Noël Köthe
2018-Oct-18 07:07 UTC
[Samba] AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH)
Hello,
we are running a 2008 R2 AD (schema 47) with two DCs:
* dc-win (Windows 2008 R2)
* dc-samba (samba 4.5.12, Debian stable)
Since some weeks replication works only from dc-win to dc-samba but not
in the other direction.:(
root at dc-samba:~# samba-tool drs replicate dc-samba dc-win dc=credativ,dc=de
Replicate from dc-win to dc-samba was successful.
root at dc-samba:~# samba-tool drs replicate dc-win dc-samba dc=credativ,dc=de
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed - drsException: DsReplicaSync failed (8418,
'WERR_DS_DRA_SCHEMA_MISMATCH')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
368, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83,
in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
I found the same problem in the mailinglist but I could find a solving
hint:
https://lists.samba.org/archive/samba-technical/2016-February/112019.html
showrepl says everything is OK:
# samba-tool drs showrepl
Default-First-Site-Name\DC-SAMBA
DSA Options: 0x00000001
DSA object GUID: 3715fa00-bdca-4782-a953-6d4b1fb08275
DSA invocationId: a2907a5d-6e53-42ce-a6e4-402b4e161313
==== INBOUND NEIGHBORS ===
CN=Configuration,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Thu Oct 18 08:02:22 2018 CEST was successful
0 consecutive failure(s).
Last success @ Thu Oct 18 08:02:22 2018 CEST
DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Thu Oct 18 08:05:46 2018 CEST was successful
0 consecutive failure(s).
Last success @ Thu Oct 18 08:05:46 2018 CEST
CN=Schema,CN=Configuration,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Thu Oct 18 08:02:22 2018 CEST was successful
0 consecutive failure(s).
Last success @ Thu Oct 18 08:02:22 2018 CEST
DC=DomainDnsZones,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Thu Oct 18 08:05:49 2018 CEST was successful
0 consecutive failure(s).
Last success @ Thu Oct 18 08:05:49 2018 CEST
DC=ForestDnsZones,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Thu Oct 18 08:02:22 2018 CEST was successful
0 consecutive failure(s).
Last success @ Thu Oct 18 08:02:22 2018 CEST
==== OUTBOUND NEIGHBORS ===
CN=Configuration,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Thu Oct 18 07:57:26 2018 CEST was successful
0 consecutive failure(s).
Last success @ Thu Oct 18 07:57:26 2018 CEST
DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Thu Oct 18 07:59:31 2018 CEST was successful
0 consecutive failure(s).
Last success @ Thu Oct 18 07:59:31 2018 CEST
CN=Schema,CN=Configuration,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Thu Oct 18 06:07:12 2018 CEST was successful
0 consecutive failure(s).
Last success @ Thu Oct 18 06:07:12 2018 CEST
DC=DomainDnsZones,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Thu Oct 18 08:05:37 2018 CEST was successful
0 consecutive failure(s).
Last success @ Thu Oct 18 08:05:37 2018 CEST
DC=ForestDnsZones,DC=credativ,DC=de
Default-First-Site-Name\DC-WIN via RPC
DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5
Last attempt @ Thu Oct 18 06:07:12 2018 CEST was successful
0 consecutive failure(s).
Last success @ Thu Oct 18 06:07:12 2018 CEST
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: f34fb31f-32e9-42a4-af24-d305268446a5
Enabled : TRUE
Server DNS name : dc-win.credativ.de
Server DN name : CN=NTDS
Settings,CN=DC-WIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=credativ,DC=de
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Any hint how to solve this?
Thanks alot for your work.
--
Regards
Noël Köthe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.samba.org/pipermail/samba/attachments/20181018/4ca930ee/signature.sig>
Andrew Bartlett
2018-Oct-18 07:42 UTC
[Samba] AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH)
On Thu, 2018-10-18 at 09:07 +0200, Noël Köthe via samba wrote:> Hello, > > we are running a 2008 R2 AD (schema 47) with two DCs: > * dc-win (Windows 2008 R2) > * dc-samba (samba 4.5.12, Debian stable) > > Since some weeks replication works only from dc-win to dc-samba but not > in the other direction.:(I've seen this before.> Any hint how to solve this? > > Thanks alot for your work.Start with a current Samba. Schema replication, while not perfect, is improved. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Matthias Gassner
2018-Oct-18 09:15 UTC
[Samba] AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH)
On 2018-10-18 09:42, Andrew Bartlett via samba wrote:> On Thu, 2018-10-18 at 09:07 +0200, Noël Köthe via samba wrote: >> Hello, >> >> we are running a 2008 R2 AD (schema 47) with two DCs: >> * dc-win (Windows 2008 R2) >> * dc-samba (samba 4.5.12, Debian stable) >> >> Since some weeks replication works only from dc-win to dc-samba but not >> in the other direction.:( > I've seen this before. > >> Any hint how to solve this? >> >> Thanks alot for your work. > Start with a current Samba. Schema replication, while not perfect, is > improved. > > Andrew Bartlett >hi i had this problem to, in my case the the characters in the LDAP paths was not in capital. like: linux: dnwindows: DN there is no fix as i know, the solution would be remove the linux DC(s) and rejoin them to the Windows DC. Matthias
Noël Köthe
2018-Dec-10 12:42 UTC
[Samba] AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH) #11388
Hello Andrew, Am Donnerstag, den 18.10.2018, 20:42 +1300 schrieb Andrew Bartlett:> > we are running a 2008 R2 AD (schema 47) with two DCs: > > * dc-win (Windows 2008 R2) > > * dc-samba (samba 4.5.12, Debian stable) > > > > Since some weeks replication works only from dc-win to dc-samba but not > > in the other direction.:( > > I've seen this before.I found it in bugzilla: :-) https://bugzilla.samba.org/show_bug.cgi?id=11388> > Any hint how to solve this? > > > > Thanks alot for your work. > > Start with a current Samba. Schema replication, while not perfect, is > improved.I updated the system dc-samba yesterday to samba 4.9.2 (I'm aware of 4.9.3 for security but Debian package will come later) but the replication error is still the same: # samba-tool -V 4.9.2-Debian # samba-tool drs showrepl Default-First-Site-Name\DC-SAMBA DSA Options: 0x00000001 DSA object GUID: 3715fa00-bdca-4782-a953-6d4b1fb08275 DSA invocationId: a2907a5d-6e53-42ce-a6e4-402b4e161313 ==== INBOUND NEIGHBORS === CN=Configuration,DC=credativ,DC=de Default-First-Site-Name\DC-WIN via RPC DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5 Last attempt @ Mon Dec 10 13:31:07 2018 CET was successful 0 consecutive failure(s). Last success @ Mon Dec 10 13:31:07 2018 CET DC=credativ,DC=de Default-First-Site-Name\DC-WIN via RPC DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5 Last attempt @ Mon Dec 10 13:33:11 2018 CET was successful 0 consecutive failure(s). Last success @ Mon Dec 10 13:33:11 2018 CET CN=Schema,CN=Configuration,DC=credativ,DC=de Default-First-Site-Name\DC-WIN via RPC DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5 Last attempt @ Mon Dec 10 13:31:07 2018 CET was successful 0 consecutive failure(s). Last success @ Mon Dec 10 13:31:07 2018 CET DC=DomainDnsZones,DC=credativ,DC=de Default-First-Site-Name\DC-WIN via RPC DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5 Last attempt @ Mon Dec 10 13:31:07 2018 CET was successful 0 consecutive failure(s). Last success @ Mon Dec 10 13:31:07 2018 CET DC=ForestDnsZones,DC=credativ,DC=de Default-First-Site-Name\DC-WIN via RPC DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5 Last attempt @ Mon Dec 10 13:31:07 2018 CET was successful 0 consecutive failure(s). Last success @ Mon Dec 10 13:31:07 2018 CET ==== OUTBOUND NEIGHBORS === CN=Configuration,DC=credativ,DC=de Default-First-Site-Name\DC-WIN via RPC DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5 Last attempt @ Mon Dec 10 12:24:01 2018 CET was successful 0 consecutive failure(s). Last success @ Mon Dec 10 12:24:01 2018 CET DC=credativ,DC=de Default-First-Site-Name\DC-WIN via RPC DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5 Last attempt @ Mon Dec 10 12:53:44 2018 CET was successful 0 consecutive failure(s). Last success @ Mon Dec 10 12:53:44 2018 CET CN=Schema,CN=Configuration,DC=credativ,DC=de Default-First-Site-Name\DC-WIN via RPC DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5 Last attempt @ Sun Dec 2 14:00:33 2018 CET was successful 0 consecutive failure(s). Last success @ Sun Dec 2 14:00:33 2018 CET DC=DomainDnsZones,DC=credativ,DC=de Default-First-Site-Name\DC-WIN via RPC DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5 Last attempt @ Mon Dec 10 13:28:32 2018 CET was successful 0 consecutive failure(s). Last success @ Mon Dec 10 13:28:32 2018 CET DC=ForestDnsZones,DC=credativ,DC=de Default-First-Site-Name\DC-WIN via RPC DSA object GUID: 65b05486-16e3-4b5b-9483-f568e6cdeef5 Last attempt @ Sun Dec 2 14:00:33 2018 CET was successful 0 consecutive failure(s). Last success @ Sun Dec 2 14:00:33 2018 CET ==== KCC CONNECTION OBJECTS === Connection -- Connection name: f34fb31f-32e9-42a4-af24-d305268446a5 Enabled : TRUE Server DNS name : dc-win.credativ.de Server DN name : CN=NTDS Settings,CN=DC-WIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=credativ,DC=de TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! # samba-tool drs replicate dc-samba dc-win dc=credativ,dc=de Replicate from dc-win to dc-samba was successful. # samba-tool drs replicate dc-win dc-samba dc=credativ,dc=de ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH') File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 568, in run drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options) File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 88, in sendDsReplicaSync raise drsException("DsReplicaSync failed %s" % estr) I will add the information to the #11388 and next step is to add an additional windows DC to find if this can replicate. Regards Noël -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20181210/b5f7ddef/signature.sig>
Maybe Matching Threads
- AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH)
- AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH)
- AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH)
- AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH)
- AD error 8418: The replication operation failed because of a schema mismatch between the servers involved (WERR_DS_DRA_SCHEMA_MISMATCH) #11388