Hi guys
My situation
DC3 samba ver. 4.17.3 DC with FSMO role
DC2 samba ver. 4.17.3 DC
DC1 samba ver. 4.9.14 old DC ready to demote
But i have a problem with replica thru DC2<->DC3 with
(WERR_DS_DRA_ACCESS_DENIED)
Replica from DC1 -> DC2 and DC3 is ok
Before demote DC1 i would like have a correct replica ?
Below samba-tool drs showrepl for DC1,DC2 and DC3
Any other suggestions or things to look at?
Any help is appreciated.
[root at dc1 ~]# samba-tool drs showrepl
Default-First-Site-Name\DC1
DSA Options: 0x00000001
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
DSA invocationId: 834770f4-c5a7-48c7-bc77-66e2cf37e557
==== INBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ Tue Nov 22 08:28:07 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:28:07 2022 CET
DC=ForestDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e7666d5d-de9b-4920-84af-4df6b6066b61
Last attempt @ Tue Nov 22 08:28:07 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:28:07 2022 CET
CN=Schema,CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ Tue Nov 22 08:28:08 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:28:08 2022 CET
CN=Schema,CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e7666d5d-de9b-4920-84af-4df6b6066b61
Last attempt @ Tue Nov 22 08:28:08 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:28:08 2022 CET
CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ Tue Nov 22 08:28:08 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:28:08 2022 CET
CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e7666d5d-de9b-4920-84af-4df6b6066b61
Last attempt @ Tue Nov 22 08:28:08 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:28:08 2022 CET
DC=DomainDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ Tue Nov 22 08:28:07 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:28:07 2022 CET
DC=DomainDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e7666d5d-de9b-4920-84af-4df6b6066b61
Last attempt @ Tue Nov 22 08:28:07 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:28:07 2022 CET
DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ Tue Nov 22 08:28:08 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:28:08 2022 CET
DC=lxcerruti,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e7666d5d-de9b-4920-84af-4df6b6066b61
Last attempt @ Tue Nov 22 08:28:09 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:28:09 2022 CET
==== OUTBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e7666d5d-de9b-4920-84af-4df6b6066b61
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e7666d5d-de9b-4920-84af-4df6b6066b61
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ Tue Nov 22 02:13:11 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 02:13:11 2022 CET
CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e7666d5d-de9b-4920-84af-4df6b6066b61
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e7666d5d-de9b-4920-84af-4df6b6066b61
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=lxcerruti,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e7666d5d-de9b-4920-84af-4df6b6066b61
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: 73d1a404-06a5-4cae-ad6a-11eec59792b9
Enabled : TRUE
Server DNS name : dc3.lxcerruti.com
Server DN name : CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lxcerruti,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 39a546ce-89f0-4fd3-a177-43d4b340b3df
Enabled : TRUE
Server DNS name : dc2.lxcerruti.com
Server DN name : CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lxcerruti,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
In DC2
[root at dc2 ~]# samba-tool drs showrepl
Default-First-Site-Name\DC2
DSA Options: 0x00000001
DSA object GUID: e7666d5d-de9b-4920-84af-4df6b6066b61
DSA invocationId: 5935cd9d-0f49-436e-a182-84cc386c2524
==== INBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ Tue Nov 22 07:58:14 2022 CET failed, result 8453
(WERR_DS_DRA_ACCESS_DENIED)
174 consecutive failure(s).
Last success @ Tue Nov 22 07:58:14 2022 CET
DC=ForestDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ Tue Nov 22 07:58:14 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 07:58:14 2022 CET
CN=Schema,CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ Tue Nov 22 07:58:14 2022 CET failed, result 8453
(WERR_DS_DRA_ACCESS_DENIED)
174 consecutive failure(s).
Last success @ Tue Nov 22 07:58:14 2022 CET
CN=Schema,CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ Tue Nov 22 07:58:14 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 07:58:14 2022 CET
CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ Tue Nov 22 07:58:14 2022 CET failed, result 8453
(WERR_DS_DRA_ACCESS_DENIED)
174 consecutive failure(s).
Last success @ Tue Nov 22 07:58:14 2022 CET
CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ Tue Nov 22 07:58:14 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 07:58:14 2022 CET
DC=DomainDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ Tue Nov 22 07:58:35 2022 CET failed, result 8453
(WERR_DS_DRA_ACCESS_DENIED)
350 consecutive failure(s).
Last success @ Tue Nov 22 07:58:35 2022 CET
DC=DomainDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ Tue Nov 22 07:58:32 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 07:58:32 2022 CET
DC=lxcerruti,DC=com
Default-First-Site-Name\DC3 via RPC
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
Last attempt @ Tue Nov 22 07:58:14 2022 CET failed, result 8453
(WERR_DS_DRA_ACCESS_DENIED)
186 consecutive failure(s).
Last success @ Tue Nov 22 07:58:14 2022 CET
DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ Tue Nov 22 07:58:14 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 07:58:14 2022 CET
==== OUTBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: a9d2b189-70c5-40e1-9e46-541a9f34a1fd
Enabled : TRUE
Server DNS name : dc3.lxcerruti.com
Server DN name : CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lxcerruti,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 6de641cb-af0c-4eca-bb1c-7e734c743a9d
Enabled : TRUE
Server DNS name : dc1.lxcerruti.com
Server DN name : CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lxcerruti,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
In DC3
[root at dc3 ~]# samba-tool drs showrepl
Default-First-Site-Name\DC3
DSA Options: 0x00000001
DSA object GUID: 25c54e64-45cf-448e-ac3c-2afb1cee086c
DSA invocationId: 30d658d2-cf05-4b2c-8dd0-59930a2186f0
==== INBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ Tue Nov 22 07:59:31 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 07:59:31 2022 CET
CN=Schema,CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ Tue Nov 22 07:59:31 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 07:59:31 2022 CET
CN=Configuration,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ Tue Nov 22 07:59:31 2022 CET failed, result 58
(WERR_BAD_NET_RESP)
286 consecutive failure(s).
Last success @ Mon Nov 21 09:18:59 2022 CET
DC=DomainDnsZones,DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ Tue Nov 22 08:02:18 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:02:18 2022 CET
DC=lxcerruti,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
Last attempt @ Tue Nov 22 08:00:53 2022 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 22 08:00:53 2022 CET
==== OUTBOUND NEIGHBORS ===
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: 9bb42a7e-c1e6-4876-b0f4-fbb973552b67
Enabled : TRUE
Server DNS name : dc1.lxcerruti.com
Server DN name : CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lxcerruti,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
-----Messaggio originale-----
Da: samba <mailto:samba-bounces at lists.samba.org> Per conto di Rowland
Penny via samba
Inviato: luned? 21 novembre 2022 11:27
A: mailto:samba at lists.samba.org
Cc: Rowland Penny <mailto:rpenny at samba.org>
Oggetto: Re: [Samba] R: R: R: R: R: windows 11 22h2
On 21/11/2022 10:10, Corrado Ravinetto via samba wrote:> Hi
> After upgrade to samba 4.17.3 with only 1 dc i have some problem :
> SMB1 disabled -- no workgroup available
> In my smb.conf i added ?min protocol = CORE?
but no way
> I can?t access to my share with
\\servername<file://servername> but only with ip address
> I can?t use RSAT to update my domain from windows box
Can you confirm that your DC is an AD DC, if so, it sounds like a dns issue, so
check your dns.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Corrado Ravinetto
Sistemi informativi
corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at
lanificiocerruti.com>
T: +39 015 3591283
[Lanificio F.lli CERRUTI]
Lanificio F.lli Cerruti S.p.A.
Via Cernaia 40, 13900 - Biella (BI) Italy
www.lanificiocerruti.com <http://www.lanificiocerruti.com/>
[Twitter] <https://twitter.com/Lan_Cerruti> [Facebook]
<https://www.facebook.com/LanificioCerruti> [Instagram]
<https://www.instagram.com/lanificiocerruti/>
Rispetta l'ambiente, non stampare questa mail se non necessario
Respect the environment, don't print unless necessary
[Unesco]