Alexandros Karypidis
2023-May-28 10:43 UTC
[Samba] Replication issue after upgrade - 3221225524 / WERR_FILE_NOT_FOUND
Hello,
I have a domain with two controllers (DC1/DC2) based on Turnkey Linux domain
controller V16.2 (Samba v4.9.5). I just finished upgrading toV17.1 (Samba
v4.17.3) using a new temporary controller DC3.
Things seem to have worked, I have DC1/DC2 running the new version and can login
to the domain (computer accounts are present, users/groups seem fine, etc).
HOWEVER, when I try replication now I get the following errors:
ERROR 1: Try sync from DC1 to DC2 - error 3221225524 (some object not found):
root at dc1 ~# samba-tool drs replicate DC2 DC1 DC=ad,DC=home,DC=lan --full-sync
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
DC2 failed - drsException: DRS connection to DC2 failed: (3221225524, 'The
object name is not found.')? File
"/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 55, in
drsuapi_connect? ? (ctx.drsuapi, ctx.drsuapi_handle,
ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp,
ctx.creds)? File "/usr/lib/python3/dist-packages/samba/drs_utils.py",
line 71, in drsuapi_connect? ? raise drsException("DRS connection to %s
failed: %s" % (server, e))
ERROR 2: Try sync from DC2 to DC1 - error? WERR_FILE_NOT_FOUND:
root at dc1 ~# samba-tool drs replicate DC1 DC2 DC=ad,DC=home,DC=lan --full-sync
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND')?
File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570,
in run? ? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)? File
"/usr/lib/python3/dist-packages/samba/drs_utils.py", line 100, in
sendDsReplicaSync? ? raise drsException("DsReplicaSync failed %s" %
estr)
Any idea why replication now fails? Logging in with RSAT's "Active
Directory Users and Computers" seem to show the contents fine on both
controllers.
------------------- The process used to perform the upgrade is below:
- Create a third DC3 using V17.1 and transfer all FSMO to it- Demote/remove DC1-
Demote/remove DC2- Recreate DC1 with V17.1 and rejoin domain- Recreate DC2 with
V17.1 and rejoin domain- Transfer all FSMO to DC1- Demote/remove DC3
Now, one thing I noticed is that when demoting a DC it was still a member of the
domain, so to completely remove it I used the RSAT app on WIndows to delete the
computer (including subtree). That was the only "quirk" during the
process. After removing the DC I ran a "dbcheck" to fix any references
to the removed name...
Rowland Penny
2023-May-28 12:04 UTC
[Samba] Replication issue after upgrade - 3221225524 / WERR_FILE_NOT_FOUND
On 28/05/2023 11:43, Alexandros Karypidis via samba wrote:> Hello, > I have a domain with two controllers (DC1/DC2) based on Turnkey Linux domain controller V16.2 (Samba v4.9.5). I just finished upgrading toV17.1 (Samba v4.17.3) using a new temporary controller DC3. > Things seem to have worked, I have DC1/DC2 running the new version and can login to the domain (computer accounts are present, users/groups seem fine, etc). HOWEVER, when I try replication now I get the following errors: > ERROR 1: Try sync from DC1 to DC2 - error 3221225524 (some object not found): > root at dc1 ~# samba-tool drs replicate DC2 DC1 DC=ad,DC=home,DC=lan --full-sync > ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to DC2 failed - drsException: DRS connection to DC2 failed: (3221225524, 'The object name is not found.')? File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 55, in drsuapi_connect? ? (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)? File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 71, in drsuapi_connect? ? raise drsException("DRS connection to %s failed: %s" % (server, e)) > ERROR 2: Try sync from DC2 to DC1 - error? WERR_FILE_NOT_FOUND: > root at dc1 ~# samba-tool drs replicate DC1 DC2 DC=ad,DC=home,DC=lan --full-sync > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND')? File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570, in run? ? drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)? File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 100, in sendDsReplicaSync? ? raise drsException("DsReplicaSync failed %s" % estr) > Any idea why replication now fails? Logging in with RSAT's "Active Directory Users and Computers" seem to show the contents fine on both controllers. > ------------------- The process used to perform the upgrade is below: > - Create a third DC3 using V17.1 and transfer all FSMO to it- Demote/remove DC1- Demote/remove DC2- Recreate DC1 with V17.1 and rejoin domain- Recreate DC2 with V17.1 and rejoin domain- Transfer all FSMO to DC1- Demote/remove DC3 > Now, one thing I noticed is that when demoting a DC it was still a member of the domain, so to completely remove it I used the RSAT app on WIndows to delete the computer (including subtree). That was the only "quirk" during the process. After removing the DC I ran a "dbcheck" to fix any references to the removed name... >Can you post your /etc/hosts, /etc/hostname, /etc/resolv.conf and /etc/krb5.conf files, sanitised if need be. Rowland