On Tue, 2023-11-21 at 23:50 +0100, Thomas Schachtner via samba
wrote:> > On Tue, 2023-11-21 at 10:33 -0500, James Atwell via samba wrote:
> > >
> > > > -----Original Message-----
> > > > From: samba<samba-bounces at lists.samba.org>? On
Behalf Of Thomas
> > > > Schachtner via samba
> > > > Sent: Tuesday, November 21, 2023 9:16 AM
> > > > To:samba at lists.samba.org
> > > > Subject: [Samba] samba-tool hangs on one dc
> > > >
> > > > Hello,
> > > >
> > > > since some time (I don't remember since when) I have a
strange
> > > > phenomenon
> > > > with one of my two samba4 DCs.
> > > > Both dc1 and dc2 seem to run pretty fine and when working
with
> > > > Windows, I
> > > > do not see any issues.
> > > >
> > > > But when issuing the following command on dc1, the command
does
> > > > not
> > > > return but seems to be stuck.
> > > >
> > > > samba-tool drs showrepl
> > > >
> > > > When issuing the same command on dc2, it takes a second or
so
> > > > and
> > > > the result
> > > > is printed on the screen.
> > > > The same with other commands like "samba-tool dns
add"
> > > >
> > > > I already checked the samba log files, but I did not find
any
> > > > log
> > > > entry.
> > > >
> > > > I know that it is difficult to provide a solution for a
problem
> > > > that is described so
> > > > poorly, but I don't know how to further debug it.
> > > > Any hints on how to move forward here and/or how to get more
> > > > information?
> > > >
> > > > The output of samba-tool drs showrepl on dc2 does not show
> > > > issues,
> > > > regardless of which dc is replicated to which one (i.e. dc1
to
> > > > tc2
> > > > or vice-versa).
> > > > When executing repadmin /replsummary on a Windows client,
also
> > > > no
> > > > errors
> > > > are shown.
> > > >
> > > > Here's the output:
> > > >
> > > > root at dc2:/var/lib/samba# samba-tool drs showrepl
> > > > Default-First-Site-Name\DC2
> > > > DSA Options: 0x00000001
> > > > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
> > > > DSA invocationId: 0e649cb7-efc8-47ad-a841-4453973dbcec
> > > >
> > > > ==== INBOUND NEIGHBORS ===> > > >
> > > > DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC1 via RPC
> > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed-
> > > > 1ceaeecf92eb
> > > > ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023
CET
> > > > was
> > > > successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ Tue Nov 21 12:26:25 2023
CET
> > > >
> > > > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC1 via RPC
> > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed-
> > > > 1ceaeecf92eb
> > > > ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023
CET
> > > > was
> > > > successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ Tue Nov 21 12:26:25 2023
CET
> > > >
> > > > CN=Configuration,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC1 via RPC
> > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed-
> > > > 1ceaeecf92eb
> > > > ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023
CET
> > > > was
> > > > successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ Tue Nov 21 12:26:25 2023
CET
> > > >
> > > > DC=DomainDnsZones,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC1 via RPC
> > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed-
> > > > 1ceaeecf92eb
> > > > ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023
CET
> > > > was
> > > > successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ Tue Nov 21 12:26:25 2023
CET
> > > >
> > > > DC=ForestDnsZones,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC1 via RPC
> > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed-
> > > > 1ceaeecf92eb
> > > > ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023
CET
> > > > was
> > > > successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ Tue Nov 21 12:26:25 2023
CET
> > > >
> > > > ==== OUTBOUND NEIGHBORS ===> > > >
> > > > DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC1 via RPC
> > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed-
> > > > 1ceaeecf92eb
> > > > ????????????????? Last attempt @ NTTIME(0) was successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ NTTIME(0)
> > > >
> > > > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC1 via RPC
> > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed-
> > > > 1ceaeecf92eb
> > > > ????????????????? Last attempt @ NTTIME(0) was successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ NTTIME(0)
> > > >
> > > > CN=Configuration,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC1 via RPC
> > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed-
> > > > 1ceaeecf92eb
> > > > ????????????????? Last attempt @ NTTIME(0) was successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ NTTIME(0)
> > > >
> > > > DC=DomainDnsZones,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC1 via RPC
> > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed-
> > > > 1ceaeecf92eb
> > > > ????????????????? Last attempt @ NTTIME(0) was successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ NTTIME(0)
> > > >
> > > > DC=ForestDnsZones,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC1 via RPC
> > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed-
> > > > 1ceaeecf92eb
> > > > ????????????????? Last attempt @ NTTIME(0) was successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ NTTIME(0)
> > > >
> > > > ==== KCC CONNECTION OBJECTS ===> > > >
> > > > Connection --
> > > > ????????? Connection name:
138dbf8f-16ef-406e-87aa-72a25b4e03b6
> > > > ????????? Enabled??????? : TRUE
> > > > ????????? Server DNS name : dc1.local.example.de
> > > > ????????? Server DN name? : CN=NTDS
> > > > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-
> > > > Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
> > > > ????????????????? TransportType: RPC
> > > > ????????????????? options: 0x00000001
> > > > Warning: No NC replicated for Connection!
> > > >
> > > > Now, after 10 minutes or so, also dc1 finished the command.
> > > > Here's the result:
> > > >
> > > > root at dc1:~# samba-tool drs showrepl
> > > > Default-First-Site-Name\DC1
> > > > DSA Options: 0x00000001
> > > > DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
> > > > DSA invocationId: a1e3fc90-833a-476e-8c8a-0753b5593ae3
> > > >
> > > > ==== INBOUND NEIGHBORS ===> > > >
> > > > DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC2 via RPC
> > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > > > 00a0db86e6a8
> > > > ????????????????? Last attempt @ Tue Nov 21 12:41:42 2023
CET
> > > > was
> > > > successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ Tue Nov 21 12:41:42 2023
CET
> > > >
> > > > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC2 via RPC
> > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > > > 00a0db86e6a8
> > > > ????????????????? Last attempt @ Tue Nov 21 12:41:43 2023
CET
> > > > was
> > > > successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ Tue Nov 21 12:41:43 2023
CET
> > > >
> > > > CN=Configuration,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC2 via RPC
> > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > > > 00a0db86e6a8
> > > > ????????????????? Last attempt @ Tue Nov 21 12:41:43 2023
CET
> > > > was
> > > > successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ Tue Nov 21 12:41:43 2023
CET
> > > >
> > > > DC=DomainDnsZones,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC2 via RPC
> > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > > > 00a0db86e6a8
> > > > ????????????????? Last attempt @ Tue Nov 21 12:41:43 2023
CET
> > > > was
> > > > successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ Tue Nov 21 12:41:43 2023
CET
> > > >
> > > > DC=ForestDnsZones,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC2 via RPC
> > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > > > 00a0db86e6a8
> > > > ????????????????? Last attempt @ Tue Nov 21 12:41:41 2023
CET
> > > > was
> > > > successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ Tue Nov 21 12:41:41 2023
CET
> > > >
> > > > ==== OUTBOUND NEIGHBORS ===> > > >
> > > > DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC2 via RPC
> > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > > > 00a0db86e6a8
> > > > ????????????????? Last attempt @ NTTIME(0) was successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ NTTIME(0)
> > > >
> > > > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC2 via RPC
> > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > > > 00a0db86e6a8
> > > > ????????????????? Last attempt @ NTTIME(0) was successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ NTTIME(0)
> > > >
> > > > CN=Configuration,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC2 via RPC
> > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > > > 00a0db86e6a8
> > > > ????????????????? Last attempt @ NTTIME(0) was successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ NTTIME(0)
> > > >
> > > > DC=DomainDnsZones,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC2 via RPC
> > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > > > 00a0db86e6a8
> > > > ????????????????? Last attempt @ NTTIME(0) was successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ NTTIME(0)
> > > >
> > > > DC=ForestDnsZones,DC=local,DC=example,DC=de
> > > > ????????? Default-First-Site-Name\DC2 via RPC
> > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-
> > > > 00a0db86e6a8
> > > > ????????????????? Last attempt @ NTTIME(0) was successful
> > > > ????????????????? 0 consecutive failure(s).
> > > > ????????????????? Last success @ NTTIME(0)
> > > >
> > > > ==== KCC CONNECTION OBJECTS ===> > > >
> > > > Connection --
> > > > ????????? Connection name:
85d23471-63cd-4bf1-9238-1ea493d07a95
> > > > ????????? Enabled??????? : TRUE
> > > > ????????? Server DNS name : dc2.local.example.de
> > > > ????????? Server DN name? : CN=NTDS
> > > > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-
> > > > Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
> > > > ????????????????? TransportType: RPC
> > > > ????????????????? options: 0x00000001
> > > > Warning: No NC replicated for Connection!
> > > >
> > > >
> > > >
> > > > Both servers (Ubuntu Server) have the latest updates
installed.
> > > > The samba version is 4.15.13-Ubuntu.
> > > >
> > > > What could be the reason why one dc takes so long with
samba-
> > > > tool
> > > > commands while the other one is much faster?
> > > >
> > > > Best
> > > > Tom
> > > > --
> > > > To unsubscribe from this list go to the following URL and
read
> > > > the
> > > > instructions:https://lists.samba.org/mailman/options/samba
> > > I've experienced this before and it's usually transient.?
If you
> > > want
> > > to see where in the process it's hanging, you can increase
the
> > > debug
> > > level to something like 5.
> > >
> > > samba-tool drs showrepl -d 5
> > >
> >
> > I've had the experience of samba-tool hanging when DNS is
> > misconfigured.
> Sure, there may be a faulty DNS configuration, but all the
> permissions
> seem to be identical on both servers and the permissions of the users
> are also the same.
> If it's a DNS issue, why does it work on one DC then and not on the
> other one?
> Or in other words: How could I investigate this DNS issue?
/etc/resolv.conf on both DC's should have both the DC listed and the
domain name as lookup suffix
nameserver 10.0.0.1?
nameserver 10.10.0.1?
domain example.com
netstat -atunp |grep 53?
on both DC's will tell you what interface is listening on udp and tcp
port 53 -- should have the same addresses as above
find out if your DC's can both resolve all the addresses?
host dc1.example.com 10.10.0.1
host dc2.example.com 10.10.0.1
host dc1.example.com 10.0.0.1
host dc2.example.com 10.0.0.1
strace -f -e trace=network samba-tool drs showrepl 2>&1|less
on the DC where it hangs might tell you what its trying to do on the
network
(Stuff like that)