On 02/10/2019 13:52, L.P.H. van Belle via samba wrote:> samba-tool dbcheck --cross-ncs --fix > Yes, should be possible, but i normaly do that after i do the following. > > search for : > CN=58eba604-07e5-4c5d-a104-9e6f4907248f > And > CN=16b8c008-6c59-4b65-9f1b-530751904a75 > > In _msdc.dom.tld. > Verify which GUID is removed, you can see that, then remove the old server GUID. > > Run : > dig CNAME 58eba604-07e5-4c5d-a104-9e6f4907248f._msdcs.ad.fvg.lnf.it > dig CNAME 16b8c008-6c59-4b65-9f1b-530751904a75._msdcs.ad.fvg.lnf.it > > To see the name of the server, then you know which one to pick for sure.Yes, but why wasn't it removed in the first place ? Which method was used to demote the DC, standard demote or with --demote-other-dead-dc ? Rowland
Mandi! Rowland penny via samba In chel di` si favelave...> > samba-tool dbcheck --cross-ncs --fix > > Yes, should be possible, but i normaly do that after i do the following.> Yes, but why wasn't it removed in the first place ?[...]> > Run : > > dig CNAME 58eba604-07e5-4c5d-a104-9e6f4907248f._msdcs.ad.fvg.lnf.it > > dig CNAME 16b8c008-6c59-4b65-9f1b-530751904a75._msdcs.ad.fvg.lnf.itEffectively these CNAME return nothing. can i safely run 'samba-tool dbcheck --cross-ncs --fix'?> Which method was used to demote the DC, standard demote or with > --demote-other-dead-dc ?Standard. I've followed the wiki page, eg: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On 02/10/2019 14:42, Marco Gaiarin via samba wrote:> Mandi! Rowland penny via samba > In chel di` si favelave... > >>> samba-tool dbcheck --cross-ncs --fix >>> Yes, should be possible, but i normaly do that after i do the following. >> Yes, but why wasn't it removed in the first place ? > [...] >>> Run : >>> dig CNAME 58eba604-07e5-4c5d-a104-9e6f4907248f._msdcs.ad.fvg.lnf.it >>> dig CNAME 16b8c008-6c59-4b65-9f1b-530751904a75._msdcs.ad.fvg.lnf.it > Effectively these CNAME return nothing. > > can i safely run 'samba-tool dbcheck --cross-ncs --fix'?I do not see any reason why not.> > >> Which method was used to demote the DC, standard demote or with >> --demote-other-dead-dc ? > Standard. I've followed the wiki page, eg: > > https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DCYes, but both methods are described on that page: Demoting an Online Domain Controller Demoting an Offline Domain Controller So, which one did you use ? Rowland
Yes.> 'logs' mean 'samba logs', or loosely you are speaking about 'samba > logs and consistency tools' like 'samba-tool dbcheck' and your script > samba-check-db-repl.sh?No, logs mean, everything in /var/log/ So step 1 is, a pain in the beginning, but yes, all logs in /var/log or logs in other places. This is besides the normal samba checks like : samba-tool dbcheck or syncrepl check 1- system checks 2- samba check.> > Run : > > dig CNAME 58eba604-07e5-4c5d-a104-9e6f4907248f._msdcs.ad.fvg.lnf.it > > dig CNAME 16b8c008-6c59-4b65-9f1b-530751904a75._msdcs.ad.fvg.lnf.it>Effectively these CNAME return nothing.Ah, now i see.. Other sub domain. (fvg.lnf.it) and your in (sv.lnf.it)> > can i safely run 'samba-tool dbcheck --cross-ncs --fix'?Yes. So far, Louis
On 02/10/2019 15:04, L.P.H. van Belle via samba wrote:> Yes. > >> 'logs' mean 'samba logs', or loosely you are speaking about 'samba >> logs and consistency tools' like 'samba-tool dbcheck' and your script >> samba-check-db-repl.sh? > No, logs mean, everything in /var/log/ > So step 1 is, a pain in the beginning, but yes, all logs in /var/log or logs in other places. > > This is besides the normal samba checks like : > samba-tool dbcheck or syncrepl check > > 1- system checks > 2- samba check. > > >>> Run : >>> dig CNAME 58eba604-07e5-4c5d-a104-9e6f4907248f._msdcs.ad.fvg.lnf.it >>> dig CNAME 16b8c008-6c59-4b65-9f1b-530751904a75._msdcs.ad.fvg.lnf.it >> Effectively these CNAME return nothing. > Ah, now i see.. Other sub domain. (fvg.lnf.it) and your in (sv.lnf.it)More than I can see, where did 'sv.lnf.it' come from ? Rowland
sv.lnf.it' come from ?>From his email adres, so this is a running subdomain ;-)And these where removed : 6b8c008-6c59-4b65-9f1b-530751904a75._msdcs.ad.fvg.lnf.it So .. I noticed : fvg.lnf.it ( old remote location And sv.lnf.it ( marco's location) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: woensdag 2 oktober 2019 16:14 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Removed a DC but... > > On 02/10/2019 15:04, L.P.H. van Belle via samba wrote: > > Yes. > > > >> 'logs' mean 'samba logs', or loosely you are speaking about 'samba > >> logs and consistency tools' like 'samba-tool dbcheck' and > your script > >> samba-check-db-repl.sh? > > No, logs mean, everything in /var/log/ > > So step 1 is, a pain in the beginning, but yes, all logs in > /var/log or logs in other places. > > > > This is besides the normal samba checks like : > > samba-tool dbcheck or syncrepl check > > > > 1- system checks > > 2- samba check. > > > > > >>> Run : > >>> dig CNAME > 58eba604-07e5-4c5d-a104-9e6f4907248f._msdcs.ad.fvg.lnf.it > >>> dig CNAME > 16b8c008-6c59-4b65-9f1b-530751904a75._msdcs.ad.fvg.lnf.it > >> Effectively these CNAME return nothing. > > Ah, now i see.. Other sub domain. (fvg.lnf.it) and your in > (sv.lnf.it) > More than I can see, where did 'sv.lnf.it' come from ? > > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >