samba - Nov 2022 - Replication between Samba DCs (on different sites)?

14.11.2022 23:21, Michael Tokarev via samba wrote:
...
> I tried 'samba-tool drs replicate' manually on AI, but it also
shows this
> error:
> 
> AI# samba-tool drs replicate ai svdcp
'CN=Configuration,DC=tls,DC=msk,DC=ru'
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND')
>  ? File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py",
line 570, in run
>  ??? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
>  ? File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line
92, in sendDsReplicaSync
>  ??? raise drsException("DsReplicaSync failed %s" % estr)

AI# samba-tool drs replicate ai svdcp
'CN=Configuration,DC=tls,DC=msk,DC=ru' -d 10

gives some wire traces (or looks like), it ends up like the remote is returning
WERR_FILE_NOT_FOUND. And I don't see this error on the remote, all what I
see
remote reporting on the logs is WERR_OK.

However, the other way it works fine:

AI# samba-tool drs replicate svdcp ai
'CN=Configuration,DC=tls,DC=msk,DC=ru'
Replicate from ai to svdcp was successful.


It is even the same when run on SVDCP:

SVDCP# samba-tool drs replicate ai svdcp
'CN=Configuration,DC=tls,DC=msk,DC=ru'
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND')
   File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line
570, in run
     drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
   File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92,
in sendDsReplicaSync
     raise drsException("DsReplicaSync failed %s" % estr)

SVDCP# samba-tool drs replicate svdcp ai
'CN=Configuration,DC=tls,DC=msk,DC=ru'
Replicate from ai to svdcp was successful.


Who is returning FILE_NOT_FOUND and for what file?

Thank you!

/mjt

Replying to my own emails and thread..

15.11.2022 00:07, Michael Tokarev via samba wrote:
> 14.11.2022 23:21, Michael Tokarev via samba wrote:
> ...
>> I tried 'samba-tool drs replicate' manually on AI, but it also
shows this
>> error:
>>
>> AI# samba-tool drs replicate ai svdcp
'CN=Configuration,DC=tls,DC=msk,DC=ru'
>> ERROR(<class 'samba.drs_utils.drsException'>):
DsReplicaSync failed - drsException: DsReplicaSync failed (2,
'WERR_FILE_NOT_FOUND')
>> ?? File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py",
line 570, in run
>> ???? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
>> ?? File "/usr/lib/python3/dist-packages/samba/drs_utils.py",
line 92, in sendDsReplicaSync
>> ???? raise drsException("DsReplicaSync failed %s" % estr)
> 
> 
> AI# samba-tool drs replicate ai svdcp
'CN=Configuration,DC=tls,DC=msk,DC=ru' -d 10
> 
> gives some wire traces (or looks like), it ends up like the remote is
returning
> WERR_FILE_NOT_FOUND. And I don't see this error on the remote, all what
I see
> remote reporting on the logs is WERR_OK.
So, after recompiling samba multiple times adding numerous debugging messages
into *_DsReplicaSync and below, I found out the database on the
"primary" DC
contained a few references to the objects I had to remove before, for example:

NOTE: old (due to rename or delete) DN string component for rIDSetReferences in
object CN=SVDCM\0ADEL:a1a97bca-fbdf-429a-966e-cb8d71da606c,CN=Deleted
Objects,DC=tls,DC=msk,DC=ru - CN=RID Set,CN=SVDCM,OU=Domain
Controllers,DC=tls,DC=msk,DC=ru

(note the CN=Deleted Objects).

It was a long and painful debugging which lasted 2 complete days.

After all this, when trying to find a way to get a dump of ldb - I found
(by a chance) samba-tool dbcheck.  Which found all these objects (but
displayed "0 errors" anyway).  And after removing these "Deleted
Objects"
things, it started working fine.

There are just 329 objects in the db now.

So, basically, samba-tool dbcheck for the rescue at the very least,
and note that renames/deletes in samba does not quite work.

Thank everyone for the help,

/mjt