Hello,
i started a thread about dns anomalies some time ago. The second dc seemed
to work properly to the end but i ran into the original errors again.
Do i need to setup a scheduled sync for idmap aswell? Could this be the
source of error?
Setup
DC01
Site 1 192.168.50.0/24
Netplan
network:
version: 2
renderer: networkd
ethernets:
eno1:
addresses:
- 192.168.50.11/24
nameservers:
search: [my.domain]
addresses: [192.168.50.11, 10.0.1.9, 192.168.50.1]
routes:
- to: default
via: 192.168.50.1
Resolv.conf
search my.domain
nameserver 192.168.50.11
DC02
Site 2 10.0.1.0/24
netplan
network:
version: 2
renderer: networkd
ethernets:
eno1:
addresses:
- 10.0.1.9/24
nameservers:
search: [my.domain]
addresses: [10.0.1.9, 192.168.50.11]
routes:
- to: default
via: 10.0.1.253
resolv.conf
search my.domain
nameserver 192.168.50.11
Dc02 trying to pull db of dc01 (rotation backup)
administrator at dc02:/usr/local/bin$ sudo ./samba-db-dc01.sh
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name dc01.my.domain<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc01.my.domain<0x20>
Password for [administrator at my.domain]:
INFO 2022-05-23 10:39:52,109 pid:1763273
/usr/lib/python3/dist-packages/samba/join.py #1575: workgroup is my
INFO 2022-05-23 10:39:52,109 pid:1763273
/usr/lib/python3/dist-packages/samba/join.py #1578: realm is my.domain
Calling bare provision
lpcfg_load: refreshing parameters from
/mnt/backups/dc01/tmpkycl7zma/etc/smb.conf
lpcfg_load: refreshing parameters from
/mnt/backups/dc01/tmpkycl7zma/etc/smb.conf
INFO 2022-05-23 10:39:52,116 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up
IPv4 addresses
INFO 2022-05-23 10:39:52,116 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: Looking up
IPv6 addresses
WARNING 2022-05-23 10:39:52,117 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No IPv6
address will be assigned
INFO 2022-05-23 10:39:52,348 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2290: Setting up
share.ldb
INFO 2022-05-23 10:39:52,377 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting up
secrets.ldb
INFO 2022-05-23 10:39:52,434 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2299: Setting up
the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE'
not found
key added: key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not
found
key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,h
ive=NONE' not found
key added:
key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hi
ve=NONE
Key
'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hi
ve=NONE' not found
key added:
key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hiv
e=NONE
INFO 2022-05-23 10:39:52,518 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2302: Setting up
the privileges database
INFO 2022-05-23 10:39:52,560 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: Setting up
idmap db
INFO 2022-05-23 10:39:52,588 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2312: Setting up
SAM db
INFO 2022-05-23 10:39:52,595 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #897: Setting up
sam.ldb partitions and settings
INFO 2022-05-23 10:39:52,596 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #909: Setting up
sam.ldb rootDSE
INFO 2022-05-23 10:39:52,601 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1322:
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave:
No such Base DN: @INDEXLIST
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs
INFO 2022-05-23 10:39:52,634 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2364: A Kerberos
configuration suitable for Samba AD has been generated at
/mnt/backups/dc01/tmpkycl7zma/private/krb5.conf
INFO 2022-05-23 10:39:52,634 pid:1763273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2366: Merge the
contents of this file with your system krb5.conf or replace it with this
one. Do not create a symlink!
Provision OK for domain DN DC=my,DC=domain
Starting replication
Using DS_BIND_GUID_W2K3
Using binding ncacn_ip_tcp:dc01.my.domain[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name dc01.my.domain<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc01.my.domain<0x20>
Schema-DN[CN=Schema,CN=Configuration,DC=my,DC=domain] objects[402/1739]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=my,DC=domain] objects[804/1739]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=my,DC=domain] objects[1206/1739]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=my,DC=domain] objects[1608/1739]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=my,DC=domain] objects[1739/1739]
linked_values[0/0]
Analyze and apply schema objects
Replicated 1739 objects (0 linked attributes) for
CN=Schema,CN=Configuration,DC=my,DC=domain
Partition[CN=Configuration,DC=my,DC=domain] objects[402/1653]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=my,DC=domain
Partition[CN=Configuration,DC=my,DC=domain] objects[804/1653]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=my,DC=domain
Partition[CN=Configuration,DC=my,DC=domain] objects[1206/1653]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=my,DC=domain
Partition[CN=Configuration,DC=my,DC=domain] objects[1608/1653]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=my,DC=domain
Partition[CN=Configuration,DC=my,DC=domain] objects[1653/1653]
linked_values[34/34]
Replicated 45 objects (34 linked attributes) for
CN=Configuration,DC=my,DC=domain
Replicating critical objects from the base DN of the domain
Partition[DC=my,DC=domain] objects[98/97] linked_values[29/29]
Replicated 98 objects (29 linked attributes) for DC=my,DC=domain
Partition[DC=my,DC=domain] objects[402/472] linked_values[0/19]
Replicated 402 objects (0 linked attributes) for DC=my,DC=domain
Partition[DC=my,DC=domain] objects[472/472] linked_values[35/35]
Replicated 70 objects (35 linked attributes) for DC=my,DC=domain
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=my,DC=domain
Partition[DC=DomainDnsZones,DC=my,DC=domain] objects[106/106]
linked_values[0/0]
Replicated 106 objects (0 linked attributes) for
DC=DomainDnsZones,DC=my,DC=domain
Replicating DC=ForestDnsZones,DC=my,DC=domain
Partition[DC=ForestDnsZones,DC=my,DC=domain] objects[36/36]
linked_values[0/0]
Replicated 36 objects (0 linked attributes) for
DC=ForestDnsZones,DC=my,DC=domain
Committing SAM database
replmd_prepare_commit: Processing linked attributes
Discarding older DRS linked attribute update to member on CN=Pre-Windows
2000 Compatible Access,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=IIS_IUSRS,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Schema
Admins,CN=Users,DC=my,DC=domain from 4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Domain
Users,CN=Users,DC=my,DC=domain from 4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Enterprise
Admins,CN=Users,DC=my,DC=domain from 4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,DC=my,DC=domain from 4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,DC=my,DC=domain from 4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,DC=my,DC=domain from 4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=Guests,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=Guests,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Denied RODC
Password Replication Group,CN=Users,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Group Policy
Creator Owners,CN=Users,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on
CN=Users,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Discarding older DRS linked attribute update to member on CN=Windows
Authorization Access Group,CN=Builtin,DC=my,DC=domain from
4acdfe5f-21fc-44cb-92df-e2ce461b2594
Repacking database from v1 to v2 format (first record
CN=ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon,CN=Schema,C
N=Configuration,DC=my,DC=domain)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=siteLink-Display,CN=404,CN=DisplaySpecifiers,CN=Configuration,DC=my,DC=do
main)
Repacking database from v1 to v2 format (first record
DC=_gc._tcp.site1._sites,DC=my.domain,CN=MicrosoftDNS,DC=DomainDnsZones,DC=m
y,DC=domain)
Repacking database from v1 to v2 format (first record
DC=_ldap._tcp.pdc,DC=_msdcs.my.domain,CN=MicrosoftDNS,DC=ForestDnsZones,DC=m
y,DC=domain)
Repacking database from v1 to v2 format (first record
CN=6ada9ff7-c9df-45c1-908e-9fef2fab008a,CN=Operations,CN=DomainUpdates,CN=Sy
stem,DC=my,DC=domain)
INFO 2022-05-23 10:40:54,154 pid:1763273
/usr/lib/python3/dist-packages/samba/join.py #1616: Setting isSynchronized
and dsServiceName
INFO 2022-05-23 10:40:54,169 pid:1763273
/usr/lib/python3/dist-packages/samba/join.py #1581: Cloned domain my (SID
S-1-5-21-3270324153-1113196140-426135491)
resolve_lmhosts: Attempting lmhosts lookup for name dc01.my.domain<0x20>
INFO 2022-05-23 10:40:54,677 pid:1763273
/usr/lib/python3/dist-packages/samba/netcmd/domain_backup.py #269: Backing
up sysvol files (via SMB)...
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Processing section "[sysvol]"
Processing section "[netlogon]"
Processing section "[U2-XX]"
Processing section "[U1-XX]"
Processing section "[U1-XX]"
Processing section "[U1-XX]"
Processing section "[XX]"
resolve_hosts: Attempting host lookup for name dc01.my.domain<0x20>
Connecting to 192.168.50.11 at port 445
convert_string_handle: E2BIG: convert_string(UTF-8,CP850): srclen=18
destlen=16 error: No more room
Connecting to 192.168.50.11 at port 139
ERROR(runtime): uncaught exception - (3221225653, '{Device Timeout} The
specified I/O operation on %hs was not completed before the time-out period
expired.')
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
186,
in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/domain_backup.py",
line
272, in run
backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 522, in
backup_online
data = smb_helper.loadfile(r_name)
File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 369, in
loadfile
return self.smb_conn.loadfile(smb_path)