thr3ads.net - samba - [Samba] Replication Problems After Changing FSMO DC [Jan 2023]

If this information is useful, please help other people find it:
Share via:

Dale Renton

2023-Jan-10 23:12 UTC

[Samba] Replication Problems After Changing FSMO DC

I should also say the inbound and outbound neighbors are also pointing to
the old DCs, dc1 and dc2.  Here is the full output of "samba-tool drs
showrepl".



ExampleSite2\DC5
DSA Options: 0x00000001
DSA object GUID: be89f4dc-a137-488b-a240-99ee2346fe26
DSA invocationId: aa3234ab-936f-4eb8-8386-e4817fb0185d

==== INBOUND NEIGHBORS ===
CN=Schema,CN=Configuration,DC=ad,DC=example,DC=com
        ExampleSite\DC1 via RPC
                DSA object GUID: d7d15fb1-2dc8-47cf-a0be-564be531e82a
                Last attempt @ Tue Jan 10 19:06:58 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
                6991 consecutive failure(s).
                Last success @ Sat Dec 17 12:32:15 2022 AST

DC=DomainDnsZones,DC=ad,DC=example,DC=com
        ExampleSite\DC1 via RPC
                DSA object GUID: d7d15fb1-2dc8-47cf-a0be-564be531e82a
                Last attempt @ Tue Jan 10 19:06:57 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
                6991 consecutive failure(s).
                Last success @ Sat Dec 17 12:34:44 2022 AST

DC=DomainDnsZones,DC=ad,DC=example,DC=com
        ExampleSite\DC3 via RPC
                DSA object GUID: 6afda200-7d62-489d-be33-a708d9a374cf
                Last attempt @ Tue Jan 10 19:07:02 2023 AST was successful
                0 consecutive failure(s).
                Last success @ Tue Jan 10 19:07:02 2023 AST

DC=ForestDnsZones,DC=ad,DC=example,DC=com
        ExampleSite\DC1 via RPC
                DSA object GUID: d7d15fb1-2dc8-47cf-a0be-564be531e82a
                Last attempt @ Tue Jan 10 19:06:57 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
                6991 consecutive failure(s).
                Last success @ Sat Dec 17 12:32:15 2022 AST

CN=Configuration,DC=ad,DC=example,DC=com
        ExampleSite\DC1 via RPC
                DSA object GUID: d7d15fb1-2dc8-47cf-a0be-564be531e82a
                Last attempt @ Tue Jan 10 19:06:58 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
                6991 consecutive failure(s).
                Last success @ Sat Dec 17 12:32:15 2022 AST

DC=ad,DC=example,DC=com
        ExampleSite\DC1 via RPC
                DSA object GUID: d7d15fb1-2dc8-47cf-a0be-564be531e82a
                Last attempt @ Tue Jan 10 19:06:58 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
                6990 consecutive failure(s).
                Last success @ Sat Dec 17 12:32:34 2022 AST

DC=ad,DC=example,DC=com
        ExampleSite\DC3 via RPC
                DSA object GUID: 6afda200-7d62-489d-be33-a708d9a374cf
                Last attempt @ Tue Jan 10 19:06:58 2023 AST was successful
                0 consecutive failure(s).
                Last success @ Tue Jan 10 19:06:58 2023 AST

==== OUTBOUND NEIGHBORS ===
CN=Schema,CN=Configuration,DC=ad,DC=example,DC=com
        ExampleSite\DC2 via RPC
                DSA object GUID: 3191b42f-a292-4dc6-8359-5db29d76cd99
                Last attempt @ Tue Jan 10 19:07:06 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
                417 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=ad,DC=example,DC=com
        ExampleSite\DC2 via RPC
                DSA object GUID: 3191b42f-a292-4dc6-8359-5db29d76cd99
                Last attempt @ Tue Jan 10 19:07:06 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
                392059 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=ad,DC=example,DC=com
        ExampleSite\DC2 via RPC
                DSA object GUID: 3191b42f-a292-4dc6-8359-5db29d76cd99
                Last attempt @ Tue Jan 10 19:07:06 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
                425 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=ad,DC=example,DC=com
        ExampleSite\DC2 via RPC
                DSA object GUID: 3191b42f-a292-4dc6-8359-5db29d76cd99
                Last attempt @ Tue Jan 10 19:07:06 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
                417 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ad,DC=example,DC=com
        ExampleSite\DC2 via RPC
                DSA object GUID: 3191b42f-a292-4dc6-8359-5db29d76cd99
                Last attempt @ Tue Jan 10 19:07:06 2023 AST failed, result
2 (WERR_FILE_NOT_FOUND)
                241634 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ===
Connection --
        Connection name: d0753cd3-dc40-4cdc-b554-0d0382dc6751
        Enabled        : TRUE
        Server DNS name : dc1.ad.example.com
        Server DN name  : CN=NTDS
Settings,CN=DC1,CN=Servers,CN=ExampleSite,CN=Sites,CN=Configuration,DC=ad,DC=example,DC=com
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!



On Tue, Jan 10, 2023 at 6:58 PM Dale Renton <drenton at gmail.com> wrote:
> Hello,
>
> dc1 and dc2 were running 4.13
> dc3, dc4, dc5, dc6 are running 4.16
>
> I created 2 new DCs, dc3 and dc4 and deleted dc1 and dc2.  dc3 holds the
> FSMO roles, dc1 used to.  We have some other DCs, dc5 and dc6 that are
> still pointing to dc1 and dc2 for replication.
>
> samba-tool drs replicate dc5 dc3 DC=ad,DC=example,DC=com --full-sync (I
> ran on dc5, works fine)
>
> however "samba-tool drs showrepl" on dc5 shows KCC CONNECTION
OBJECTS are
> still pointing to dc1
>
> ==== KCC CONNECTION OBJECTS ===>
> Connection --
>         Connection name: d0753cd3-dc40-4cdc-b554-0d0382dc6751
>         Enabled        : TRUE
>         Server DNS name : dc1.ad.example.com
>         Server DN name  : CN=NTDS Settings,CN=DC1,CN=Servers,CN>
ExampleSite,CN=Sites,CN=Configuration,DC=ad,DC=oxfordfrozenfoods,DC=com
>                 TransportType: RPC
>                 options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
> dc1 and dc2 were removed via "samba-tool domain demote
> --remove-other-dead-server=DC1" on dc3 after the server was off.
>
> How can I get the KCC CONNECTION OBJECTS on dc5 to point to dc3 instead of
> dc1 ?
>
> Thanks,
> Dale
>

Douglas Bagnall

2023-Jan-11 02:33 UTC

head link

[Samba] Replication Problems After Changing FSMO DC

On 11/01/23 12:12, Dale Renton via samba wrote:> I should also say the inbound and outbound neighbors are also pointing to
> the old DCs, dc1 and dc2.  Here is the full output of "samba-tool drs
> showrepl".
> 
Does `samba-tool kcc` succeed?
What about `samba-tool dbcheck`?

Does `samba-tool visualize uptodateness -rS --utf8` show big numbers or mostly 
zeros? That will tell you whether replication is actually succeeding, despite 
the complaints.

Are these DCs all in one site (in terms of AD objects, not necessarily
physically)?

cheers,
Douglas

Rowland Penny

2023-Jan-11 10:06 UTC

head link

[Samba] Replication Problems After Changing FSMO DC

On 10/01/2023 23:12, Dale Renton via samba wrote:> I should also say the inbound and outbound neighbors are also pointing to
> the old DCs, dc1 and dc2.  Here is the full output of "samba-tool drs
> showrepl".
> 
Try checking if you have duplicate dns records for the PDC_Emulator role 
(and others), there is a bug for that:

https://bugzilla.samba.org/show_bug.cgi?id=14518

Rowland

samba - Jan 2023 - Replication Problems After Changing FSMO DC

[Samba] Replication Problems After Changing FSMO DC

[Samba] Replication Problems After Changing FSMO DC

[Samba] Replication Problems After Changing FSMO DC