking in terms of
'primary'
>> and 'backup' DCs. You haven't got a 'primary' DC or
a 'backup' DC, you
>> just have two DCs and they should both contain exactly the same data in
>> AD. Problem is, when your second DC became faulty, it may have
>> corrupted AD on the DC and then replicated this corruption to the
>> first DC.
>>
>> I would turn off the faulty DC (if it is still running), demote the
>> dead DC and then run 'samba-tool dbcheck'
>>
>> But, before I tried to do anything, I would ensure that the first DC
>> was fully backed up.
>>
>> Rowland
>>
>>
> thank you Rowland for your answer.,
> i understend what you mean regarding DC, there was just two dc.
> the faulty DC is no more in our datacenter(disk dead)
> so i have one DC that is corrupted, i have a backup, but only after
> corruption.
> dbcheck is good, even with ncs option, 0 errors
> any other advice to check ?
which server is/was the RID FSMO role owner?

Denis
>
>
>
> ---
> Questa email è stata esaminata alla ricerca di virus da AVG.
> http://www.avg.com
-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

*//*
Hi Denis,

Il 06/02/2018 20:05, Denis Cardon via samba ha scritto:
> Hi Massimo,
>
>> Il 05/02/2018 16:41, Rowland Penny ha scritto:
>>> On Mon, 5 Feb 2018 16:01:27 +0100
>>> "Massimo Donato - Adcom.it via samba" <samba at
lists.samba.org> wrote:
>>>
>>>> */Hi all,
>>>>      after a couple of year of successfully working samba AD DC
is
>>>> not possible to add workstations to domain
>>>> since a few day ago in windows i get a messagge complaining
that the
>>>> account previously exists. ant that to try access with a
different
>>>> account. after some investigation i found that the backupDC was
in
>>>> hardware fault. the primary seems to work great, but still
unable to
>>>> add workstation to domain.
>>>> seems like something is missing,
>>>> samba version is 4.7.4(upgraded during investigation)
>>>>
>>>> any advice ? where to look ?
>>>>
>>> One of the problems here is that you are thinking in terms of
'primary'
>>> and 'backup' DCs. You haven't got a 'primary'
DC or a 'backup' DC, you
>>> just have two DCs and they should both contain exactly the same
data in
>>> AD. Problem is, when your second DC became faulty, it may have
>>> corrupted AD on the DC and then replicated this corruption to the
>>> first DC.
>>>
>>> I would turn off the faulty DC (if it is still running), demote the
>>> dead DC and then run 'samba-tool dbcheck'
>>>
>>> But, before I tried to do anything, I would ensure that the first
DC
>>> was fully backed up.
>>>
>>> Rowland
>>>
>>>
>> thank you Rowland for your answer.,
>> i understend what you mean regarding DC, there was just two dc.
>> the faulty DC is no more in our datacenter(disk dead)
>> so i have one DC that is corrupted, i have a backup, but only after
>> corruption.
>> dbcheck is good, even with ncs option, 0 errors
>> any other advice to check ?
>
> which server is/was the RID FSMO role owner?
>
> Denis
I think the one still lives, was the forst one i configured.

i tryed something just not to bother all the list, may this help ?

[root at zeus log]# samba-tool dbcheck --fix
WARNING: The "profile acls" option is deprecated
Checking 309 objects
Checked 309 objects (0 errors)
[root at zeus log]# samba-tool dbcheck --cross-nc --fix
WARNING: The "profile acls" option is deprecated
Checking 3578 objects
Checked 3578 objects (0 errors)
[root at zeus log]# samba-tool drs showrepl
WARNING: The "profile acls" option is deprecated
Default-First-Site-Name\ZEUS
DSA Options: 0x00000001
DSA object GUID: e0a28581-6f38-4a9e-b593-43b65cafb872
DSA invocationId: adb5b609-20d2-4b4c-a8da-1bdb74dc444e

==== INBOUND NEIGHBORS ===
==== OUTBOUND NEIGHBORS ===
==== KCC CONNECTION OBJECTS ===



---
Questa email è stata esaminata alla ricerca di virus da AVG.
http://www.avg.com