Created attachment 8279 [details] level 10 debug log of the seize command on DC2 I setup a second samba4 DC (both rc6) and joined the domain successfully. I can transfer all roles to the new DC, except role=naming: # samba-tool fsmo seize --role=naming Attempting transfer... ERROR(ldb): uncaught exception - Failed FSMO transfer: File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", line 160, in run self.seize_role(role, samdb, force) File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", line 126, in seize_role transfer_role(self.outf, role, samdb) File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", line 53, in transfer_role samdb.modify(m) The transfer seems to fail, but "samba-tool fsmo show" says that the role is now on the second DC. Is it just an uncaught exception and the transfer was successfull? Or can't I really trust that the role was completely transfered? At the moment I just did this on my test system and not in production. So I can repeat it when neccessary. Let me know if you need further logs/debugs/etc.
Created attachment 8483 [details] Patch to avoid timeout on FSMO operations I think this patch, from master, should fix your issue. I'm proposing it for 4.0.2, so confirmation would be very valuable.
Created attachment 8484 [details] Patch to avoid timeout on FSMO operations sorry, I mucked up my git format-patch invocation
Comment on attachment 8484 [details] Patch to avoid timeout on FSMO operations Looks good
Pushed to autobuild-v4-0-test.
Created attachment 8506 [details] logs from DC1 + 2 I think there is a new problem now. I tried with the latest master on both DC: [root@Test_DC2 local]# samba-tool fsmo seize --role=rid Attempting transfer... FSMO transfer of 'rid' role successful ERROR: Failed to initiate role seize of 'rid' role: objectclass: modify message must have elements/attributes! [root@Test_DC2 local]# samba-tool fsmo seize --role=schema Attempting transfer... FSMO transfer of 'schema' role successful ERROR: Failed to initiate role seize of 'schema' role: objectclass: modify message must have elements/attributes! [root@Test_DC2 local]# samba-tool fsmo seize --role=naming Attempting transfer... FSMO transfer of 'naming' role successful ERROR: Failed to initiate role seize of 'naming' role: objectclass: modify message must have elements/attributes! [root@Test_DC2 local]# samba-tool fsmo seize --role=pdc Attempting transfer... FSMO transfer of 'pdc' role successful ERROR: Failed to initiate role seize of 'pdc' role: objectclass: modify message must have elements/attributes! [root@Test_DC2 local]# samba-tool fsmo seize --role=infrastructure Attempting transfer... FSMO transfer of 'infrastructure' role successful ERROR: Failed to initiate role seize of 'infrastructure' role: objectclass: modify message must have elements/attributes! Each command was executed very fast - so I don't know if really something is done. But 'samba-tool fsmo show' shows later that is is transfered. I attached level 10 debug logs from DC1 (Exon) and DC2 (Test_DC2). I tried to seize from Test_DC2. The logs contain the try to seize the naming role.
Pushed to v4-0-test.
Re-assigning to Andrew for further investigation. Andrew, please comment if the patches should be included in the release or reverted. Thanks!
Created attachment 8874 [details] Patch for master, to not give an error in this successful case
Thanks for the patch. I applied it to 4.0.5. Now errors are shown any more on transfers: # samba-tool fsmo seize --role=rid Attempting transfer... FSMO transfer of 'rid' role successful FSMO seize was not required, as transfer of 'rid' role was successful # samba-tool fsmo seize --role=schema Attempting transfer... FSMO transfer of 'schema' role successful FSMO seize was not required, as transfer of 'schema' role was successful # samba-tool fsmo seize --role=naming Attempting transfer... FSMO transfer of 'naming' role successful FSMO seize was not required, as transfer of 'naming' role was successful # samba-tool fsmo seize --role=pdc Attempting transfer... FSMO transfer of 'pdc' role successful FSMO seize was not required, as transfer of 'pdc' role was successful # samba-tool fsmo seize --role=infrastructure Attempting transfer... FSMO transfer of 'infrastructure' role successful FSMO seize was not required, as transfer of 'infrastructure' role was successful [root@Test_DC2 local]# samba-tool fsmo show InfrastructureMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de RidAllocationMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de PdcEmulationMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de DomainNamingMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de SchemaMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de
(In reply to comment #8) > Created attachment 8874 [details] > Patch for master, to not give an error in this successful case Andrew, any updates on this? should we push the patch to master?
(In reply to comment #10) > (In reply to comment #8) > > Created attachment 8874 [details] [details] > > Patch for master, to not give an error in this successful case > > Andrew, any updates on this? should we push the patch to master? Yes, it seems I lost this patch somewhere. It certainly should be in master, 4.0 and 4.1
Currently (4.0.9) the patch is not inclued. But it fixes the problems (see Comment #9). Can you please include the patch to the next official release?
Created attachment 9238 [details] Patches for v4-0-test
Created attachment 9239 [details] Patches for v4-1-test
Comment on attachment 9238 [details] Patches for v4-0-test sorry for the long delay
Pushed to autobuild-v4-1-test and autobuild-v4-0-test.
Pushed to v4-1-test and v4-0-test. Closing out bug report. Thanks!