Bug 8900 - Site rename causes partial replica of DNS partition
Summary: Site rename causes partial replica of DNS partition
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: samba4-qa@samba.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-26 12:16 UTC by Kev Latimer
Modified: 2020-12-30 14:08 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kev Latimer 2012-04-26 12:16:41 UTC 
Following the rename of a site in the AD S&S MMC, the DNS partition seems to have partially replicated causing the following errors in all DC's (aside from the DNS-hosting DC):

[2012/04/25 13:25:57,  0] ../lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: replmd_replicated_request rename CN=Teesside,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk => CN=Thornaby,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk failed - Linked attribute hasPartialReplicaNCs->msDS-IsPartialReplicaFor between CN=NTDS Settings,CN=TE-DC1,CN=Servers,CN=Teesside,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk and DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - remote not found - No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=u

[2012/04/25 13:25:57,  0] ../source4/dsdb/repl/replicated_objects.c:557(dsdb_replicated_objects_commit)
  Failed to apply records: Linked attribute hasPartialReplicaNCs->msDS-IsPartialReplicaFor between CN=NTDS Settings,CN=TE-DC1,CN=Servers,CN=Teesside,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk and DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - remote not found - No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=u : Other
[2012/04/25 13:25:57,  0] ../source4/dsdb/repl/drepl_out_helpers.c:714(dreplsrv_op_pull_source_apply_changes_trigger)
  Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE 

I'm unable to force a replication using "samba-tool drs replicate", even using the --full-sync option.
Comment 1 Kev Latimer 2012-04-26 12:17:42 UTC 
Output of samba-tool drs replicate:

root@ho-dc2:/usr/local/samba# bin/samba-tool drs replicate ho-dc2.tclad.tolent.co.uk ho-dc1.tclad.tolent.co.uk CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk -d4 --full-sync
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:ho-dc2.tclad.tolent.co.uk[,seal]
Mapped to DCERPC endpoint 135
added interface eth0 ip=fe80::20c:29ff:fed3:118f%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.21.1.8 bcast=10.21.255.255 netmask=255.255.0.0
added interface eth0 ip=fe80::20c:29ff:fed3:118f%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.21.1.8 bcast=10.21.255.255 netmask=255.255.0.0
Mapped to DCERPC endpoint 1024
added interface eth0 ip=fe80::20c:29ff:fed3:118f%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.21.1.8 bcast=10.21.255.255 netmask=255.255.0.0
added interface eth0 ip=fe80::20c:29ff:fed3:118f%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.21.1.8 bcast=10.21.255.255 netmask=255.255.0.0
Received smb_krb5 packet of length 280
Received smb_krb5 packet of length 1271
Received smb_krb5 packet of length 1314
Received smb_krb5 packet of length 1304
added interface eth0 ip=fe80::20c:29ff:fed3:118f%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.21.1.8 bcast=10.21.255.255 netmask=255.255.0.0
added interface eth0 ip=fe80::20c:29ff:fed3:118f%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.21.1.8 bcast=10.21.255.255 netmask=255.255.0.0
Received smb_krb5 packet of length 1314
Received smb_krb5 packet of length 1304
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsExcepti
  File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/drs.py", line
    drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, source_dsa_gu
  File "/usr/local/samba/lib/python2.6/site-packages/samba/drs_utils.py", line 8
    raise drsException("DsReplicaSync failed %s" % estr)
root@ho-dc2:/usr/local/samba# bin/samba-tool domain demote -s ho-dc1.office.tole
ERROR(runtime): uncaught exception - Unable to load file ho-dc1.office.tolent.co
  File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", li
    lp = sambaopts.get_loadparm()
  File "/usr/local/samba/lib/python2.6/site-packages/samba/getopt.py", line 88,
    self._lp.load(self._configfile)
Comment 2 Kev Latimer 2012-04-26 12:18:19 UTC 
Output of samba-tool dbcheck --cross-nc :

root@ho-dc2:/usr/local/samba# bin/samba-tool dbcheck --cross-nc
Checking 4002 objects
ERROR: missing backlink attribute 'msDS-IsPartialReplicaFor' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link hasPartialReplicaNCs in CN=NTDS Settings,CN=CE-DC1,CN=Servers,CN=Leeds,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Not fixing missing backlink msDS-IsPartialReplicaFor
ERROR: incorrect GUID component for hasPartialReplicaNCs in object CN=NTDS Settings,CN=CE-DC1,CN=Servers,CN=Leeds,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
ERROR: missing backlink attribute 'msDS-IsPartialReplicaFor' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link hasPartialReplicaNCs in CN=NTDS Settings,CN=TE-DC1,CN=Servers,CN=Teesside,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Not fixing missing backlink msDS-IsPartialReplicaFor
ERROR: incorrect GUID component for hasPartialReplicaNCs in object CN=NTDS Settings,CN=TE-DC1,CN=Servers,CN=Teesside,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
ERROR: missing backlink attribute 'msDS-IsPartialReplicaFor' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link hasPartialReplicaNCs in CN=NTDS Settings,CN=HO-DC2,CN=Servers,CN=Gateshead,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Not fixing missing backlink msDS-IsPartialReplicaFor
ERROR: incorrect GUID component for hasPartialReplicaNCs in object CN=NTDS Settings,CN=HO-DC2,CN=Servers,CN=Gateshead,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
ERROR: missing backlink attribute 'msDS-IsPartialReplicaFor' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link hasPartialReplicaNCs in CN=NTDS Settings,CN=CW-DC1,CN=Servers,CN=Manchester,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Not fixing missing backlink msDS-IsPartialReplicaFor
ERROR: incorrect GUID component for hasPartialReplicaNCs in object CN=NTDS Settings,CN=CW-DC1,CN=Servers,CN=Manchester,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
ERROR: missing backlink attribute 'msDs-masteredBy' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link msDS-hasMasterNCs in CN=NTDS Settings,CN=HO-DC1,CN=Servers,CN=Gateshead,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Not fixing missing backlink msDs-masteredBy
ERROR: incorrect GUID component for msDS-hasMasterNCs in object CN=NTDS Settings,CN=HO-DC1,CN=Servers,CN=Gateshead,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
ERROR: missing backlink attribute 'msDS-IsPartialReplicaFor' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link hasPartialReplicaNCs in CN=NTDS Settings,CN=SO-DC1,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Not fixing missing backlink msDS-IsPartialReplicaFor
ERROR: incorrect GUID component for hasPartialReplicaNCs in object CN=NTDS Settings,CN=SO-DC1,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
Please use --fix to fix these errors
Checked 4002 objects (12 errors)
Comment 3 Kev Latimer 2012-05-02 10:58:30 UTC 
I've been having problems with my samba processes devouring memory over the course of a week and causing extensive swapping (to the point where they become unusable).  Thought this might be what's causing the memory issues so attempted to fix using "samba-tool dbcheck --cross-nc --fix".

No joy :-(

root@ho-dc2:~# /usr/local/samba/bin/samba-tool dbcheck --cross-nc --fix
Checking 4795 objects
ERROR: missing backlink attribute 'msDS-IsPartialReplicaFor' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link hasPartialReplicaNCs in CN=NTDS Settings,CN=CE-DC1,CN=Servers,CN=Leeds,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Fix missing backlink msDS-IsPartialReplicaFor [y/N/all/none] y
Fixed missing backlink msDS-IsPartialReplicaFor
ERROR: incorrect GUID component for hasPartialReplicaNCs in object CN=NTDS Settings,CN=CE-DC1,CN=Servers,CN=Leeds,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
ERROR: missing backlink attribute 'msDS-IsPartialReplicaFor' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link hasPartialReplicaNCs in CN=NTDS Settings,CN=TE-DC1,CN=Servers,CN=Teesside,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Fix missing backlink msDS-IsPartialReplicaFor [y/N/all/none] all
Fixed missing backlink msDS-IsPartialReplicaFor
ERROR: incorrect GUID component for hasPartialReplicaNCs in object CN=NTDS Settings,CN=TE-DC1,CN=Servers,CN=Teesside,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
ERROR: missing backlink attribute 'msDS-IsPartialReplicaFor' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link hasPartialReplicaNCs in CN=NTDS Settings,CN=HO-DC2,CN=Servers,CN=Gateshead,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Fix missing backlink msDS-IsPartialReplicaFor [YES]
Fixed missing backlink msDS-IsPartialReplicaFor
ERROR: incorrect GUID component for hasPartialReplicaNCs in object CN=NTDS Settings,CN=HO-DC2,CN=Servers,CN=Gateshead,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
ERROR: missing backlink attribute 'msDS-IsPartialReplicaFor' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link hasPartialReplicaNCs in CN=NTDS Settings,CN=CW-DC1,CN=Servers,CN=Manchester,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Fix missing backlink msDS-IsPartialReplicaFor [YES]
Fixed missing backlink msDS-IsPartialReplicaFor
ERROR: incorrect GUID component for hasPartialReplicaNCs in object CN=NTDS Settings,CN=CW-DC1,CN=Servers,CN=Manchester,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
ERROR: missing backlink attribute 'msDs-masteredBy' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link msDS-hasMasterNCs in CN=NTDS Settings,CN=HO-DC1,CN=Servers,CN=Gateshead,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Fix missing backlink msDs-masteredBy [YES]
Fixed missing backlink msDs-masteredBy
ERROR: incorrect GUID component for msDS-hasMasterNCs in object CN=NTDS Settings,CN=HO-DC1,CN=Servers,CN=Gateshead,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
ERROR: missing backlink attribute 'msDS-IsPartialReplicaFor' in DC=DomainDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk for link hasPartialReplicaNCs in CN=NTDS Settings,CN=SO-DC1,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk
Fix missing backlink msDS-IsPartialReplicaFor [YES]
Fixed missing backlink msDS-IsPartialReplicaFor
ERROR: incorrect GUID component for hasPartialReplicaNCs in object CN=NTDS Settings,CN=SO-DC1,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=tclad,DC=tolent,DC=co,DC=uk - <GUID=1ac3117e-b4a4-4bc7-9d52-e9326d1b0be1>;DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk
unable to find object for DN DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk - (No such Base DN: DC=ForestDnsZones,DC=tclad,DC=tolent,DC=co,DC=uk)
Not removing dangling forward link
Checked 4795 objects (12 errors)
Comment 4 Björn Jacke 2020-12-30 14:08:56 UTC 
I think there is no generic bug in current samba releases. Replication problems usually have a reason, which is caused by the specific setup. You might want to consult a company offering professional support (https://www.samba.org/samba/support/globalsupport.html) for Samba to help getting that fixed.