On Tue, 2023-11-21 at 23:50 +0100, Thomas Schachtner via samba wrote:> > On Tue, 2023-11-21 at 10:33 -0500, James Atwell via samba wrote: > > > > > > > -----Original Message----- > > > > From: samba<samba-bounces at lists.samba.org>? On Behalf Of Thomas > > > > Schachtner via samba > > > > Sent: Tuesday, November 21, 2023 9:16 AM > > > > To:samba at lists.samba.org > > > > Subject: [Samba] samba-tool hangs on one dc > > > > > > > > Hello, > > > > > > > > since some time (I don't remember since when) I have a strange > > > > phenomenon > > > > with one of my two samba4 DCs. > > > > Both dc1 and dc2 seem to run pretty fine and when working with > > > > Windows, I > > > > do not see any issues. > > > > > > > > But when issuing the following command on dc1, the command does > > > > not > > > > return but seems to be stuck. > > > > > > > > samba-tool drs showrepl > > > > > > > > When issuing the same command on dc2, it takes a second or so > > > > and > > > > the result > > > > is printed on the screen. > > > > The same with other commands like "samba-tool dns add" > > > > > > > > I already checked the samba log files, but I did not find any > > > > log > > > > entry. > > > > > > > > I know that it is difficult to provide a solution for a problem > > > > that is described so > > > > poorly, but I don't know how to further debug it. > > > > Any hints on how to move forward here and/or how to get more > > > > information? > > > > > > > > The output of samba-tool drs showrepl on dc2 does not show > > > > issues, > > > > regardless of which dc is replicated to which one (i.e. dc1 to > > > > tc2 > > > > or vice-versa). > > > > When executing repadmin /replsummary on a Windows client, also > > > > no > > > > errors > > > > are shown. > > > > > > > > Here's the output: > > > > > > > > root at dc2:/var/lib/samba# samba-tool drs showrepl > > > > Default-First-Site-Name\DC2 > > > > DSA Options: 0x00000001 > > > > DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8 > > > > DSA invocationId: 0e649cb7-efc8-47ad-a841-4453973dbcec > > > > > > > > ==== INBOUND NEIGHBORS ===> > > > > > > > DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC1 via RPC > > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- > > > > 1ceaeecf92eb > > > > ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023 CET > > > > was > > > > successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ Tue Nov 21 12:26:25 2023 CET > > > > > > > > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC1 via RPC > > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- > > > > 1ceaeecf92eb > > > > ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023 CET > > > > was > > > > successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ Tue Nov 21 12:26:25 2023 CET > > > > > > > > CN=Configuration,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC1 via RPC > > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- > > > > 1ceaeecf92eb > > > > ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023 CET > > > > was > > > > successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ Tue Nov 21 12:26:25 2023 CET > > > > > > > > DC=DomainDnsZones,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC1 via RPC > > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- > > > > 1ceaeecf92eb > > > > ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023 CET > > > > was > > > > successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ Tue Nov 21 12:26:25 2023 CET > > > > > > > > DC=ForestDnsZones,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC1 via RPC > > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- > > > > 1ceaeecf92eb > > > > ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023 CET > > > > was > > > > successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ Tue Nov 21 12:26:25 2023 CET > > > > > > > > ==== OUTBOUND NEIGHBORS ===> > > > > > > > DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC1 via RPC > > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- > > > > 1ceaeecf92eb > > > > ????????????????? Last attempt @ NTTIME(0) was successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ NTTIME(0) > > > > > > > > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC1 via RPC > > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- > > > > 1ceaeecf92eb > > > > ????????????????? Last attempt @ NTTIME(0) was successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ NTTIME(0) > > > > > > > > CN=Configuration,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC1 via RPC > > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- > > > > 1ceaeecf92eb > > > > ????????????????? Last attempt @ NTTIME(0) was successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ NTTIME(0) > > > > > > > > DC=DomainDnsZones,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC1 via RPC > > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- > > > > 1ceaeecf92eb > > > > ????????????????? Last attempt @ NTTIME(0) was successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ NTTIME(0) > > > > > > > > DC=ForestDnsZones,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC1 via RPC > > > > ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- > > > > 1ceaeecf92eb > > > > ????????????????? Last attempt @ NTTIME(0) was successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ NTTIME(0) > > > > > > > > ==== KCC CONNECTION OBJECTS ===> > > > > > > > Connection -- > > > > ????????? Connection name: 138dbf8f-16ef-406e-87aa-72a25b4e03b6 > > > > ????????? Enabled??????? : TRUE > > > > ????????? Server DNS name : dc1.local.example.de > > > > ????????? Server DN name? : CN=NTDS > > > > Settings,CN=DC1,CN=Servers,CN=Default-First-Site- > > > > Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de > > > > ????????????????? TransportType: RPC > > > > ????????????????? options: 0x00000001 > > > > Warning: No NC replicated for Connection! > > > > > > > > Now, after 10 minutes or so, also dc1 finished the command. > > > > Here's the result: > > > > > > > > root at dc1:~# samba-tool drs showrepl > > > > Default-First-Site-Name\DC1 > > > > DSA Options: 0x00000001 > > > > DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb > > > > DSA invocationId: a1e3fc90-833a-476e-8c8a-0753b5593ae3 > > > > > > > > ==== INBOUND NEIGHBORS ===> > > > > > > > DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC2 via RPC > > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- > > > > 00a0db86e6a8 > > > > ????????????????? Last attempt @ Tue Nov 21 12:41:42 2023 CET > > > > was > > > > successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ Tue Nov 21 12:41:42 2023 CET > > > > > > > > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC2 via RPC > > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- > > > > 00a0db86e6a8 > > > > ????????????????? Last attempt @ Tue Nov 21 12:41:43 2023 CET > > > > was > > > > successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ Tue Nov 21 12:41:43 2023 CET > > > > > > > > CN=Configuration,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC2 via RPC > > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- > > > > 00a0db86e6a8 > > > > ????????????????? Last attempt @ Tue Nov 21 12:41:43 2023 CET > > > > was > > > > successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ Tue Nov 21 12:41:43 2023 CET > > > > > > > > DC=DomainDnsZones,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC2 via RPC > > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- > > > > 00a0db86e6a8 > > > > ????????????????? Last attempt @ Tue Nov 21 12:41:43 2023 CET > > > > was > > > > successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ Tue Nov 21 12:41:43 2023 CET > > > > > > > > DC=ForestDnsZones,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC2 via RPC > > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- > > > > 00a0db86e6a8 > > > > ????????????????? Last attempt @ Tue Nov 21 12:41:41 2023 CET > > > > was > > > > successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ Tue Nov 21 12:41:41 2023 CET > > > > > > > > ==== OUTBOUND NEIGHBORS ===> > > > > > > > DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC2 via RPC > > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- > > > > 00a0db86e6a8 > > > > ????????????????? Last attempt @ NTTIME(0) was successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ NTTIME(0) > > > > > > > > CN=Schema,CN=Configuration,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC2 via RPC > > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- > > > > 00a0db86e6a8 > > > > ????????????????? Last attempt @ NTTIME(0) was successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ NTTIME(0) > > > > > > > > CN=Configuration,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC2 via RPC > > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- > > > > 00a0db86e6a8 > > > > ????????????????? Last attempt @ NTTIME(0) was successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ NTTIME(0) > > > > > > > > DC=DomainDnsZones,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC2 via RPC > > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- > > > > 00a0db86e6a8 > > > > ????????????????? Last attempt @ NTTIME(0) was successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ NTTIME(0) > > > > > > > > DC=ForestDnsZones,DC=local,DC=example,DC=de > > > > ????????? Default-First-Site-Name\DC2 via RPC > > > > ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- > > > > 00a0db86e6a8 > > > > ????????????????? Last attempt @ NTTIME(0) was successful > > > > ????????????????? 0 consecutive failure(s). > > > > ????????????????? Last success @ NTTIME(0) > > > > > > > > ==== KCC CONNECTION OBJECTS ===> > > > > > > > Connection -- > > > > ????????? Connection name: 85d23471-63cd-4bf1-9238-1ea493d07a95 > > > > ????????? Enabled??????? : TRUE > > > > ????????? Server DNS name : dc2.local.example.de > > > > ????????? Server DN name? : CN=NTDS > > > > Settings,CN=DC2,CN=Servers,CN=Default-First-Site- > > > > Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de > > > > ????????????????? TransportType: RPC > > > > ????????????????? options: 0x00000001 > > > > Warning: No NC replicated for Connection! > > > > > > > > > > > > > > > > Both servers (Ubuntu Server) have the latest updates installed. > > > > The samba version is 4.15.13-Ubuntu. > > > > > > > > What could be the reason why one dc takes so long with samba- > > > > tool > > > > commands while the other one is much faster? > > > > > > > > Best > > > > Tom > > > > -- > > > > To unsubscribe from this list go to the following URL and read > > > > the > > > > instructions:https://lists.samba.org/mailman/options/samba > > > I've experienced this before and it's usually transient.? If you > > > want > > > to see where in the process it's hanging, you can increase the > > > debug > > > level to something like 5. > > > > > > samba-tool drs showrepl -d 5 > > > > > > > I've had the experience of samba-tool hanging when DNS is > > misconfigured. > Sure, there may be a faulty DNS configuration, but all the > permissions > seem to be identical on both servers and the permissions of the users > are also the same. > If it's a DNS issue, why does it work on one DC then and not on the > other one? > Or in other words: How could I investigate this DNS issue?/etc/resolv.conf on both DC's should have both the DC listed and the domain name as lookup suffix nameserver 10.0.0.1? nameserver 10.10.0.1? domain example.com netstat -atunp |grep 53? on both DC's will tell you what interface is listening on udp and tcp port 53 -- should have the same addresses as above find out if your DC's can both resolve all the addresses? host dc1.example.com 10.10.0.1 host dc2.example.com 10.10.0.1 host dc1.example.com 10.0.0.1 host dc2.example.com 10.0.0.1 strace -f -e trace=network samba-tool drs showrepl 2>&1|less on the DC where it hangs might tell you what its trying to do on the network (Stuff like that)
> On Tue, 2023-11-21 at 23:50 +0100, Thomas Schachtner via samba wrote: >>> On Tue, 2023-11-21 at 10:33 -0500, James Atwell via samba wrote: >>>>> -----Original Message----- >>>>> From: samba<samba-bounces at lists.samba.org> ? On Behalf Of Thomas >>>>> Schachtner via samba >>>>> Sent: Tuesday, November 21, 2023 9:16 AM >>>>> To:samba at lists.samba.org >>>>> Subject: [Samba] samba-tool hangs on one dc >>>>> >>>>> Hello, >>>>> >>>>> since some time (I don't remember since when) I have a strange >>>>> phenomenon >>>>> with one of my two samba4 DCs. >>>>> Both dc1 and dc2 seem to run pretty fine and when working with >>>>> Windows, I >>>>> do not see any issues. >>>>> >>>>> But when issuing the following command on dc1, the command does >>>>> not >>>>> return but seems to be stuck. >>>>> >>>>> samba-tool drs showrepl >>>>> >>>>> When issuing the same command on dc2, it takes a second or so >>>>> and >>>>> the result >>>>> is printed on the screen. >>>>> The same with other commands like "samba-tool dns add" >>>>> >>>>> I already checked the samba log files, but I did not find any >>>>> log >>>>> entry. >>>>> >>>>> I know that it is difficult to provide a solution for a problem >>>>> that is described so >>>>> poorly, but I don't know how to further debug it. >>>>> Any hints on how to move forward here and/or how to get more >>>>> information? >>>>> >>>>> The output of samba-tool drs showrepl on dc2 does not show >>>>> issues, >>>>> regardless of which dc is replicated to which one (i.e. dc1 to >>>>> tc2 >>>>> or vice-versa). >>>>> When executing repadmin /replsummary on a Windows client, also >>>>> no >>>>> errors >>>>> are shown. >>>>> >>>>> Here's the output: >>>>> >>>>> root at dc2:/var/lib/samba# samba-tool drs showrepl >>>>> Default-First-Site-Name\DC2 >>>>> DSA Options: 0x00000001 >>>>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8 >>>>> DSA invocationId: 0e649cb7-efc8-47ad-a841-4453973dbcec >>>>> >>>>> ==== INBOUND NEIGHBORS ===>>>>> >>>>> DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC1 via RPC >>>>> ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- >>>>> 1ceaeecf92eb >>>>> ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023 CET >>>>> was >>>>> successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ Tue Nov 21 12:26:25 2023 CET >>>>> >>>>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC1 via RPC >>>>> ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- >>>>> 1ceaeecf92eb >>>>> ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023 CET >>>>> was >>>>> successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ Tue Nov 21 12:26:25 2023 CET >>>>> >>>>> CN=Configuration,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC1 via RPC >>>>> ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- >>>>> 1ceaeecf92eb >>>>> ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023 CET >>>>> was >>>>> successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ Tue Nov 21 12:26:25 2023 CET >>>>> >>>>> DC=DomainDnsZones,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC1 via RPC >>>>> ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- >>>>> 1ceaeecf92eb >>>>> ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023 CET >>>>> was >>>>> successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ Tue Nov 21 12:26:25 2023 CET >>>>> >>>>> DC=ForestDnsZones,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC1 via RPC >>>>> ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- >>>>> 1ceaeecf92eb >>>>> ????????????????? Last attempt @ Tue Nov 21 12:26:25 2023 CET >>>>> was >>>>> successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ Tue Nov 21 12:26:25 2023 CET >>>>> >>>>> ==== OUTBOUND NEIGHBORS ===>>>>> >>>>> DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC1 via RPC >>>>> ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- >>>>> 1ceaeecf92eb >>>>> ????????????????? Last attempt @ NTTIME(0) was successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ NTTIME(0) >>>>> >>>>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC1 via RPC >>>>> ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- >>>>> 1ceaeecf92eb >>>>> ????????????????? Last attempt @ NTTIME(0) was successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ NTTIME(0) >>>>> >>>>> CN=Configuration,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC1 via RPC >>>>> ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- >>>>> 1ceaeecf92eb >>>>> ????????????????? Last attempt @ NTTIME(0) was successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ NTTIME(0) >>>>> >>>>> DC=DomainDnsZones,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC1 via RPC >>>>> ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- >>>>> 1ceaeecf92eb >>>>> ????????????????? Last attempt @ NTTIME(0) was successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ NTTIME(0) >>>>> >>>>> DC=ForestDnsZones,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC1 via RPC >>>>> ????????????????? DSA object GUID: 4872003f-2bd7-4393-9eed- >>>>> 1ceaeecf92eb >>>>> ????????????????? Last attempt @ NTTIME(0) was successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ NTTIME(0) >>>>> >>>>> ==== KCC CONNECTION OBJECTS ===>>>>> >>>>> Connection -- >>>>> ????????? Connection name: 138dbf8f-16ef-406e-87aa-72a25b4e03b6 >>>>> ????????? Enabled??????? : TRUE >>>>> ????????? Server DNS name : dc1.local.example.de >>>>> ????????? Server DN name? : CN=NTDS >>>>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site- >>>>> Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de >>>>> ????????????????? TransportType: RPC >>>>> ????????????????? options: 0x00000001 >>>>> Warning: No NC replicated for Connection! >>>>> >>>>> Now, after 10 minutes or so, also dc1 finished the command. >>>>> Here's the result: >>>>> >>>>> root at dc1:~# samba-tool drs showrepl >>>>> Default-First-Site-Name\DC1 >>>>> DSA Options: 0x00000001 >>>>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb >>>>> DSA invocationId: a1e3fc90-833a-476e-8c8a-0753b5593ae3 >>>>> >>>>> ==== INBOUND NEIGHBORS ===>>>>> >>>>> DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC2 via RPC >>>>> ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- >>>>> 00a0db86e6a8 >>>>> ????????????????? Last attempt @ Tue Nov 21 12:41:42 2023 CET >>>>> was >>>>> successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ Tue Nov 21 12:41:42 2023 CET >>>>> >>>>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC2 via RPC >>>>> ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- >>>>> 00a0db86e6a8 >>>>> ????????????????? Last attempt @ Tue Nov 21 12:41:43 2023 CET >>>>> was >>>>> successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ Tue Nov 21 12:41:43 2023 CET >>>>> >>>>> CN=Configuration,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC2 via RPC >>>>> ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- >>>>> 00a0db86e6a8 >>>>> ????????????????? Last attempt @ Tue Nov 21 12:41:43 2023 CET >>>>> was >>>>> successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ Tue Nov 21 12:41:43 2023 CET >>>>> >>>>> DC=DomainDnsZones,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC2 via RPC >>>>> ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- >>>>> 00a0db86e6a8 >>>>> ????????????????? Last attempt @ Tue Nov 21 12:41:43 2023 CET >>>>> was >>>>> successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ Tue Nov 21 12:41:43 2023 CET >>>>> >>>>> DC=ForestDnsZones,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC2 via RPC >>>>> ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- >>>>> 00a0db86e6a8 >>>>> ????????????????? Last attempt @ Tue Nov 21 12:41:41 2023 CET >>>>> was >>>>> successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ Tue Nov 21 12:41:41 2023 CET >>>>> >>>>> ==== OUTBOUND NEIGHBORS ===>>>>> >>>>> DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC2 via RPC >>>>> ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- >>>>> 00a0db86e6a8 >>>>> ????????????????? Last attempt @ NTTIME(0) was successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ NTTIME(0) >>>>> >>>>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC2 via RPC >>>>> ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- >>>>> 00a0db86e6a8 >>>>> ????????????????? Last attempt @ NTTIME(0) was successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ NTTIME(0) >>>>> >>>>> CN=Configuration,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC2 via RPC >>>>> ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- >>>>> 00a0db86e6a8 >>>>> ????????????????? Last attempt @ NTTIME(0) was successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ NTTIME(0) >>>>> >>>>> DC=DomainDnsZones,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC2 via RPC >>>>> ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- >>>>> 00a0db86e6a8 >>>>> ????????????????? Last attempt @ NTTIME(0) was successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ NTTIME(0) >>>>> >>>>> DC=ForestDnsZones,DC=local,DC=example,DC=de >>>>> ????????? Default-First-Site-Name\DC2 via RPC >>>>> ????????????????? DSA object GUID: e4cf97f3-ad31-4a1d-bb3d- >>>>> 00a0db86e6a8 >>>>> ????????????????? Last attempt @ NTTIME(0) was successful >>>>> ????????????????? 0 consecutive failure(s). >>>>> ????????????????? Last success @ NTTIME(0) >>>>> >>>>> ==== KCC CONNECTION OBJECTS ===>>>>> >>>>> Connection -- >>>>> ????????? Connection name: 85d23471-63cd-4bf1-9238-1ea493d07a95 >>>>> ????????? Enabled??????? : TRUE >>>>> ????????? Server DNS name : dc2.local.example.de >>>>> ????????? Server DN name? : CN=NTDS >>>>> Settings,CN=DC2,CN=Servers,CN=Default-First-Site- >>>>> Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de >>>>> ????????????????? TransportType: RPC >>>>> ????????????????? options: 0x00000001 >>>>> Warning: No NC replicated for Connection! >>>>> >>>>> >>>>> >>>>> Both servers (Ubuntu Server) have the latest updates installed. >>>>> The samba version is 4.15.13-Ubuntu. >>>>> >>>>> What could be the reason why one dc takes so long with samba- >>>>> tool >>>>> commands while the other one is much faster? >>>>> >>>>> Best >>>>> Tom >>>>> -- >>>>> To unsubscribe from this list go to the following URL and read >>>>> the >>>>> instructions:https://lists.samba.org/mailman/options/samba >>>> I've experienced this before and it's usually transient.? If you >>>> want >>>> to see where in the process it's hanging, you can increase the >>>> debug >>>> level to something like 5. >>>> >>>> samba-tool drs showrepl -d 5 >>>> >>> I've had the experience of samba-tool hanging when DNS is >>> misconfigured. >> Sure, there may be a faulty DNS configuration, but all the >> permissions >> seem to be identical on both servers and the permissions of the users >> are also the same. >> If it's a DNS issue, why does it work on one DC then and not on the >> other one? >> Or in other words: How could I investigate this DNS issue? > /etc/resolv.conf on both DC's should have both the DC listed and the > domain name as lookup suffix > > nameserver 10.0.0.1 > nameserver 10.10.0.1 > domain example.com > > netstat -atunp |grep 53 > > on both DC's will tell you what interface is listening on udp and tcp > port 53 -- should have the same addresses as above > > find out if your DC's can both resolve all the addresses > > host dc1.example.com 10.10.0.1 > host dc2.example.com 10.10.0.1 > host dc1.example.com 10.0.0.1 > host dc2.example.com 10.0.0.1 > > strace -f -e trace=network samba-tool drs showrepl 2>&1|less > > on the DC where it hangs might tell you what its trying to do on the > network > > (Stuff like that)This was very helpful for me! Thanks a lot! It turned out, that on dc2, the dns server was not listening on ::1. After some research I saw, that IPv6 was disabled on the loopback interface. Issuing "sysctl net.ipv6.conf.lo.disable_ipv6" returned "net.ipv6.conf.lo.disable_ipv6 = 1"I checked the sysctl.conf file and lo and behold, it was disabled there. I am not sure, why this setting led to this strange behavior, nor am I sure if it was really a DNS issue (normally ALL AD issues are DNS issues, I heard...), but at least the DNS configuration led me to the configuration error. Thanks very much for that!
On Tue, 21 Nov 2023 15:07:11 -0800 Ray Klassen via samba <samba at lists.samba.org> wrote:> /etc/resolv.conf on both DC's should have both the DC listed and the > domain name as lookup suffix > > nameserver 10.0.0.1? > nameserver 10.10.0.1? > domain example.comSorry, but that is incorrect, the DC should use its own ipaddress as the first (and probably only) nameserver, any other DC ipaddresses are purely optional. Then it should be 'search example.com' Rowland