Cordialement,
Doe Corp
<https://www.openevents.fr/>
<https://www.facebook.com/OPENevents-172305449504004/>
<https://twitter.com/SocOPENevents>
<https://www.linkedin.com/company/openevents/>
Julien Téhéry
Ingénieur Systèmes & Réseaux | OPENevents
15 avenue de l'Europe
86170 Neuville de Poitou
phone : +33 5 49 62 26 03 <tel:+33549622603>
mail : julien.tehery at openevents.fr <mailto:julien.tehery at
openevents.fr>
hotline : ticket at openevents.fr <mailto:ticket at openevents.fr> | +33 5
49
62 26 07 <tel:+33549622607>
commercial : commercial at openevents.fr <mailto:commercial at
openevents.fr>
Le 21/11/2018 à 16:45, Julien TEHERY via samba a écrit :> Le 19/11/2018 à 15:00, Julien TEHERY via samba a écrit :
>> Le 19/11/2018 à 12:33, Julien TEHERY via samba a écrit :
>>> Le 19/11/2018 à 11:14, Marco Gaiarin via samba a écrit :
>>>> Mandi! Julien TEHERY via samba
>>>> In chel di` si favelave...
>>>>
>>>>> Is there a good pratice when adding new remote DCs in terms
of
>>>>> replication
>>>>> topology?
>>>> I think you have to define a topology of the domain, using
ADSS:
>>>>
>>>>
https://blogs.technet.microsoft.com/canitpro/2015/03/03/step-by-step-setting-up-active-directory-sites-subnets-site-links/
>>>>
>>>>
>>>> defining links and weight.
>>>>
>>> Right, I allready had this kind of setup.
>>> I created 3 remote sites and subnets assigned to those sites.
>>> Remote DC's have been joined with the " --site"
option.
>>>
>>> I even tried to setup Site Links, but it doesn't help.
>>>
>>> Here is my topology
>>>
>>> Main Site:
>>> DC1
>>> DC2 => well replicated from DC1
>>> DC3 => well replicated from DC1
>>>
>>> Remote_Site_1
>>> DC4 => tries to replicate from DC2, but fails with
>>> WERR_FILE_NOT_FOUND error
>>> (even manually with samba-tool drs replicate DC4 DC1
>>> DC=mydomain,DC=lan)
>>>
>>> Remote_Site_2
>>> DC5 => well replicated from DC1
>>>
>>> Remote_Site_3
>>> DC6 => well replicated from DC1, but sometimes fails trying to
>>> replicate from DC3...
>>>
>>>
>>>
>>> I tried demoted DC4 several times and rejoined it, whithout
success.
>>> Each time it fails with ths machine (i checked network and dns
>>> settings, nothing's wrong)
>>>
>>>
>>> So from what i see "drs showrepl" shows me that sometimes
a remote
>>> DC tries to DC1, sometimes not, and i would like to control it.
>>>
>>>
>>>
>> Even tried in ADUC to remove re create NTDS settings or remove
>> automatically generated ones, whithout success.
>> I don't know what's going wrong with DC4, but it's the only
DC i
>> cannot sync manually from DC1.
>> I purged every single drop of samba on it an re installed it from
>> scratch, and and it still does the same for it (even with
>> --remove-other-dead-server demotion and dbcheck on DC1).
>> I guess I'm gonna try to install another machine as I don't
know what
>> to do here
>
> Another thing i noticed about replication:
> Actually, If I change a user password from DC1 with "samba-tool user
> myuser", password is successfully changed and replicated to the other
> DCs. (local and remote sites)
> But if i change it from DC5 or DC6, password is not replicated
> although "drs showrepl" seems fine on DC5 (but no outbound
neiighbors)
>
> Here is the output of it:
>
> [root at dc5 ~]# samba-tool drs showrepl
> REMOTESITE2\DC5
> DSA Options: 0x00000001
> DSA object GUID: 988d3cea-bcb8-4e71-be1f-faddb0408d62
> DSA invocationId: 2a23d6a7-d797-4348-b948-3fdc7069f50d
>
> ==== INBOUND NEIGHBORS ===>
> DC=DomainDnsZones,DC=mydomain,DC=lan
> MAINSITE\DC1 via RPC
> DSA object GUID: d000aecf-6767-45b0-b69b-7ce4a4716507
> Last attempt @ Wed Nov 21 16:34:15 2018 CET was
> successful
> 0 consecutive failure(s).
> Last success @ Wed Nov 21 16:34:15 2018 CET
>
> CN=Configuration,DC=mydomain,DC=lan
> MAINSITE\DC1 via RPC
> DSA object GUID: d000aecf-6767-45b0-b69b-7ce4a4716507
> Last attempt @ Wed Nov 21 16:34:15 2018 CET was
> successful
> 0 consecutive failure(s).
> Last success @ Wed Nov 21 16:34:15 2018 CET
>
> DC=ForestDnsZones,DC=mydomain,DC=lan
> MAINSITE\DC1 via RPC
> DSA object GUID: d000aecf-6767-45b0-b69b-7ce4a4716507
> Last attempt @ Wed Nov 21 16:34:15 2018 CET was
> successful
> 0 consecutive failure(s).
> Last success @ Wed Nov 21 16:34:15 2018 CET
>
> CN=Schema,CN=Configuration,DC=mydomain,DC=lan
> MAINSITE\DC1 via RPC
> DSA object GUID: d000aecf-6767-45b0-b69b-7ce4a4716507
> Last attempt @ Wed Nov 21 16:34:15 2018 CET was
> successful
> 0 consecutive failure(s).
> Last success @ Wed Nov 21 16:34:15 2018 CET
>
> DC=mydomain,DC=lan
> MAINSITE\DC1 via RPC
> DSA object GUID: d000aecf-6767-45b0-b69b-7ce4a4716507
> Last attempt @ Wed Nov 21 16:34:29 2018 CET was
> successful
> 0 consecutive failure(s).
> Last success @ Wed Nov 21 16:34:29 2018 CET
>
> ==== OUTBOUND NEIGHBORS ===>
> ==== KCC CONNECTION OBJECTS ===>
>
> Is it simply that outbound connection must be set up? If yes how to do
> it?
> I tried to make it work through ADUC console whitout success
Another thing, I see that only DC1 has OUTBOUND NEIGHBORS (all failed
with an WERR_FILE_NOT_FOUND error)
All the other DCs have only an INBOUND NEIGHBORS and no OUTBOUND NEIGHBORS