Elias Pereira
2019-Apr-16 18:58 UTC
[Samba] samba-tool domain schemaupgrade fails on DC member
Hello, I upgrade the schema for our main ADDC and everything works properly, but the member DC (DC to an Existing AD) fails. Both servers are in version 4.10.2 Distro: Debian 9.8 *Main ADDC:* [2019/04/16 15:43:03.814846, 0] ../../source4/rpc_server/drsuapi/getncchanges.c:2919(dcesrv_drsuapi_DsGetNCChanges) ../../source4/rpc_server/drsuapi/getncchanges.c:2919: DsGetNCChanges 2nd replication on different DN DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br (last_dn CN=ms-DS-cloudExtensionAttribute14,CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br) *Member DC:* [2019/04/16 15:42:55.703281, 0] ../../source4/dsdb/repl/replicated_objects.c:248(dsdb_repl_resolve_working_schema) Can't continue Schema load: didn't manage to convert any objects: all 1 remaining of 133 objects failed to convert [2019/04/16 15:42:55.703619, 0] ../../source4/dsdb/repl/replicated_objects.c:361(dsdb_repl_make_working_schema) ../../source4/dsdb/repl/replicated_objects.c:361: dsdb_repl_resolve_working_schema() failed: WERR_INTERNAL_ERRORFailed to create working schema: WERR_INTERNAL_ERROR Is there any way to fix this problem? dumb question: Can I roolback the schemaupgrade? :D -- Elias Pereira
Rowland Penny
2019-Apr-16 19:07 UTC
[Samba] samba-tool domain schemaupgrade fails on DC member
On Tue, 16 Apr 2019 15:58:54 -0300 Elias Pereira via samba <samba at lists.samba.org> wrote:> Hello, > > I upgrade the schema for our main ADDC and everything works properly, > but the member DC (DC to an Existing AD) fails. > > Both servers are in version 4.10.2 > Distro: Debian 9.8 > > *Main ADDC:* > > [2019/04/16 15:43:03.814846, 0] > ../../source4/rpc_server/drsuapi/getncchanges.c:2919(dcesrv_drsuapi_DsGetNCChanges) > ../../source4/rpc_server/drsuapi/getncchanges.c:2919: > DsGetNCChanges 2nd replication on different DN > DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > (last_dn > CN=ms-DS-cloudExtensionAttribute14,CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br) > > *Member DC:*What do you mean by 'Member DC' ? How did you create it ? Rowland
Elias Pereira
2019-Apr-16 19:44 UTC
[Samba] samba-tool domain schemaupgrade fails on DC member
> > What do you mean by 'Member DC' ? > How did you create it ?I did not find a better way to say. lol I configured through the link: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory What would I call it? And about the error, something to do?
Garming Sam
2019-Apr-17 00:28 UTC
[Samba] samba-tool domain schemaupgrade fails on DC member
Hi, This is a known issue: https://bugzilla.samba.org/show_bug.cgi?id=12204 https://bugzilla.samba.org/show_bug.cgi?id=13713 There are currently patches in master to fix this issue. We could probably backport a patch to 4.10, but you'd have to rebuild Samba. Alternatively, re-joining the domain controller (or joining a new DC and demoting the old one) probably works because I believe there is code to handle this case. There's not really any rollback of this code besides keeping a backup. Schema updates build on top of each other and once you're at a certain level you can't undo them, neither on Windows. Cheers, Garming On 17/04/19 6:58 AM, Elias Pereira via samba wrote:> Hello, > > I upgrade the schema for our main ADDC and everything works properly, but > the member DC (DC to an Existing AD) fails. > > Both servers are in version 4.10.2 > Distro: Debian 9.8 > > *Main ADDC:* > > [2019/04/16 15:43:03.814846, 0] > ../../source4/rpc_server/drsuapi/getncchanges.c:2919(dcesrv_drsuapi_DsGetNCChanges) > ../../source4/rpc_server/drsuapi/getncchanges.c:2919: DsGetNCChanges 2nd > replication on different DN DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > (last_dn > CN=ms-DS-cloudExtensionAttribute14,CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br) > > *Member DC:* > > [2019/04/16 15:42:55.703281, 0] > ../../source4/dsdb/repl/replicated_objects.c:248(dsdb_repl_resolve_working_schema) > Can't continue Schema load: didn't manage to convert any objects: all 1 > remaining of 133 objects failed to convert > [2019/04/16 15:42:55.703619, 0] > ../../source4/dsdb/repl/replicated_objects.c:361(dsdb_repl_make_working_schema) > ../../source4/dsdb/repl/replicated_objects.c:361: > dsdb_repl_resolve_working_schema() failed: WERR_INTERNAL_ERRORFailed to > create working schema: WERR_INTERNAL_ERROR > > Is there any way to fix this problem? > > dumb question: Can I roolback the schemaupgrade? :D >
Elias Pereira
2019-Apr-17 02:47 UTC
[Samba] samba-tool domain schemaupgrade fails on DC member
Thanks Rowland and Garming for your help!! How about "another DC", or 'a second DC' ? Ok. Got it! :D Alternatively, re-joining the domain controller (or joining a new DC and> demoting the old one) probably works because I believe there is code to > handle this case.I re-joined (remove secrets.tdb and .lbd, copy idmap from existing DC...) and now works properly! Raise the level for 2012_R2 already working? On Tue, Apr 16, 2019 at 9:28 PM Garming Sam <garming at catalyst.net.nz> wrote:> Hi, > > This is a known issue: > > https://bugzilla.samba.org/show_bug.cgi?id=12204 > https://bugzilla.samba.org/show_bug.cgi?id=13713 > > There are currently patches in master to fix this issue. We could > probably backport a patch to 4.10, but you'd have to rebuild Samba. > > Alternatively, re-joining the domain controller (or joining a new DC and > demoting the old one) probably works because I believe there is code to > handle this case. > > There's not really any rollback of this code besides keeping a backup. > Schema updates build on top of each other and once you're at a certain > level you can't undo them, neither on Windows. > > Cheers, > > Garming > > On 17/04/19 6:58 AM, Elias Pereira via samba wrote: > > Hello, > > > > I upgrade the schema for our main ADDC and everything works properly, but > > the member DC (DC to an Existing AD) fails. > > > > Both servers are in version 4.10.2 > > Distro: Debian 9.8 > > > > *Main ADDC:* > > > > [2019/04/16 15:43:03.814846, 0] > > > ../../source4/rpc_server/drsuapi/getncchanges.c:2919(dcesrv_drsuapi_DsGetNCChanges) > > ../../source4/rpc_server/drsuapi/getncchanges.c:2919: DsGetNCChanges > 2nd > > replication on different DN DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > (last_dn > > > CN=ms-DS-cloudExtensionAttribute14,CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br) > > > > *Member DC:* > > > > [2019/04/16 15:42:55.703281, 0] > > > ../../source4/dsdb/repl/replicated_objects.c:248(dsdb_repl_resolve_working_schema) > > Can't continue Schema load: didn't manage to convert any objects: all 1 > > remaining of 133 objects failed to convert > > [2019/04/16 15:42:55.703619, 0] > > > ../../source4/dsdb/repl/replicated_objects.c:361(dsdb_repl_make_working_schema) > > ../../source4/dsdb/repl/replicated_objects.c:361: > > dsdb_repl_resolve_working_schema() failed: WERR_INTERNAL_ERRORFailed to > > create working schema: WERR_INTERNAL_ERROR > > > > Is there any way to fix this problem? > > > > dumb question: Can I roolback the schemaupgrade? :D > > >-- Elias Pereira