thr3ads.net - samba - [Samba] accidentally upgraded DC to 4.17.3 ... didn't work [Nov 2022]

If this information is useful, please help other people find it:
Share via:

Stefan G. Weichinger

2022-Nov-24 12:54 UTC

[Samba] accidentally upgraded DC to 4.17.3 ... didn't work

Am 24.11.22 um 13:25 schrieb Stefan G. Weichinger via samba:
> Maybe someone points me at a way to fix this DSA-GUID issue or so.
If I understand this correctly, that wrong GUID might explain, why 
demoting doesn't work from the broken DC:

the final replication before the demote won't work either, right?

So it seems to me that this DC somehow has an identity issue ;-)

Stefan G. Weichinger

2022-Nov-24 13:28 UTC

head link

[Samba] accidentally upgraded DC to 4.17.3 ... didn't work

Am 24.11.22 um 13:54 schrieb Stefan G. Weichinger via
samba:> Am 24.11.22 um 13:25 schrieb Stefan G. Weichinger via samba:
> 
>> Maybe someone points me at a way to fix this DSA-GUID issue or so.
> 
> If I understand this correctly, that wrong GUID might explain, why 
> demoting doesn't work from the broken DC:
> 
> the final replication before the demote won't work either, right?
> 
> So it seems to me that this DC somehow has an identity issue ;-)
Maybe one of you already knows what is wrong.

Let me add this (sorry for the long thread):

* replication seems to work "manually":

# samba-tool drs replicate adc1 adc2 
CN=Configuration,DC=arbeitsgruppe,DC=my,DC=tld  --full-sync
Replicate from adc2 to adc1 was successful.

* but "samba-tool drs showrepl" looks different on the 2 DCs:

root at adc2:/var/log/samba# samba-tool drs showrepl
Default-First-Site-Name\ADC2
DSA Options: 0x00000001
DSA object GUID: bea518ef-fa1e-4b5a-9dd7-cb5a2c2d052d
DSA invocationId: 89f8a446-6b07-49c6-a05d-b0f890a41508

==== INBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC1 via RPC
		DSA object GUID: 2ea0c6cd-cc15-4db7-8fe3-378491fc08e8
		Last attempt @ Thu Nov 24 14:22:30 2022 CET failed, result 31 
(WERR_GEN_FAILURE)
		26 consecutive failure(s).
		Last success @ NTTIME(0)

DC=DomainDnsZones,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC1 via RPC
		DSA object GUID: 2ea0c6cd-cc15-4db7-8fe3-378491fc08e8
		Last attempt @ Thu Nov 24 14:22:31 2022 CET failed, result 31 
(WERR_GEN_FAILURE)
		26 consecutive failure(s).
		Last success @ NTTIME(0)

DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC1 via RPC
		DSA object GUID: 2ea0c6cd-cc15-4db7-8fe3-378491fc08e8
		Last attempt @ Thu Nov 24 14:22:31 2022 CET failed, result 31 
(WERR_GEN_FAILURE)
		26 consecutive failure(s).
		Last success @ NTTIME(0)

CN=Configuration,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC1 via RPC
		DSA object GUID: 2ea0c6cd-cc15-4db7-8fe3-378491fc08e8
		Last attempt @ Thu Nov 24 14:22:31 2022 CET failed, result 31 
(WERR_GEN_FAILURE)
		26 consecutive failure(s).
		Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC1 via RPC
		DSA object GUID: 2ea0c6cd-cc15-4db7-8fe3-378491fc08e8
		Last attempt @ Thu Nov 24 14:22:32 2022 CET failed, result 31 
(WERR_GEN_FAILURE)
		26 consecutive failure(s).
		Last success @ NTTIME(0)

==== OUTBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC1 via RPC
		DSA object GUID: 2ea0c6cd-cc15-4db7-8fe3-378491fc08e8
		Last attempt @ Thu Nov 24 14:27:02 2022 CET failed, result 31 
(WERR_GEN_FAILURE)
		32 consecutive failure(s).
		Last success @ NTTIME(0)

DC=DomainDnsZones,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC1 via RPC
		DSA object GUID: 2ea0c6cd-cc15-4db7-8fe3-378491fc08e8
		Last attempt @ Thu Nov 24 14:27:02 2022 CET failed, result 31 
(WERR_GEN_FAILURE)
		32 consecutive failure(s).
		Last success @ NTTIME(0)

DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC1 via RPC
		DSA object GUID: 2ea0c6cd-cc15-4db7-8fe3-378491fc08e8
		Last attempt @ Thu Nov 24 14:27:02 2022 CET failed, result 31 
(WERR_GEN_FAILURE)
		32 consecutive failure(s).
		Last success @ NTTIME(0)

CN=Configuration,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC1 via RPC
		DSA object GUID: 2ea0c6cd-cc15-4db7-8fe3-378491fc08e8
		Last attempt @ Thu Nov 24 14:27:02 2022 CET failed, result 31 
(WERR_GEN_FAILURE)
		18 consecutive failure(s).
		Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC1 via RPC
		DSA object GUID: 2ea0c6cd-cc15-4db7-8fe3-378491fc08e8
		Last attempt @ Thu Nov 24 14:27:02 2022 CET failed, result 31 
(WERR_GEN_FAILURE)
		32 consecutive failure(s).
		Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ===
Connection --
	Connection name: b63aed9f-c407-4dd2-9dd0-90255cb9a32d
	Enabled        : TRUE
	Server DNS name : adc1.arbeitsgruppe.my.tld
	Server DN name  : CN=NTDS 
Settings,CN=ADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=arbeitsgruppe,DC=my,DC=tld
		TransportType: RPC
		options: 0x00000001
Warning: No NC replicated for Connection!


root at adc1:/var/log/samba# samba-tool  drs showrepl
Default-First-Site-Name\ADC1
DSA Options: 0x00000001
DSA object GUID: 2ea0c6cd-cc15-4db7-8fe3-378491fc08e8
DSA invocationId: 61c675b8-52df-4f2d-9ed6-b47c3ef013c1

==== INBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC2 via RPC
		DSA object GUID: bea518ef-fa1e-4b5a-9dd7-cb5a2c2d052d
		Last attempt @ Thu Nov 24 14:24:23 2022 CET was successful
		0 consecutive failure(s).
		Last success @ Thu Nov 24 14:24:23 2022 CET

DC=DomainDnsZones,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC2 via RPC
		DSA object GUID: bea518ef-fa1e-4b5a-9dd7-cb5a2c2d052d
		Last attempt @ Thu Nov 24 14:24:23 2022 CET was successful
		0 consecutive failure(s).
		Last success @ Thu Nov 24 14:24:23 2022 CET

DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC2 via RPC
		DSA object GUID: bea518ef-fa1e-4b5a-9dd7-cb5a2c2d052d
		Last attempt @ Thu Nov 24 14:24:23 2022 CET was successful
		0 consecutive failure(s).
		Last success @ Thu Nov 24 14:24:23 2022 CET

CN=Configuration,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC2 via RPC
		DSA object GUID: bea518ef-fa1e-4b5a-9dd7-cb5a2c2d052d
		Last attempt @ Thu Nov 24 14:25:34 2022 CET was successful
		0 consecutive failure(s).
		Last success @ Thu Nov 24 14:25:34 2022 CET

CN=Schema,CN=Configuration,DC=arbeitsgruppe,DC=my,DC=tld
	Default-First-Site-Name\ADC2 via RPC
		DSA object GUID: bea518ef-fa1e-4b5a-9dd7-cb5a2c2d052d
		Last attempt @ Thu Nov 24 14:24:23 2022 CET was successful
		0 consecutive failure(s).
		Last success @ Thu Nov 24 14:24:23 2022 CET

==== OUTBOUND NEIGHBORS ===
==== KCC CONNECTION OBJECTS ===
Connection --
	Connection name: d655acc8-9316-4912-8619-59e7d4a31490
	Enabled        : TRUE
	Server DNS name : adc2.arbeitsgruppe.my.tld
	Server DN name  : CN=NTDS 
Settings,CN=ADC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=arbeitsgruppe,DC=my,DC=tld
		TransportType: RPC
		options: 0x00000001
Warning: No NC replicated for Connection!

samba - Nov 2022 - accidentally upgraded DC to 4.17.3 ... didn't work

[Samba] accidentally upgraded DC to 4.17.3 ... didn't work

[Samba] accidentally upgraded DC to 4.17.3 ... didn't work