----- On Mar 1, 2019, at 3:35 AM, samba samba at lists.samba.org
wrote:>
> I wonder if this has anything to do with the 'you cannot upgrade
> directly from 4.7.x to 4.9.x' bug ?
I was not aware of this bug. Do you think I should scrap this upgrade and try
again jumping like so? 4.0.6-12 -> 4.7 -> 4.8 -> 4.9
> I know this might seem strange, but try running ldbedit on your new DC.
"ldbedit -H ldap://dc3 -UAdministrator" seemed to run without issue
and let me modify an entry.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
After running the ldbedit command, I checked the state of the DCs.
"samba-tool dbcheck --cross-ncs" returned nothing on dc0; on dc3 it
returned:
Checking 6916 objects
NOTE: old (due to rename or delete) DN string component for fromServer in object
CN=6a8bca7c-3069-4ada-be59-100c970d59fd,CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=x-es,DC=com
- CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=x-es,DC=com
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for lastKnownParent in
object
CN=ee835988-3702-420f-a935-d12d8f977f47\0ADEL:adc1836d-adba-4785-8cd7-73065c3e6d53,CN=Deleted
Objects,CN=Configuration,DC=x-es,DC=com - CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=x-es,DC=com
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for lastKnownParent in
object
CN=ab5dcd50-9fd9-4db7-bc59-e4f9b55fcbd7\0ADEL:0f50abd8-b289-412e-9ae6-4299bbe06d66,CN=Deleted
Objects,CN=Configuration,DC=x-es,DC=com - CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=x-es,DC=com
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for lastKnownParent in
object
CN=9ea6a27c-ae95-4fac-a00f-33ea2c2a9dab\0ADEL:bff63288-ef7b-4b1a-8cad-74f4c88db301,CN=Deleted
Objects,CN=Configuration,DC=x-es,DC=com - CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=x-es,DC=com
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for lastKnownParent in
object
CN=5d421d22-2216-4475-beb2-8cc46a514cb9\0ADEL:323679f7-d893-451e-ab10-3d8e08e05843,CN=Deleted
Objects,CN=Configuration,DC=x-es,DC=com - CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=x-es,DC=com
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for lastKnownParent in
object
CN=2d38127c-7f95-42f7-aaf2-a42f86d54aab\0ADEL:27e13ab1-9930-4363-9d56-2704f275eed3,CN=Deleted
Objects,CN=Configuration,DC=x-es,DC=com - CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=x-es,DC=com
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for lastKnownParent in
object
CN=53c549bb-6964-4bbe-bd24-33f40c9ef5f3\0ADEL:1bc38396-2162-47d9-8780-29177548e208,CN=Deleted
Objects,CN=Configuration,DC=x-es,DC=com - CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=x-es,DC=com
Not fixing old string component
Checked 6916 objects (0 errors)
Running "samba-tool dbcheck --cross-ncs --fix" removed these notes
without issue and they did not show up on a subsequent run.
The "fromServer" object note is interesting as that was the attribute
(and CN) listed as a difference in the ldapcmp.
However, running "samba-tool ldapcmp dc0 dc3 configuration
--filter=msDS-NcType,serverState,subrefs" still errors on the fromServer
attribute.
Running "samba-tool drs kcc dc0" on dc3 still breaks with the DRS
connection failure.