Marcio Merlone
2020-Jun-19 13:53 UTC
[Samba] WERR_DS_DRA_SCHEMA_MISMATCH against a W2008R2 DC
Hi,
I have two Samba 4.12.3 DCs (eucalipto and aroeira) on a Debian Buster
and a Windows 2008R2 DC (antares). Replication got broken:
root at eucalipto:~# samba-tool drs replicate antares eucalipto
DC=ad,DC=a1,DC=ind,DC=br
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH')
? File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line
577,
in run
??? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
? File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92,
in
sendDsReplicaSync
??? raise drsException("DsReplicaSync failed %s" % estr)
root at eucalipto:~#
root at eucalipto:~# samba-tool ldapcmp ldap://eucalipto ldap://antares
configuration
* Comparing [CONFIGURATION] context...
* Objects to be compared: 1695
Comparing:
'CN=AROEIRA,CN=SERVERS,CN=ABL-CURITIBA-IGUACU,CN=SITES,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR'
[ldap://eucalipto]
'CN=AROEIRA,CN=SERVERS,CN=ABL-CURITIBA-IGUACU,CN=SITES,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR'
[ldap://antares]
??? Difference in attribute values:
??????? serverReference =>
[b'CN=AROEIRA,OU=Domain Controllers,DC=ad,DC=a1,DC=ind,DC=br']
[b'CN=AROEIRA\\0ACNF:0a341e37-f3e4-486d-9d96-ced9adbcb2ee,OU=Domain
Controllers,DC=ad,DC=a1,DC=ind,DC=br']
??? FAILED
Comparing:
'CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' [ldap://eucalipto]
'CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' [ldap://antares]
??? Difference in attribute values:
??????? instanceType =>
[b'13']
[b'5']
??? FAILED
Comparing:
'CN=THIS ORGANIZATION,CN=WELLKNOWN SECURITY
PRINCIPALS,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' [ldap://eucalipto]
'CN=THIS ORGANIZATION,CN=WELLKNOWN SECURITY
PRINCIPALS,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' [ldap://antares]
??? Attributes found only in ldap://antares:??????? INSTANCETYPE
??????? WHENCREATED
??? FAILED
* Result for [CONFIGURATION]: FAILURE
SUMMARY
---------
Attributes with different values:
??? instanceType
??? serverReference
Attributes found only in ldap://antares:
??? INSTANCETYPE
??? WHENCREATED
ERROR: Compare failed: -1
root at eucalipto:~#
Any hint on how to fix? Demote and rejoin windows?
--
*Marcio Merlone*
Rowland penny
2020-Jun-19 14:16 UTC
[Samba] WERR_DS_DRA_SCHEMA_MISMATCH against a W2008R2 DC
On 19/06/2020 14:53, Marcio Merlone via samba wrote:> Hi, > > I have two Samba 4.12.3 DCs (eucalipto and aroeira) on a Debian Buster > and a Windows 2008R2 DC (antares). Replication got broken: > > root at eucalipto:~# samba-tool drs replicate antares eucalipto > DC=ad,DC=a1,DC=ind,DC=br > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH') > ? File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 577, > in run > ??? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > source_dsa_guid, NC, req_options) > ? File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92, > in sendDsReplicaSync > ??? raise drsException("DsReplicaSync failed %s" % estr) > root at eucalipto:~# > > root at eucalipto:~# samba-tool ldapcmp ldap://eucalipto ldap://antares > configuration > > * Comparing [CONFIGURATION] context... > > * Objects to be compared: 1695 > > Comparing: > 'CN=AROEIRA,CN=SERVERS,CN=ABL-CURITIBA-IGUACU,CN=SITES,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' > [ldap://eucalipto] > 'CN=AROEIRA,CN=SERVERS,CN=ABL-CURITIBA-IGUACU,CN=SITES,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' > [ldap://antares] > ??? Difference in attribute values: > ??????? serverReference => > [b'CN=AROEIRA,OU=Domain Controllers,DC=ad,DC=a1,DC=ind,DC=br'] > [b'CN=AROEIRA\\0ACNF:0a341e37-f3e4-486d-9d96-ced9adbcb2ee,OU=Domain > Controllers,DC=ad,DC=a1,DC=ind,DC=br']The '\\OACNF' means this is a collision, two things tried to create the record at the same time, so it might be an idea to demote the DC, then ensure that AD is okay and rejoin the DC. Rowland