Bug 11415 - Replication from Samba to Windows Server 2008R2 fails: Schema mismatch
Summary: Replication from Samba to Windows Server 2008R2 fails: Schema mismatch
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.1.18
Hardware: All FreeBSD
: P5 major (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-27 10:56 UTC by Peter Trifonov
Modified: 2017-04-20 18:57 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Trifonov 2015-07-27 10:56:30 UTC 
Replication from a Samba domain controller to Windows Server 2008 R2 domain controllers to fails. Windows tells "The replication operation failed because of a schema mismatch between the servers invoked."   
Replication from Windows to Samba seems to work.

Samba tells the following:
# samba-tool drs showrepl
Default-First-Site-Name\GW
DSA Options: 0x00000001
DSA object GUID: 0438096c-1ec2-473e-b33d-b26bc694264b
DSA invocationId: 06f7b785-f193-47b6-b753-83f337a85710

==== INBOUND NEIGHBORS ====

ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610723, 'NT_STATUS_RPC_PROTOCOL_ERROR')


The following message appears in log.samba:

../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
  IRPC callback failed for DsReplicaGetInfo - NT_STATUS_IO_TIMEOUT
Comment 1 Andrew Bartlett 2016-07-28 23:51:37 UTC 
Please retry with Samba 4.5rc1. 

We have fixed a lot of schema bugs in this release.
Comment 2 Lucian Cristian 2017-04-20 18:57:18 UTC 
(In reply to Andrew Bartlett from comment #1)

I have an 2008r2 AD with exchange 2010, system center 2012 and wanted to stop some 2008r2 virtual machines so I replaced all but the first 2008r2 fsmo domain master with samba ad

Initial install using samba-4.5.6 on Ubuntu, updated to Samba 4.6.2 using bind9_dlz backend



==== INBOUND NEIGHBORS ======================================

DC=internal,DC=local
    internal\DC2BH via RPC
        DSA object GUID: 56ad08e3-6236-4cc0-9a28-67900bb1583e
        Last attempt @ 2017-04-20 19:56:05 was delayed for a normal reason, result 8418 (0x20e2):
    The replication operation failed because of a schema mismatch between the servers involved.
        Last success @ 2017-04-20 07:00:17.
    internal\DC2SM via RPC
        DSA object GUID: 26dd2a03-5d16-4ad2-91a0-008d6b943d76
        Last attempt @ 2017-04-20 20:06:34 was delayed for a normal reason, result 8418 (0x20e2):
    The replication operation failed because of a schema mismatch between the servers involved.
        Last success @ 2017-04-20 07:00:22.

And the event log

Replication of application directory partition DC=internal,DC=local from source 56ad08e3-6236-4cc0-9a28-67900bb1583e (dc2bh.internal.local) has been aborted. Replication requires consistent schema but last attempt to synchornize the schema had failed. It is crucial that schema replication functions properly. See previous errors for more diagnostics. If this issue persists, please contact Microsoft Product Support Services for assistance. Error 8418: The replication operation failed because of a schema mismatch between the servers involved..

Replication of application directory partition DC=internal,DC=local from source 26dd2a03-5d16-4ad2-91a0-008d6b943d76 (dc2sm.internal.local) has been aborted. Replication requires consistent schema but last attempt to synchornize the schema had failed. It is crucial that schema replication functions properly. See previous errors for more diagnostics. If this issue persists, please contact Microsoft Product Support Services for assistance. Error 8418: The replication operation failed because of a schema mismatch between the servers involved..

For the moment only the computer containers are not syncing 

The directory service could not replicate the following object from the source directory service at the following network address because of an Active Directory Domain Services schema mismatch. 
 
Object:
CN=U5305460,OU=Group,OU=Computers,OU=Region,DC=internal,DC=local 
Network address:
26dd2a03-5d16-4ad2-91a0-008d6b943d76._msdcs.internal.local 
 
Active Directory Domain Services will attempt to synchronize the schema before attempting to synchronize the following directory partition. 
Directory partition:
DC=internal,DC=local

Initial install using samba-4.5.6 on Ubuntu, updated to Samba 4.6.2 using bind9_dlz backend

The linux :

samba-tool drs showrepl
internal\DC2SM
DSA Options: 0x00000001
DSA object GUID: 26dd2a03-5d16-4ad2-91a0-008d6b943d76
DSA invocationId: a7396b28-0920-47d0-9f6f-33bc461ea39e

==== INBOUND NEIGHBORS ====

CN=Schema,CN=Configuration,DC=internal,DC=local
        internal\DC via RPC
                DSA object GUID: cbe8d76e-632c-40e6-ae4c-c259dd4b830d
                Last attempt @ Thu Apr 20 20:06:39 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:06:39 2017 EEST

CN=Schema,CN=Configuration,DC=internal,DC=local
        internal\DC2BH via RPC
                DSA object GUID: 56ad08e3-6236-4cc0-9a28-67900bb1583e
                Last attempt @ Thu Apr 20 20:06:39 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:06:39 2017 EEST

DC=ForestDnsZones,DC=internal,DC=local
        internal\DC via RPC
                DSA object GUID: cbe8d76e-632c-40e6-ae4c-c259dd4b830d
                Last attempt @ Thu Apr 20 20:07:45 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:07:45 2017 EEST

DC=ForestDnsZones,DC=internal,DC=local
        internal\DC2BH via RPC
                DSA object GUID: 56ad08e3-6236-4cc0-9a28-67900bb1583e
                Last attempt @ Thu Apr 20 20:07:26 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:07:26 2017 EEST

CN=Configuration,DC=internal,DC=local
        internal\DC via RPC
                DSA object GUID: cbe8d76e-632c-40e6-ae4c-c259dd4b830d
                Last attempt @ Thu Apr 20 20:06:58 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:06:58 2017 EEST

CN=Configuration,DC=internal,DC=local
        internal\DC2BH via RPC
                DSA object GUID: 56ad08e3-6236-4cc0-9a28-67900bb1583e
                Last attempt @ Thu Apr 20 20:06:40 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:06:40 2017 EEST

DC=internal,DC=local
        internal\DC via RPC
                DSA object GUID: cbe8d76e-632c-40e6-ae4c-c259dd4b830d
                Last attempt @ Thu Apr 20 20:07:57 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:07:57 2017 EEST

DC=internal,DC=local
        internal\DC2BH via RPC
                DSA object GUID: 56ad08e3-6236-4cc0-9a28-67900bb1583e
                Last attempt @ Thu Apr 20 20:06:41 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:06:41 2017 EEST

DC=DomainDnsZones,DC=internal,DC=local
        internal\DC via RPC
                DSA object GUID: cbe8d76e-632c-40e6-ae4c-c259dd4b830d
                Last attempt @ Thu Apr 20 20:07:51 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:07:51 2017 EEST

DC=DomainDnsZones,DC=internal,DC=local
        internal\DC2BH via RPC
                DSA object GUID: 56ad08e3-6236-4cc0-9a28-67900bb1583e
                Last attempt @ Thu Apr 20 20:07:26 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:07:26 2017 EEST

==== OUTBOUND NEIGHBORS ====

CN=Schema,CN=Configuration,DC=internal,DC=local
        internal\DC via RPC
                DSA object GUID: cbe8d76e-632c-40e6-ae4c-c259dd4b830d
                Last attempt @ Thu Apr 20 20:06:27 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:06:27 2017 EEST

CN=Schema,CN=Configuration,DC=internal,DC=local
        internal\DC2BH via RPC
                DSA object GUID: 56ad08e3-6236-4cc0-9a28-67900bb1583e
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=internal,DC=local
        internal\DC via RPC
                DSA object GUID: cbe8d76e-632c-40e6-ae4c-c259dd4b830d
                Last attempt @ Thu Apr 20 20:07:30 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:07:30 2017 EEST

DC=ForestDnsZones,DC=internal,DC=local
        internal\DC2BH via RPC
                DSA object GUID: 56ad08e3-6236-4cc0-9a28-67900bb1583e
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=internal,DC=local
        internal\DC via RPC
                DSA object GUID: cbe8d76e-632c-40e6-ae4c-c259dd4b830d
                Last attempt @ Thu Apr 20 20:06:41 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:06:41 2017 EEST

CN=Configuration,DC=internal,DC=local
        internal\DC2BH via RPC
                DSA object GUID: 56ad08e3-6236-4cc0-9a28-67900bb1583e
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=internal,DC=local
        internal\DC via RPC
                DSA object GUID: cbe8d76e-632c-40e6-ae4c-c259dd4b830d
               Last attempt @ Thu Apr 20 20:06:27 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:06:27 2017 EEST

DC=internal,DC=local
        internal\DC2BH via RPC
                DSA object GUID: 56ad08e3-6236-4cc0-9a28-67900bb1583e
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=internal,DC=local
        internal\DC via RPC
                DSA object GUID: cbe8d76e-632c-40e6-ae4c-c259dd4b830d
                Last attempt @ Thu Apr 20 20:07:30 2017 EEST was successful
                0 consecutive failure(s).
                Last success @ Thu Apr 20 20:07:30 2017 EEST

DC=DomainDnsZones,DC=internal,DC=local
        internal\DC2BH via RPC
                DSA object GUID: 56ad08e3-6236-4cc0-9a28-67900bb1583e
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 1b739319-4a9c-4164-a4d9-ceca4aaa90dc
        Enabled        : TRUE
        Server DNS name : DC.internal.local
        Server DN name  : CN=NTDS Settings,CN=DC,CN=Servers,CN=internal,CN=Sites,CN=Configuration,DC=internal,DC=local
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
        Connection name: 92c09678-41c6-463b-a6da-501ec5497814
        Enabled        : TRUE
        Server DNS name : dc2bh.internal.local
        Server DN name  : CN=NTDS Settings,CN=DC2BH,CN=Servers,CN=internal,CN=Sites,CN=Configuration,DC=internal,DC=local
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!

regards