Component: SAMBA4 LDAP OS: Linux Summary: Only one way replication from DC1 to DC2 but not the other way around. Description: Overview: I tested the following scenarios: - Added a user with the 2 DC's running, pulled the first DC out and tried logging in on client (which uses then the DC2 because no cached credentials were available) Result: Passed test - Added a user with to DC2 (DC1 was still down). After that I pluged in DC1 back and restarted samba on it and waited for 5 min. No sync happened back from DC2 to DC1. Waited 30min, no result Result: Failure It seems that there is a one way synchronisation from DC1 to DC2 but not the other way around. Steps to Reproduce: DC1 (BIND9_FLATFILE) , DC2 (SAMBA_INTERNAL) 1: Install 2 Samba DC's and replicate DC1 to DC2. 2: Turn off DC1 and add a user or object as administrator in AD so it will be stored in DC2. 3: Turn on DC1 again and search the ldap for the object that was added to DC2 (during the downtime of DC1). Actual Results: The added object isn't synced from DC2 to DC1. Expected Results: That DC2 syncs AD objects to DC1 Build Date & Platform: 23-04-2013 on ubuntu 12.04 Best Regards Tim Vangehugten
Don't know if related/ relevant but the following error occures also whenever DC2 is online: Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:ad48d62e-60c8-46fd-bc5c-48bc70ebbf8e._msdcs.samba.luc.ad[1024,seal,krb5] NT_STATUS_NO_LOGON_SERVERS
My experience is similar to that reported above. After a bit of investigation it looks like the "server dns name" is being set incorrectly (ie hostname is UPPERCASE) in the kcc connection object on the 1st DC: samba-tool drs showrepl on dc1: ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: b5b58910-88ac-4782-9fd3-e4717199b434 Enabled : TRUE Server DNS name : TESTDC2.vm Server DN name : CN=NTDS Settings,CN=TESTDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vm TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! ========================== and for dc2: ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: 59b5bb71-735f-4a96-8ed7-89fc64c8dda8 Enabled : TRUE Server DNS name : testdc1.vm Server DN name : CN=NTDS Settings,CN=TESTDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vm TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! ========================== As a workaround, if I change fqdn of dc2 from "testdc2.vm" to "TESTDC2.vm", the problem is resolved. But it's not pretty.
(In reply to comment #2) > My experience is similar to that reported above. After a bit of investigation > it looks like the "server dns name" is being set incorrectly (ie hostname is > UPPERCASE) in the kcc connection object on the 1st DC: > > samba-tool drs showrepl on dc1: > > ==== KCC CONNECTION OBJECTS ==== > > Connection -- > Connection name: b5b58910-88ac-4782-9fd3-e4717199b434 > Enabled : TRUE > Server DNS name : TESTDC2.vm > Server DN name : CN=NTDS > Settings,CN=TESTDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vm > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > ========================== > > and for dc2: > > ==== KCC CONNECTION OBJECTS ==== > > Connection -- > Connection name: 59b5bb71-735f-4a96-8ed7-89fc64c8dda8 > Enabled : TRUE > Server DNS name : testdc1.vm > Server DN name : CN=NTDS > Settings,CN=TESTDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vm > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > ========================== > > As a workaround, if I change fqdn of dc2 from "testdc2.vm" to "TESTDC2.vm", the > problem is resolved. But it's not pretty. Can you please paste the full samba-tool drs showrepl output, and all other information to demonstrate what the problem is. What do you mean exactly by: if I change fqdn of dc2 from "testdc2.vm" to "TESTDC2.vm" ? A difference in case should not make any difference.
(In reply to comment #3) > (In reply to comment #2) > > My experience is similar to that reported above. After a bit of investigation > > it looks like the "server dns name" is being set incorrectly (ie hostname is > > UPPERCASE) in the kcc connection object on the 1st DC: > > > > samba-tool drs showrepl on dc1: > > > > ==== KCC CONNECTION OBJECTS ==== > > > > Connection -- > > Connection name: b5b58910-88ac-4782-9fd3-e4717199b434 > > Enabled : TRUE > > Server DNS name : TESTDC2.vm > > Server DN name : CN=NTDS > > Settings,CN=TESTDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vm > > TransportType: RPC > > options: 0x00000001 > > Warning: No NC replicated for Connection! > > ========================== > > > > and for dc2: > > > > ==== KCC CONNECTION OBJECTS ==== > > > > Connection -- > > Connection name: 59b5bb71-735f-4a96-8ed7-89fc64c8dda8 > > Enabled : TRUE > > Server DNS name : testdc1.vm > > Server DN name : CN=NTDS > > Settings,CN=TESTDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vm > > TransportType: RPC > > options: 0x00000001 > > Warning: No NC replicated for Connection! > > ========================== > > > > As a workaround, if I change fqdn of dc2 from "testdc2.vm" to "TESTDC2.vm", the > > problem is resolved. But it's not pretty. > > Can you please paste the full samba-tool drs showrepl output, > and all other information to demonstrate what the problem is. > > What do you mean exactly by: if I change fqdn of dc2 from "testdc2.vm" to > "TESTDC2.vm" ? > > A difference in case should not make any difference. I have the same problem, but change the letter case is not solved the problem. Perhaps the reason is that one of the domain controllers running on windows 2003 (ENERGO). Version of samba - 4.1.11-SerNet-RedHat-9.el6. # tail log.samba [2014/08/26 08:57:46.102163, 0] ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback) IRPC callback failed for DsReplicaSync - NT_STATUS_IO_TIMEOUT [2014/08/26 08:57:47.207455, 0] ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:87a6e579-416d-4965-8eb4-2a7ffd9bc0b6._msdcs.izhmash-energo1.local[1025,seal,krb5] NT_STATUS_NO_LOGON_SERVERS [2014/08/26 08:58:07.347530, 0] ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:87a6e579-416d-4965-8eb4-2a7ffd9bc0b6._msdcs.izhmash-energo1.local[1025,seal,krb5] NT_STATUS_NO_LOGON_SERVERS [2014/08/26 08:58:22.703724, 0] ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:87a6e579-416d-4965-8eb4-2a7ffd9bc0b6._msdcs.izhmash-energo1.local[1025,seal,krb5] NT_STATUS_NO_LOGON_SERVERS [2014/08/26 08:58:42.849567, 0] ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:87a6e579-416d-4965-8eb4-2a7ffd9bc0b6._msdcs.izhmash-energo1.local[1025,seal,krb5] NT_STATUS_NO_LOGON_SERVERS # samba-tool drs showrepl Default-First-Site\OOO-IES DSA Options: 0x00000001 DSA object GUID: f60420b7-abed-40d9-a1ce-0200d2d38525 DSA invocationId: 32a29250-2195-46b8-a21e-8575b63675d8 ==== INBOUND NEIGHBORS ==== CN=Configuration,DC=izhmash-energo1,DC=local Default-First-Site\ENERGO via RPC DSA object GUID: 87a6e579-416d-4965-8eb4-2a7ffd9bc0b6 Last attempt @ Tue Aug 26 08:51:17 2014 MSK failed, result 1311 (WERR_NO_LOGON_SERVERS) 2 consecutive failure(s). Last success @ Tue Aug 26 08:40:59 2014 MSK DC=DomainDnsZones,DC=izhmash-energo1,DC=local Default-First-Site\ENERGO via RPC DSA object GUID: 87a6e579-416d-4965-8eb4-2a7ffd9bc0b6 Last attempt @ Tue Aug 26 08:50:37 2014 MSK failed, result 1311 (WERR_NO_LOGON_SERVERS) 2 consecutive failure(s). Last success @ Tue Aug 26 08:41:14 2014 MSK DC=ForestDnsZones,DC=izhmash-energo1,DC=local Default-First-Site\ENERGO via RPC DSA object GUID: 87a6e579-416d-4965-8eb4-2a7ffd9bc0b6 Last attempt @ Tue Aug 26 08:50:57 2014 MSK failed, result 1311 (WERR_NO_LOGON_SERVERS) 2 consecutive failure(s). Last success @ Tue Aug 26 08:41:14 2014 MSK CN=Schema,CN=Configuration,DC=izhmash-energo1,DC=local Default-First-Site\ENERGO via RPC DSA object GUID: 87a6e579-416d-4965-8eb4-2a7ffd9bc0b6 Last attempt @ Tue Aug 26 08:51:38 2014 MSK failed, result 1311 (WERR_NO_LOGON_SERVERS) 2 consecutive failure(s). Last success @ Tue Aug 26 08:40:56 2014 MSK DC=izhmash-energo1,DC=local Default-First-Site\ENERGO via RPC DSA object GUID: 87a6e579-416d-4965-8eb4-2a7ffd9bc0b6 Last attempt @ Tue Aug 26 08:51:58 2014 MSK failed, result 1311 (WERR_NO_LOGON_SERVERS) 10 consecutive failure(s). Last success @ Tue Aug 26 08:41:13 2014 MSK ==== OUTBOUND NEIGHBORS ==== CN=Configuration,DC=izhmash-energo1,DC=local Default-First-Site\ENERGO via RPC DSA object GUID: 87a6e579-416d-4965-8eb4-2a7ffd9bc0b6 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=izhmash-energo1,DC=local Default-First-Site\ENERGO via RPC DSA object GUID: 87a6e579-416d-4965-8eb4-2a7ffd9bc0b6 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=izhmash-energo1,DC=local Default-First-Site\ENERGO via RPC DSA object GUID: 87a6e579-416d-4965-8eb4-2a7ffd9bc0b6 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: f871919c-35ec-4270-97b4-f18ec46920a3 Enabled : TRUE Server DNS name : ENERGO.izhmash-energo1.local Server DN name : CN=NTDS Settings,CN=ENERGO,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=izhmash-energo1,DC=local TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection!
Found the problem - the reason was the avahi daemon.