Alexei Rozenvaser
2018-Jun-10 12:01 UTC
[Samba] Samba DC: How to verify proper functioning
Hello
Please advise some ways to verify that my newly created samba DC
(holding no FSMO roles) is functioning properly from standpoint of
Windows Server DC and Windows clients.
So far I tried to run "dcdiag" command.
Can you please look at following command output and tell me is
everything OK there?
Is there other ways to check if DC works well?
---------------------------------------------------------------------------------
dcdiag /s:ubuntu-dc
Directory Server Diagnosis
Performing initial setup:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\UBUNTU-DC
Starting test: Connectivity
......................... UBUNTU-DC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\UBUNTU-DC
Starting test: Advertising
......................... UBUNTU-DC passed test Advertising
Starting test: FrsEvent
......................... UBUNTU-DC passed test FrsEvent
Starting test: DFSREvent
......................... UBUNTU-DC passed test DFSREvent
Starting test: SysVolCheck
The SysVol is not ready. This can cause the DC to not advertise
itself as a DC for netlogon after dcpromo. Also trouble with FRS
SysVol replication can cause Group Policy problems. Check the FRS
event log on this DC.
......................... UBUNTU-DC failed test SysVolCheck
Starting test: KccEvent
......................... UBUNTU-DC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... UBUNTU-DC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... UBUNTU-DC passed test MachineAccount
Starting test: NCSecDesc
......................... UBUNTU-DC passed test NCSecDesc
Starting test: NetLogons
......................... UBUNTU-DC passed test NetLogons
Starting test: ObjectsReplicated
Failed to read object metadata on UBUNTU-DC, error
The request is not supported.
Failed to read object metadata on UBUNTU-DC, error
The request is not supported.
......................... UBUNTU-DC passed test ObjectsReplicated
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
UBUNTU-DC: Current time is 2018-06-10 14:47:51.
CN=Schema,CN=Configuration,DC=Gal-Shvav,DC=local
Last replication received from GSAD at
1601-01-01 02:21:57
WARNING: This latency is over the Tombstone Lifetime of 180
days!
DC=DomainDnsZones,DC=Gal-Shvav,DC=local
Last replication received from GSAD at
1601-01-01 02:21:57
WARNING: This latency is over the Tombstone Lifetime of 180
days!
DC=Gal-Shvav,DC=local
Last replication received from GSAD at
1601-01-01 02:21:57
WARNING: This latency is over the Tombstone Lifetime of 180
days!
DC=ForestDnsZones,DC=Gal-Shvav,DC=local
Last replication received from GSAD at
1601-01-01 02:21:57
WARNING: This latency is over the Tombstone Lifetime of 180
days!
CN=Configuration,DC=Gal-Shvav,DC=local
Last replication received from GSAD at
1601-01-01 02:21:57
WARNING: This latency is over the Tombstone Lifetime of 180
days!
......................... UBUNTU-DC passed test Replications
Starting test: RidManager
No rids allocated -- please check eventlog.
......................... UBUNTU-DC passed test RidManager
Starting test: Services
Could not open EventSystem Service on UBUNTU-DC, error 0x8
"Not enough storage is available to process this command."
Could not open RpcSs Service on UBUNTU-DC, error 0x8
"Not enough storage is available to process this command."
Could not open NTDS Service on UBUNTU-DC, error 0x8
"Not enough storage is available to process this command."
Could not open DnsCache Service on UBUNTU-DC, error 0x8
"Not enough storage is available to process this command."
Could not open NtFrs Service on UBUNTU-DC, error 0x8
"Not enough storage is available to process this command."
Could not open IsmServ Service on UBUNTU-DC, error 0x8
"Not enough storage is available to process this command."
Could not open kdc Service on UBUNTU-DC, error 0x8
"Not enough storage is available to process this command."
Could not open SamSs Service on UBUNTU-DC, error 0x8
"Not enough storage is available to process this command."
Could not open LanmanServer Service on UBUNTU-DC, error 0x8
"Not enough storage is available to process this command."
Could not open LanmanWorkstation Service on UBUNTU-DC, error 0x8
"Not enough storage is available to process this command."
Could not open w32time Service on UBUNTU-DC, error 0x8
"Not enough storage is available to process this command."
Invalid service type: NETLOGON on UBUNTU-DC, current value
WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
Invalid service startup type: NETLOGON on UBUNTU-DC, current value
DEMAND_START, expected value AUTO_START
......................... UBUNTU-DC failed test Services
Starting test: SystemLog
......................... UBUNTU-DC passed test SystemLog
Starting test: VerifyReferences
Some objects relating to the DC UBUNTU-DC have problems:
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS
Settings,CN=UBUNTU-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Gal-Shvav,DC=local
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=UBUNTU-DC,OU=Domain Controllers,DC=Gal-Shvav,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... UBUNTU-DC failed test VerifyReferences
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Gal-Shvav
Starting test: CheckSDRefDom
......................... Gal-Shvav passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Gal-Shvav passed test CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running enterprise tests on : Gal-Shvav.local
Starting test: LocatorCheck
Error: The server returned by DsGetDcName() did not match
DsListRoles() for the PDC
......................... Gal-Shvav.local passed test LocatorCheck
Starting test: Intersite
......................... Gal-Shvav.local passed test Intersite
--
Alexei Rozenvaser
On Sun, 10 Jun 2018 15:01:12 +0300 Alexei Rozenvaser via samba <samba at lists.samba.org> wrote:> Hello > > Please advise some ways to verify that my newly created samba DC > (holding no FSMO roles) is functioning properly from standpoint of > Windows Server DC and Windows clients. > So far I tried to run "dcdiag" command. > Can you please look at following command output and tell me is > everything OK there? > Is there other ways to check if DC works well? > --------------------------------------------------------------------------------- > dcdiag /s:ubuntu-dc > Directory Server Diagnosis > >> Doing primary tests> Starting test: SysVolCheck > > The SysVol is not ready. This can cause the DC to not > advertise > > itself as a DC for netlogon after dcpromo. Also trouble > with FRS > > SysVol replication can cause Group Policy problems. Check > the FRS > > event log on this DC. > ......................... UBUNTU-DC failed test SysVolCheckThis can be expected, Sysvol on a Samba DC doesn't replicate yet, see the wiki.> Starting test: ObjectsReplicated > > Failed to read object metadata on UBUNTU-DC, error > > The request is not supported. > > Failed to read object metadata on UBUNTU-DC, error > > The request is not supported. > > ......................... UBUNTU-DC passed test > ObjectsReplicatedI wouldn't worry about the above, the test passed even though it couldn't read an attribute.> > Starting test: Replications > > REPLICATION-RECEIVED LATENCY WARNING > > UBUNTU-DC: Current time is 2018-06-10 14:47:51. > > CN=Schema,CN=Configuration,DC=Gal-Shvav,DC=local > Last replication received from GSAD at > 1601-01-01 02:21:57 > WARNING: This latency is over the Tombstone Lifetime > of 180 days! > > ......................... UBUNTU-DC passed test ReplicationsThis is very strange, the last replication seemed to have happened at the Windows epoch, but it still past. Try creating a user on the windows DC and see if gets replicated to the Samba DC.> > Starting test: Services > > Could not open EventSystem Service on UBUNTU-DC, error 0x8 > > "Not enough storage is available to process this command." > > Could not open RpcSs Service on UBUNTU-DC, error 0x8 > > "Not enough storage is available to process this command." > .......... > ......................... UBUNTU-DC failed test ServicesThese failures are probably down to trying to run windows services on a Unix DC where the do not exist.> Starting test: VerifyReferences > > Some objects relating to the DC UBUNTU-DC have problems: > [1] Problem: Missing Expected Value > > Base Object: > > CN=NTDS > Settings,CN=UBUNTU-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Gal-Shvav,DC=local > > Base Object Description: "DSA Object" > > Value Object Attribute Name: serverReferenceBL > > Value Object Description: "SYSVOL FRS Member Object" > > Recommended Action: See Knowledge Base Article: Q312862 > > > [1] Problem: Missing Expected Value > > Base Object: > > CN=UBUNTU-DC,OU=Domain Controllers,DC=Gal-Shvav,DC=local > > Base Object Description: "DC Account Object" > > Value Object Attribute Name: frsComputerReferenceBL > > Value Object Description: "SYSVOL FRS Member Object" > > Recommended Action: See Knowledge Base Article: Q312862 > > > ......................... UBUNTU-DC failed test > VerifyReferencesAgain, I wouldn't worry about the above, they seem to to do with sysvol replication, that a Samba DC doesn't do. Samba has its own tools: samba-tool dbcheck samba-tool ldapcmp samba-tool drs showrepl Rowland
Alexei Rozenvaser
2018-Jun-10 14:20 UTC
[Samba] Samba DC: How to verify proper functioning
On Sun, Jun 10, 2018 at 3:46 PM Rowland Penny via samba <samba at lists.samba.org> wrote:> > > Starting test: Replications > > > > REPLICATION-RECEIVED LATENCY WARNING > > > > UBUNTU-DC: Current time is 2018-06-10 14:47:51. > > > > CN=Schema,CN=Configuration,DC=Gal-Shvav,DC=local > > Last replication received from GSAD at > > 1601-01-01 02:21:57 > > WARNING: This latency is over the Tombstone Lifetime > > of 180 days! > > > > ......................... UBUNTU-DC passed test Replications > > This is very strange, the last replication seemed to have happened at > the Windows epoch, but it still past. Try creating a user on the > windows DC and see if gets replicated to the Samba DC. >How can I see that new user gets replicated to the Samba DC? With samba-tool user list? -- Alexei Rozenvaser