Hello,
I am once again having troubles with a setup of a samba 4 DC and a
Windows Server 2008R2 DC. Replication between these two stopped a few
days ago. Since then the logs on the samba server are flooded with:
Failed to bind to uuid e3514235-4b06-11d1-ab04-xxxxxxxxxxxx for
ncacn_ip_tcp:10.0.1.8[49155,seal,krb5,target_hostname=5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx._msdcs.my.domain,target_principal=GC/DC2008.my.domain/my.domain,abstract_syntax=e3514235-4b06-11d1-ab04-xxxxxxxxxxxx/0x00000004,localaddress=10.0.1.102]
NT_STATUS_LOGON_FAILURE
samba-tool drs showrepl shows:
Default-First-Site-Name\SERVER
DSA Options: 0x00000001
DSA object GUID: 32663ca8-8fd0-442f-8ee8-3be9e72ce3a2
DSA invocationId: 2a684553-b0ca-44fb-a4b8-6f4979c4c071
==== INBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=my,DC=domain
Default-First-Site-Name\DC2008 via RPC
DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
Last attempt @ Thu Mar 22 11:42:28 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
2834 consecutive failure(s).
Last success @ Mon Mar 12 15:05:14 2018 CET
DC=DomainDnsZones,DC=my,DC=domain
Default-First-Site-Name\DC2008 via RPC
DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
Last attempt @ Thu Mar 22 11:42:30 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
2838 consecutive failure(s).
Last success @ Mon Mar 12 15:05:15 2018 CET
DC=my,DC=domain
Default-First-Site-Name\DC2008 via RPC
DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
Last attempt @ Thu Mar 22 11:42:34 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
2838 consecutive failure(s).
Last success @ Mon Mar 12 15:05:17 2018 CET
CN=Schema,CN=Configuration,DC=my,DC=domain
Default-First-Site-Name\DC2008 via RPC
DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
Last attempt @ Thu Mar 22 11:42:35 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
2829 consecutive failure(s).
Last success @ Mon Mar 12 15:05:16 2018 CET
CN=Configuration,DC=my,DC=domain
Default-First-Site-Name\DC2008 via RPC
DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
Last attempt @ Thu Mar 22 11:42:37 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
2834 consecutive failure(s).
Last success @ Mon Mar 12 15:05:16 2018 CET
==== OUTBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=my,DC=domain
Default-First-Site-Name\DC2008 via RPC
DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
Last attempt @ Thu Mar 22 11:46:06 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
127005 consecutive failure(s).
Last success @ Thu Feb 8 13:49:38 2018 CET
DC=DomainDnsZones,DC=my,DC=domain
Default-First-Site-Name\DC2008 via RPC
DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
Last attempt @ Thu Mar 22 11:45:51 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
125829 consecutive failure(s).
Last success @ Mon Mar 12 13:55:53 2018 CET
DC=my,DC=domain
Default-First-Site-Name\DC2008 via RPC
DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
Last attempt @ Thu Mar 22 11:45:56 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
150527 consecutive failure(s).
Last success @ Mon Mar 12 12:10:05 2018 CET
CN=Schema,CN=Configuration,DC=my,DC=domain
Default-First-Site-Name\DC2008 via RPC
DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
Last attempt @ Thu Mar 22 11:46:00 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
111139 consecutive failure(s).
Last success @ Thu Mar 8 11:45:40 2018 CET
CN=Configuration,DC=my,DC=domain
Default-First-Site-Name\DC2008 via RPC
DSA object GUID: 5b0a3412-16d8-4673-b0ef-xxxxxxxxxxxx
Last attempt @ Thu Mar 22 11:46:04 2018 CET failed,
result 1326 (WERR_LOGON_FAILURE)
104308 consecutive failure(s).
Last success @ Mon Mar 12 14:10:15 2018 CET
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: 972cc207-61cd-4c8d-bc8a-d9ef94179c30
Enabled : TRUE
Server DNS name : DC2008.my.domain
Server DN name : CN=NTDS
Settings,CN=DC2008,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Tried a manual replication with samba-tool drs replicate
dc2008.my.domain server.my.domain "DC=my,DC=domain" and got:
Failed to bind to uuid e3514235-4b06-11d1-ab04-xxxxxxxxxxxx for
ncacn_ip_tcp:10.0.1.8[49155,seal,target_hostname=dc2008.my.domain,abstract_syntax=e3514235-4b06-11d1-ab04-xxxxxxxxxxxx/0x00000004,localaddress=10.0.1.102]
NT_STATUS_LOGON_FAILURE
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
dc2008.my.domain failed - drsException: DRS connection to
dc2008.my.domain failed: (-1073741715, 'Logon failure')
On the windows side, repadmin /syncall tells me "The target principal
name is incorrect"
I verified DNS records from both sides like describe here, all OK:
https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
Any ideas?
Thanks,
Andreas
