samba - Sep 2021 - Replication between DCs seems broken after deleting a domain member

On 07/06/2021 15:44, Arne Zachlod via samba wrote:
>
>
> On 6/7/21 4:21 PM, Rowland penny via samba wrote:
>> On 07/06/2021 14:29, Arne Zachlod via samba wrote:
>>
>> How did you delete the computer ?
>
> I deleted it with RSAT, and then removed the A record by hand, also in 
> RSAT.

Yes, but how did you delete it, did you just remove the computers record ?

If you did, then I would suggest you don't do it that way again, you 
should 'leave' the domain from the computer.
>> I did this, thanks. It stopped the error messages in addc12 and 
>> addc13, but the thing in addc08 is still appearing, do you have any 
>> idea for this one?:
>
> [2021/06/07 16:43:03.145146,? 0] 
> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> ?ldb: No objectClass found in replPropertyMetaData for 
> CN=hydra,CN=Computers,DC=int,DC=company,DC=de!
>
> [2021/06/07 16:43:03.145554,? 0] 
>
../../source4/dsdb/repl/drepl_out_helpers.c:1184(dreplsrv_op_pull_source_apply_changes_trigger)
> ?Failed to commit objects: 
> WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>
Use samba-tool to replicate from a good DC to addc08

Rowland

On 6/7/21 4:50 PM, Rowland penny via samba wrote:
> Yes, but how did you delete it, did you just remove the computers record ?
yes, if I remember correctly, thats exactly what I did. I think there 
was some error when trying the leave command, but of course I didn't 
save any output.
> If you did, then I would suggest you don't do it that way again, you 
> should 'leave' the domain from the computer.
will do.
> Use samba-tool to replicate from a good DC to addc08
well, I tried it as suggested here:

https://wiki.samba.org/index.php/Manually_Replicating_Directory_Partitions

but the error persists, so I tried replicating Computers as well, but it 
didn't work:

root at addc08:~# samba-tool drs replicate addc08 addc16 
CN=Computers,DC=int,DC=company,DC=de --full-sync
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (8440, 'WERR_DS_DRA_BAD_NC')
   File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line
577,
in run
     drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, 
source_dsa_guid, NC, req_options)
   File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92,
in
sendDsReplicaSync
     raise drsException("DsReplicaSync failed %s" % estr)

do you have any more ideas? Not sure if it's important, but addc08 is 
also the FSMO master.

thanks for your help, it's very much appreciated

Arne

Hi, sorry for digging this thread up, but I still have a problem with 
this. ADDC08 is still not replicating correctly from addc13, and there 
seems to be no course of action that helps with the manual replication. 
does anyone have an idea on how to fix this?

On 6/7/21 5:21 PM, Arne Zachlod via samba wrote:
> On 6/7/21 4:50 PM, Rowland penny via samba wrote:
>> Yes, but how did you delete it, did you just remove the computers 
>> record ?
> 
> yes, if I remember correctly, thats exactly what I did. I think there 
> was some error when trying the leave command, but of course I didn't 
> save any output.
> 
>> If you did, then I would suggest you don't do it that way again,
you
>> should 'leave' the domain from the computer.
> 
> will do.
> 
>> Use samba-tool to replicate from a good DC to addc08
> 
> well, I tried it as suggested here:
> 
> https://wiki.samba.org/index.php/Manually_Replicating_Directory_Partitions
> 
> but the error persists, so I tried replicating Computers as well, but it 
> didn't work:
> 
> root at addc08:~# samba-tool drs replicate addc08 addc16 
> CN=Computers,DC=int,DC=company,DC=de --full-sync
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
> drsException: DsReplicaSync failed (8440, 'WERR_DS_DRA_BAD_NC')
>  ? File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py",
line 577,
> in run
>  ??? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, 
> source_dsa_guid, NC, req_options)
>  ? File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line
92, in
> sendDsReplicaSync
>  ??? raise drsException("DsReplicaSync failed %s" % estr)
> 
> do you have any more ideas? Not sure if it's important, but addc08 is 
> also the FSMO master.
> 
> thanks for your help, it's very much appreciated
> 
> Arne
>