samba - Mar 2019 - replication fails

Am 13.03.19 um 18:50 schrieb Rowland Penny via samba:
> Try running 'samba-tool ldapcmp ldap://dc1 ldap://dc2'
thanks!

I get differences, too many to post here, but I assume mostly related to
the drift between the 2 dcs now?

(lastLogonTimestamp seems obvious to me)

What might solve the initial problem *maybe*

* Comparing [DNSFOREST] context...

* Objects to be compared: 19

Comparing:
'DC=@,DC=_msdcs.mytld.at,CN=MicrosoftDNS,DC=ForestDnsZones,DC=mytld,DC=at'
[ldap://dc]
'DC=@,DC=_msdcs.mytld.at,CN=MicrosoftDNS,DC=ForestDnsZones,DC=mytld,DC=at'
[ldap://pre01svdeb03]
    Difference in attribute values:
        dnsRecord =>
['\x14\x00\x02\x00\x05\xf0\x00\x00n\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x12\x03\x02dc\nmytld\x02at\x00',
'\x1e\x00\x02\x00\x05\xf0\x00\x00n\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x03\x0cpre01svdeb03\nmytld\x02at\x00',
'D\x00\x06\x00\x05\xf0\x00\x00\xdd\xa0\t\x00\x00\x00\x0e\x10\x00\x00\x00\x00\x9c\xef7\x00\x00\t\xa0\xdd\x00\x00\x03\x84\x00\x00\x02X\x00\x01Q\x80\x00\x00\x0e\x10\x12\x03\x02dc\nmytld\x02at\x00\x1a\x03\nhostmaster\nmytld\x02at\x00']
['\x14\x00\x02\x00\x05\xf0\x00\x00n\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x12\x03\x02dc\nmytld\x02at\x00',
'\x1e\x00\x02\x00\x05\xf0\x00\x00n\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x03\x0cpre01svdeb03\nmytld\x02at\x00',
'D\x00\x06\x00\x05\xf0\x00\x00!\x96\t\x00\x00\x00\x0e\x10\x00\x00\x00\x00l\xef7\x00\x00\t\x96!\x00\x00\x03\x84\x00\x00\x02X\x00\x01Q\x80\x00\x00\x0e\x10\x12\x03\x02dc\nmytld\x02at\x00\x1a\x03\nhostmaster\nmytld\x02at\x00']
    FAILED

As far as I interpret, the 2 DCs/DNSes have different records for
"dc.mytld.at", right?

Could correcting this lead to proper replication again?

Am 13.03.19 um 19:30 schrieb Stefan G. Weichinger via samba:
> As far as I interpret, the 2 DCs/DNSes have different records for
> "dc.mytld.at", right?
stupid. seems to be the SOA. I shut up for a while ..

On Wed, 13 Mar 2019 19:30:30 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org>
wrote:
> Am 13.03.19 um 18:50 schrieb Rowland Penny via samba:
> 
> > Try running 'samba-tool ldapcmp ldap://dc1 ldap://dc2'  
> 
> thanks!
> 
> I get differences, too many to post here, but I assume mostly related
> to the drift between the 2 dcs now?
> 
> (lastLogonTimestamp seems obvious to me)
First and foremost, there are attributes that are never replicated, you
can check these by searching the internet (I will give you a start, the
one above isn't replicated)
You may also see that there is a difference in case e.g. 'cn' &
'CN',
you can ignore these.
> 
> What might solve the initial problem *maybe*
> 
> * Comparing [DNSFOREST] context...
> 
> * Objects to be compared: 19
> 
> Comparing:
>
'DC=@,DC=_msdcs.mytld.at,CN=MicrosoftDNS,DC=ForestDnsZones,DC=mytld,DC=at'
> [ldap://dc]
>
'DC=@,DC=_msdcs.mytld.at,CN=MicrosoftDNS,DC=ForestDnsZones,DC=mytld,DC=at'
> [ldap://pre01svdeb03]
>     Difference in attribute values:
>         dnsRecord =>
>
['\x14\x00\x02\x00\x05\xf0\x00\x00n\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x12\x03\x02dc\nmytld\x02at\x00',
>
'\x1e\x00\x02\x00\x05\xf0\x00\x00n\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x03\x0cpre01svdeb03\nmytld\x02at\x00',
>
'D\x00\x06\x00\x05\xf0\x00\x00\xdd\xa0\t\x00\x00\x00\x0e\x10\x00\x00\x00\x00\x9c\xef7\x00\x00\t\xa0\xdd\x00\x00\x03\x84\x00\x00\x02X\x00\x01Q\x80\x00\x00\x0e\x10\x12\x03\x02dc\nmytld\x02at\x00\x1a\x03\nhostmaster\nmytld\x02at\x00']
>
['\x14\x00\x02\x00\x05\xf0\x00\x00n\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x12\x03\x02dc\nmytld\x02at\x00',
>
'\x1e\x00\x02\x00\x05\xf0\x00\x00n\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x03\x0cpre01svdeb03\nmytld\x02at\x00',
>
'D\x00\x06\x00\x05\xf0\x00\x00!\x96\t\x00\x00\x00\x0e\x10\x00\x00\x00\x00l\xef7\x00\x00\t\x96!\x00\x00\x03\x84\x00\x00\x02X\x00\x01Q\x80\x00\x00\x0e\x10\x12\x03\x02dc\nmytld\x02at\x00\x1a\x03\nhostmaster\nmytld\x02at\x00']
>     FAILED
> 
> As far as I interpret, the 2 DCs/DNSes have different records for
> "dc.mytld.at", right?
Yes, they are different.
> 
> Could correcting this lead to proper replication again?
Wouldn't hurt ;-)

Rowland

On Wed, 13 Mar 2019 19:45:42 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org>
wrote:
> Am 13.03.19 um 19:30 schrieb Stefan G. Weichinger via samba:
> 
> > As far as I interpret, the 2 DCs/DNSes have different records for
> > "dc.mytld.at", right?  
> 
> stupid. seems to be the SOA. I shut up for a while ..
> 
Yes the '@' record is a SOA record, but they should be the same ;-)

Rowland

Am 13.03.19 um 19:55 schrieb Rowland Penny via samba:
> Wouldn't hurt ;-)
corrected ... afai see

I don't get it.
Enough for now.

thanks anyway.