Hello im not sure if the mail arrived. So here i go.
Good Morning,
luckily there is the delete empty lines option in np++.
The Network config you mentioned is the same exact i had when i contacted the
list actually.
I really felt that ?yeah, again..?.
Looking at the 192.168.50.1 (Site1 Gateway) as Default route for both, im
guessing you copied it?
Im actually not sure if the Default route is supposed or required anyways.
I?ve done the mentioned changes and a dbcheck doesnt throw any Errors. The
replication still doesnt seem to be working properly though.
DC01 Showrepl
Location1\dc01
DSA Options: 0x00000001
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
DSA invocationId: 4acdfe5f-21fc-44cb-92df-e2ce461b2594
==== INBOUND NEIGHBORS ===DC=DomainDnsZones,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ Wed May? 4 13:06:12 2022 CEST failed, result 64
(WERR_NETNAME_DELETED)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ Fri May? 6 15:49:39 2022 CEST failed, result 64
(WERR_NETNAME_DELETED)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:49:06 2022 CEST was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:49:06 2022 CEST
DC=ForestDnsZones,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=ForestDnsZones,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:47:46 2022 CEST was successful
??????????????? 0 consecutive failure(s).
??????? ????????Last success @ Mon May? 9 08:47:46 2022 CEST
CN=Schema,CN=Configuration,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ NTTIME(0) was successful
?? ?????????????0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:50:22 2022 CEST was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:50:22 2022 CEST
DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:51:21 2022 CEST was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:51:21 2022 CEST
==== OUTBOUND NEIGHBORS ======= KCC CONNECTION OBJECTS ===Connection --
??????? Connection name: 1c2e8f02-9175-4e72-aef0-e9c5f1644072
??????? Enabled??????? : TRUE
??????? Server DNS name : dc02.my.domain
??????? Server DN name? : CN=NTDS
Settings,CN=dc02,CN=Servers,CN=Location2,CN=Sites,CN=Configuration,DC=my,DC=domain
??????????????? TransportType: RPC
??????????????? options: 0x00000001
Warning: No NC replicated for Connection!
DC02 Showrepl
Location1\dc01
DSA Options: 0x00000001
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
DSA invocationId: 4acdfe5f-21fc-44cb-92df-e2ce461b2594
==== INBOUND NEIGHBORS ===DC=DomainDnsZones,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ Fri May? 6 15:16:35 2022 CEST failed, result 2
(WERR_FILE_NOT_FOUND)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ Fri May? 6 15:17:15 2022 CEST failed, result 2
(WERR_FILE_NOT_FOUND)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:45:26 2022 CEST failed, result 8453
(WERR_DS_DRA_ACCESS_DENIED)
??????????????? 2 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:45:26 2022 CEST
DC=ForestDnsZones,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ Fri May? 6 15:16:55 2022 CEST failed, result 2
(WERR_FILE_NOT_FOUND)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:45:54 2022 CEST failed, result 8453
(WERR_DS_DRA_ACCESS_DENIED)
?? ?????????????1 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:45:54 2022 CEST
DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May ?9 08:46:21 2022 CEST failed, result 8453
(WERR_DS_DRA_ACCESS_DENIED)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:46:21 2022 CEST
==== OUTBOUND NEIGHBORS ===DC=DomainDnsZones,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
?? ?????Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=ForestDnsZones,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ NTTIME(0) was successful
???????????? ???0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ NTTIME(0) was successful
???????????? ???0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ===Connection --
??????? Connection name: 1c2e8f02-9175-4e72-aef0-e9c5f1644072
??????? Enabled??????? : TRUE
??????? Server DNS name : dc02.my.domain
????? ??Server DN name? : CN=NTDS
Settings,CN=dc02,CN=Servers,CN=Location2,CN=Sites,CN=Configuration,DC=my,DC=domain
??????????????? TransportType: RPC
??????????????? options: 0x00000001
Warning: No NC replicated for Connection
drs replicate dc02 dc01 dc=my, DC=domain gives
sudo samba-tool drs replicate dc02 dc01 DC=my,DC=domain
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:dc02[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed - drsException: DsReplicaSync failed (8453,
'WERR_DS_DRA_ACCESS_DENIED')
? File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 577,
in run
??? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
? File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92,
in sendDsReplicaSync
??? raise drsException("DsReplicaSync failed %s" % estr)
Thanks in Advance
Greetings
Hello
Ldapcmd got me Closer.
resolve_lmhosts: Attempting lmhosts lookup for name dc01<0x20>
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Password for [my\administrator]:
resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
* Comparing [CONFIGURATION] context...
* DNs found only in ldap://dc01:
CN=dc02,CN=NTDS SETTINGS,CN=dc01,CN=SERVERS,CN=loc1,CN=SITES,CN=CONFI
* DNs found only in ldap://dc02:
CN=1C2E8F02-9175-4E72-AEF0-E9C5F1644072,CN=NTDS SETTINGS,CN=dc01,CN=SERVERS,
* Objects to be compared: 1629
Comparing:
'CN=NTDS SITE
SETTINGS,CN=loc2,CN=SITES,CN=CONFIGURATION,DC=my,DC=domain'
'CN=NTDS SITE
SETTINGS,CN=loc2,CN=SITES,CN=CONFIGURATION,DC=my,DC=domain'
Difference in attribute values:
interSiteTopologyGenerator =>
[b'CN=NTDS
Settings\\0ADEL:4bbda5e7-f07e-4748-9f01-3742c9839bda,CN=dc02\\0ADEL:0ntern']
[b'CN=NTDS Settings,CN=dc02,CN=Servers,CN=loc2,CN=Sites,CN=Configuration,
FAILED
* Result for [CONFIGURATION]: FAILURE
SUMMARY
---------
Attributes with different values:
interSiteTopologyGenerator
ERROR: Compare failed: -1
Those seem to be the source of error.
Can i manually update them? Im worried i?ll end up worse if i try.
Greetings
Von: Hakim Liso via samba
Gesendet: Montag, 9. Mai 2022 15:25
An: samba at lists.samba.org
Betreff: Re: [Samba] How to determine DNS anomaly
Hello im not sure if the mail arrived. So here i go.
Good Morning,
luckily there is the delete empty lines option in np++.
The Network config you mentioned is the same exact i had when i contacted the
list actually.
I really felt that ?yeah, again..?.
Looking at the 192.168.50.1 (Site1 Gateway) as Default route for both, im
guessing you copied it?
Im actually not sure if the Default route is supposed or required anyways.
I?ve done the mentioned changes and a dbcheck doesnt throw any Errors. The
replication still doesnt seem to be working properly though.
DC01 Showrepl
Location1\dc01
DSA Options: 0x00000001
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
DSA invocationId: 4acdfe5f-21fc-44cb-92df-e2ce461b2594
==== INBOUND NEIGHBORS ===DC=DomainDnsZones,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ Wed May? 4 13:06:12 2022 CEST failed, result 64
(WERR_NETNAME_DELETED)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ Fri May? 6 15:49:39 2022 CEST failed, result 64
(WERR_NETNAME_DELETED)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:49:06 2022 CEST was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:49:06 2022 CEST
DC=ForestDnsZones,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=ForestDnsZones,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:47:46 2022 CEST was successful
??????????????? 0 consecutive failure(s).
??????? ????????Last success @ Mon May? 9 08:47:46 2022 CEST
CN=Schema,CN=Configuration,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ NTTIME(0) was successful
?? ?????????????0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:50:22 2022 CEST was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:50:22 2022 CEST
DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:51:21 2022 CEST was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:51:21 2022 CEST
==== OUTBOUND NEIGHBORS ======= KCC CONNECTION OBJECTS ===Connection --
??????? Connection name: 1c2e8f02-9175-4e72-aef0-e9c5f1644072
??????? Enabled??????? : TRUE
??????? Server DNS name : dc02.my.domain
??????? Server DN name? : CN=NTDS
Settings,CN=dc02,CN=Servers,CN=Location2,CN=Sites,CN=Configuration,DC=my,DC=domain
??????????????? TransportType: RPC
??????????????? options: 0x00000001
Warning: No NC replicated for Connection!
DC02 Showrepl
Location1\dc01
DSA Options: 0x00000001
DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
DSA invocationId: 4acdfe5f-21fc-44cb-92df-e2ce461b2594
==== INBOUND NEIGHBORS ===DC=DomainDnsZones,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ Fri May? 6 15:16:35 2022 CEST failed, result 2
(WERR_FILE_NOT_FOUND)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ Fri May? 6 15:17:15 2022 CEST failed, result 2
(WERR_FILE_NOT_FOUND)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:45:26 2022 CEST failed, result 8453
(WERR_DS_DRA_ACCESS_DENIED)
??????????????? 2 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:45:26 2022 CEST
DC=ForestDnsZones,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ Fri May? 6 15:16:55 2022 CEST failed, result 2
(WERR_FILE_NOT_FOUND)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May? 9 08:45:54 2022 CEST failed, result 8453
(WERR_DS_DRA_ACCESS_DENIED)
?? ?????????????1 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:45:54 2022 CEST
DC=my,DC=domain
??????? Location2\dc02 via RPC
??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ Mon May ?9 08:46:21 2022 CEST failed, result 8453
(WERR_DS_DRA_ACCESS_DENIED)
??????????????? 1 consecutive failure(s).
??????????????? Last success @ Mon May? 9 08:46:21 2022 CEST
==== OUTBOUND NEIGHBORS ===DC=DomainDnsZones,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Configuration,DC=my,DC=domain
?? ?????Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=ForestDnsZones,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ NTTIME(0) was successful
???????????? ???0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=my,DC=domain
??????? Location1\dc01 via RPC
??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4
??????????????? Last attempt @ NTTIME(0) was successful
???????????? ???0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ===Connection --
??????? Connection name: 1c2e8f02-9175-4e72-aef0-e9c5f1644072
??????? Enabled??????? : TRUE
??????? Server DNS name : dc02.my.domain
????? ??Server DN name? : CN=NTDS
Settings,CN=dc02,CN=Servers,CN=Location2,CN=Sites,CN=Configuration,DC=my,DC=domain
??????????????? TransportType: RPC
??????????????? options: 0x00000001
Warning: No NC replicated for Connection
drs replicate dc02 dc01 dc=my, DC=domain gives
sudo samba-tool drs replicate dc02 dc01 DC=my,DC=domain
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:dc02[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20>
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed - drsException: DsReplicaSync failed (8453,
'WERR_DS_DRA_ACCESS_DENIED')
? File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 577,
in run
??? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
? File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92,
in sendDsReplicaSync
??? raise drsException("DsReplicaSync failed %s" % estr)
Thanks in Advance
Greetings
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Good morning, * replied on previous messag below also.. and last mail.. ---------------------------------------------- trying to repl the dcs with ldap, tells me that there is no ldap entry for dc02 confirmed by user at dc01:~$ nslookup> set type=SRV > _ldap._tcp.my.domainServer: 192.168.50.11 Address: 192.168.50.11#53 _ldap._tcp.my.domain service = 0 100 389 dc01.my.domain. Both dcs reply with NXDOMAIN on administrator at dc02:~$ nslookup 10.0.1.9 if that narrows down the source of the error. Can i simply manually add the entry and zone? Greetings ---------------------------------------------- you can do that, but you might miss more here. I recommend you remove that server from DNS and AD and re-add it. Before you re-add it, make sure you set the DNS name server of the other DC first. after a join, reboot and check, you switch these entries again. Yes, you can manualy add them also, you and try and see if it works, but it can bite you later on. Like, I don?t know but somehow I lost my PDC record.. _ldap._tcp.pdc._msdcs.my.domain.tld I have re-added it, after a very good cleanup dns tool and ADUC and with ADSi editor. but I do notice, that, if I now want to move the FSMO role PDC.. its not moved. I have todo that manually atm, but not that its needed.. So, try above, and see of that works for you. Greetz, Louis And, please, reply to the list.> -----Oorspronkelijk bericht----- > Van: samba Namens Hakim Liso via samba > Verzonden: maandag 9 mei 2022 15:20 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] How to determine DNS anomaly > > Hello im not sure if the mail arrived. So here i go. > > Good Morning, > > luckily there is the delete empty lines option in np++. > The Network config you mentioned is the same exact i had when i contacted > the list actually. > I really felt that ?yeah, again..?. > Looking at the 192.168.50.1 (Site1 Gateway) as Default route for both, im > guessing you copied it?yes, I copied that..> Im actually not sure if the Default route is supposed or required anyways.required, No, only if you need it.> I?ve done the mentioned changes and a dbcheck doesnt throw any Errors. > The replication still doesnt seem to be working properly though. > > DC01 Showrepl > > Location1\dc01 > DSA Options: 0x00000001 > DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > DSA invocationId: 4acdfe5f-21fc-44cb-92df-e2ce461b2594 > ==== INBOUND NEIGHBORS ===> DC=DomainDnsZones,DC=my,DC=domain > ??????? Location2\dc02 via RPC > ??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23 > ??????????????? Last attempt @ Wed May? 4 13:06:12 2022 CEST failed,result 64> (WERR_NETNAME_DELETED) > ??????????????? 1 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) CN=Configuration,DC=my,DC=domain > ??????? Location2\dc02 via RPC > ??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23 > ??????????????? Last attempt @ Fri May? 6 15:49:39 2022 CEST failed,result 64> (WERR_NETNAME_DELETED) > ??????????????? 1 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) CN=Configuration,DC=my,DC=domain > ??????? Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ Mon May? 9 08:49:06 2022 CEST wassuccessful> ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ Mon May? 9 08:49:06 2022 CEST > DC=ForestDnsZones,DC=my,DC=domain > ??????? Location2\dc02 via RPC > ??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23 > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) DC=ForestDnsZones,DC=my,DC=domain > ??????? Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ Mon May? 9 08:47:46 2022 CEST wassuccessful> ??????????????? 0 consecutive failure(s). > ??????? ????????Last success @ Mon May? 9 08:47:46 2022 CEST > CN=Schema,CN=Configuration,DC=my,DC=domain > ??????? Location2\dc02 via RPC > ??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23 > ??????????????? Last attempt @ NTTIME(0) was successful > ?? ?????????????0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) > CN=Schema,CN=Configuration,DC=my,DC=domain > ??????? Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ Mon May? 9 08:50:22 2022 CEST wassuccessful> ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ Mon May? 9 08:50:22 2022 CESTDC=my,DC=domain> ??????? Location2\dc02 via RPC > ??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23 > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) DC=my,DC=domain > ??????? Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ Mon May? 9 08:51:21 2022 CEST wassuccessful> ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ Mon May? 9 08:51:21 2022 CEST ==== OUTBOUND > NEIGHBORS ==== ==== KCC CONNECTION OBJECTS ==== Connection -- > ??????? Connection name: 1c2e8f02-9175-4e72-aef0-e9c5f1644072 > ??????? Enabled??????? : TRUE > ??????? Server DNS name : dc02.my.domain > ??????? Server DN name? : CN=NTDS > Settings,CN=dc02,CN=Servers,CN=Location2,CN=Sites,CN=Configuration,DC > =my,DC=domain > ??????????????? TransportType: RPC > ??????????????? options: 0x00000001 > Warning: No NC replicated for Connection! > > DC02 Showrepl > > Location1\dc01 > DSA Options: 0x00000001 > DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > DSA invocationId: 4acdfe5f-21fc-44cb-92df-e2ce461b2594 > ==== INBOUND NEIGHBORS ===> DC=DomainDnsZones,DC=my,DC=domain > ??????? Location2\dc02 via RPC > ??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23 > ??????????????? Last attempt @ Fri May? 6 15:16:35 2022 CEST failed,result 2> (WERR_FILE_NOT_FOUND) > ??????????????? 1 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) CN=Configuration,DC=my,DC=domain > ??????? Location2\dc02 via RPC > ??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23 > ??????????????? Last attempt @ Fri May? 6 15:17:15 2022 CEST failed,result 2> (WERR_FILE_NOT_FOUND) > ??????????????? 1 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) CN=Configuration,DC=my,DC=domain > ??????? Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ Mon May? 9 08:45:26 2022 CEST failed,result 8453> (WERR_DS_DRA_ACCESS_DENIED) > ??????????????? 2 consecutive failure(s). > ??????????????? Last success @ Mon May? 9 08:45:26 2022 CEST > DC=ForestDnsZones,DC=my,DC=domain > ??????? Location2\dc02 via RPC > ??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23 > ??????????????? Last attempt @ Fri May? 6 15:16:55 2022 CEST failed,result 2> (WERR_FILE_NOT_FOUND) > ??????????????? 1 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) > CN=Schema,CN=Configuration,DC=my,DC=domain > ??????? Location2\dc02 via RPC > ??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23 > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) > CN=Schema,CN=Configuration,DC=my,DC=domain > ??????? Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ Mon May? 9 08:45:54 2022 CEST failed,result 8453> (WERR_DS_DRA_ACCESS_DENIED) > ?? ?????????????1 consecutive failure(s). > ??????????????? Last success @ Mon May? 9 08:45:54 2022 CESTDC=my,DC=domain> ??????? Location2\dc02 via RPC > ??????????????? DSA object GUID: 72041d70-edc8-4609-ba97-caf97ed84c23 > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) DC=my,DC=domain > ??????? Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ Mon May ?9 08:46:21 2022 CEST failed,result 8453> (WERR_DS_DRA_ACCESS_DENIED) > ??????????????? 1 consecutive failure(s). > ??????????????? Last success @ Mon May? 9 08:46:21 2022 CEST ==== OUTBOUND > NEIGHBORS ==== DC=DomainDnsZones,DC=my,DC=domain > ??????? Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) CN=Configuration,DC=my,DC=domain > ?? ?????Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) DC=ForestDnsZones,DC=my,DC=domain > ??????? Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) > CN=Schema,CN=Configuration,DC=my,DC=domain > ??????? Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ NTTIME(0) was successful > ???????????? ???0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) DC=my,DC=domain > ??????? Location1\dc01 via RPC > ??????????????? DSA object GUID: a452ed54-667a-43d3-9182-21d84a4919a4 > ??????????????? Last attempt @ NTTIME(0) was successful > ???????????? ???0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS ===> Connection -- > ??????? Connection name: 1c2e8f02-9175-4e72-aef0-e9c5f1644072 > ??????? Enabled??????? : TRUE > ??????? Server DNS name : dc02.my.domain > ????? ??Server DN name? : CN=NTDS > Settings,CN=dc02,CN=Servers,CN=Location2,CN=Sites,CN=Configuration,DC > =my,DC=domain > ??????????????? TransportType: RPC > ??????????????? options: 0x00000001 > Warning: No NC replicated for Connection > > drs replicate dc02 dc01 dc=my, DC=domain gives > > sudo samba-tool drs replicate dc02 dc01 DC=my,DC=domain ldb_wrap open > of secrets.ldb GENSEC backend 'gssapi_spnego' registered GENSEC backend > 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl- > EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend > 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' > registered GENSEC backend 'krb5' registered GENSEC backend > 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:dc02[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc02<0x20> > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (8453, 'WERR_DS_DRA_ACCESS_DENIED') > ? File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 577, in > run > ??? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > source_dsa_guid, NC, req_options) > ? File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92, in > sendDsReplicaSync > ??? raise drsException("DsReplicaSync failed %s" % estr) > > Thanks in Advance > > Greetings > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba