Bug 9461 - FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT
FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT
Status: RESOLVED FIXED
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.0.0rc6
x64 Linux
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-04 20:08 UTC by Marc Muehlfeld
Modified: 2013-09-26 07:39 UTC (History)
3 users (show)

See Also:


Attachments
level 10 debug log of the seize command on DC2 (52.18 KB, application/zip)
2012-12-04 20:08 UTC, Marc Muehlfeld
no flags Details
Patch to avoid timeout on FSMO operations (187 bytes, patch)
2013-01-25 02:56 UTC, Andrew Bartlett
no flags Details
Patch to avoid timeout on FSMO operations (7.95 KB, patch)
2013-01-25 03:13 UTC, Andrew Bartlett
metze: review+
Details
logs from DC1 + 2 (335.10 KB, application/octet-stream)
2013-01-28 12:05 UTC, Marc Muehlfeld
no flags Details
Patch for master, to not give an error in this successful case (1.89 KB, patch)
2013-05-09 03:17 UTC, Andrew Bartlett
no flags Details
Patches for v4-0-test (2.24 KB, patch)
2013-09-23 17:50 UTC, Stefan Metzmacher
abartlet: review+
Details
Patches for v4-1-test (2.24 KB, patch)
2013-09-23 17:50 UTC, Stefan Metzmacher
abartlet: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Muehlfeld 2012-12-04 20:08:55 UTC
Created attachment 8279 [details]
level 10 debug log of the seize command on DC2

I setup a second samba4 DC (both rc6) and joined the domain successfully.

I can transfer all roles to the new DC, except role=naming:

# samba-tool fsmo seize --role=naming
Attempting transfer...
ERROR(ldb): uncaught exception - Failed FSMO transfer: 
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", line 160, in run
    self.seize_role(role, samdb, force)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", line 126, in seize_role
    transfer_role(self.outf, role, samdb)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", line 53, in transfer_role
    samdb.modify(m)


The transfer seems to fail, but "samba-tool fsmo show" says that the role is now on the second DC.

Is it just an uncaught exception and the transfer was successfull? Or can't I really trust that the role was completely transfered?

At the moment I just did this on my test system and not in production. So I can repeat it when neccessary. Let me know if you need further logs/debugs/etc.
Comment 1 Andrew Bartlett 2013-01-25 02:56:06 UTC
Created attachment 8483 [details]
Patch to avoid timeout on FSMO operations

I think this patch, from master, should fix your issue. 

I'm proposing it for 4.0.2, so confirmation would be very valuable.
Comment 2 Andrew Bartlett 2013-01-25 03:13:53 UTC
Created attachment 8484 [details]
Patch to avoid timeout on FSMO operations

sorry, I mucked up my git format-patch invocation
Comment 3 Stefan Metzmacher 2013-01-25 10:41:36 UTC
Comment on attachment 8484 [details]
Patch to avoid timeout on FSMO operations

Looks good
Comment 4 Karolin Seeger 2013-01-28 10:12:40 UTC
Pushed to autobuild-v4-0-test.
Comment 5 Marc Muehlfeld 2013-01-28 12:05:21 UTC
Created attachment 8506 [details]
logs from DC1 + 2

I think there is a new problem now. I tried with the latest master on both DC:

[root@Test_DC2 local]# samba-tool fsmo seize --role=rid
Attempting transfer...
FSMO transfer of 'rid' role successful
ERROR: Failed to initiate role seize of 'rid' role: objectclass: modify message must have elements/attributes!

[root@Test_DC2 local]# samba-tool fsmo seize --role=schema
Attempting transfer...
FSMO transfer of 'schema' role successful
ERROR: Failed to initiate role seize of 'schema' role: objectclass: modify message must have elements/attributes!

[root@Test_DC2 local]# samba-tool fsmo seize --role=naming
Attempting transfer...
FSMO transfer of 'naming' role successful
ERROR: Failed to initiate role seize of 'naming' role: objectclass: modify message must have elements/attributes!

[root@Test_DC2 local]# samba-tool fsmo seize --role=pdc
Attempting transfer...
FSMO transfer of 'pdc' role successful
ERROR: Failed to initiate role seize of 'pdc' role: objectclass: modify message must have elements/attributes!

[root@Test_DC2 local]# samba-tool fsmo seize --role=infrastructure
Attempting transfer...
FSMO transfer of 'infrastructure' role successful
ERROR: Failed to initiate role seize of 'infrastructure' role: objectclass: modify message must have elements/attributes!


Each command was executed very fast - so I don't know if really something is done. But 'samba-tool fsmo show' shows later that is is transfered.



I attached level 10 debug logs from DC1 (Exon) and DC2 (Test_DC2). I tried to seize from Test_DC2. The logs contain the try to seize the naming role.
Comment 6 Karolin Seeger 2013-01-28 19:03:50 UTC
Pushed to v4-0-test.
Comment 7 Karolin Seeger 2013-01-28 19:05:09 UTC
Re-assigning to Andrew for further investigation.
Andrew, please comment if the patches should be included in the release or reverted. Thanks!
Comment 8 Andrew Bartlett 2013-05-09 03:17:51 UTC
Created attachment 8874 [details]
Patch for master, to not give an error in this successful case
Comment 9 Marc Muehlfeld 2013-05-09 10:13:07 UTC
Thanks for the patch. I applied it to 4.0.5. Now errors are shown any more on transfers:



# samba-tool fsmo seize --role=rid
Attempting transfer...
FSMO transfer of 'rid' role successful
FSMO seize was not required, as transfer of 'rid' role was successful


# samba-tool fsmo seize --role=schema
Attempting transfer...
FSMO transfer of 'schema' role successful
FSMO seize was not required, as transfer of 'schema' role was successful


# samba-tool fsmo seize --role=naming
Attempting transfer...
FSMO transfer of 'naming' role successful
FSMO seize was not required, as transfer of 'naming' role was successful


# samba-tool fsmo seize --role=pdc
Attempting transfer...
FSMO transfer of 'pdc' role successful
FSMO seize was not required, as transfer of 'pdc' role was successful


# samba-tool fsmo seize --role=infrastructure
Attempting transfer...
FSMO transfer of 'infrastructure' role successful
FSMO seize was not required, as transfer of 'infrastructure' role was successful


[root@Test_DC2 local]# samba-tool fsmo show
InfrastructureMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de
RidAllocationMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de
DomainNamingMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de
SchemaMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de
Comment 10 Stefan Metzmacher 2013-08-09 12:04:08 UTC
(In reply to comment #8)
> Created attachment 8874 [details]
> Patch for master, to not give an error in this successful case

Andrew, any updates on this? should we push the patch to master?
Comment 11 Andrew Bartlett 2013-08-09 19:41:32 UTC
(In reply to comment #10)
> (In reply to comment #8)
> > Created attachment 8874 [details] [details]
> > Patch for master, to not give an error in this successful case
> 
> Andrew, any updates on this? should we push the patch to master?

Yes, it seems I lost this patch somewhere.  It certainly should be in master, 4.0 and 4.1
Comment 12 Marc Muehlfeld 2013-09-22 17:10:38 UTC
Currently (4.0.9) the patch is not inclued. But it fixes the problems (see Comment #9).

Can you please include the patch to the next official release?
Comment 13 Stefan Metzmacher 2013-09-23 17:50:01 UTC
Created attachment 9238 [details]
Patches for v4-0-test
Comment 14 Stefan Metzmacher 2013-09-23 17:50:27 UTC
Created attachment 9239 [details]
Patches for v4-1-test
Comment 15 Andrew Bartlett 2013-09-23 19:33:06 UTC
Comment on attachment 9238 [details]
Patches for v4-0-test

sorry for the long delay
Comment 16 Karolin Seeger 2013-09-25 06:58:53 UTC
Pushed to autobuild-v4-1-test and autobuild-v4-0-test.
Comment 17 Karolin Seeger 2013-09-26 07:39:07 UTC
Pushed to v4-1-test and v4-0-test.
Closing out bug report.

Thanks!