hi mathias
let me confirm your statement
so.. you think if we demote those 2 DC server that already offline, the
DNS will be running well
well if this is one of option we have, i will consider to upgrade our
FSMO DC from samba 4.1.X to 4.4.x , by the way, are there any
consideration if we update samba directly from 4.1 to 4.4 ?
let me answer some of your question
*1 - what command are you launching to update your DNS? What are error
messages?*
*2 - what are the DNS names of new entry which refuse to be added? Same
question for the two DC your colleague removed from AD?*
/# samba-tool dns add pdc domain.co.id milis A 172.16.99.49//
//Password for [***@domain.CO.ID]://
//ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')//
// File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run//
// return self.run(*args, **kwargs)//
// File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py",
line 1067, in run//
// 0, server, zone, name, add_rec_buf, None)/
*3 - what version of Samba are you running?* 4.1 >> New versions include
a command switch to remove DC from AD database from another DC. In
others words you could cleanup database from old DC entries.
yes i will try this,
*4 - what gives the following commands? And what are DNS name and IP of
your FSMO owner?*
/DNS : pdc.domain.co.id //
//InfrastructureMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
//RidAllocationMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
//PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
//DomainNamingMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
//SchemaMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
/
TIA
Zhia
Post by mathias dufresneOki Doki. First the fact you can't add new DNS entry in your DNS zones
is not a blocking point to remove a DC. It's a blcoking point to add
new entries. Now you are the one deciding if you would remove it or
you can replace it by another DC which will do exactly the same job
and if you are lucky enough you would be able to add new DNS entries
again.
1 - what command are you launching to update your DNS? What are error
messages?
2 - what are the DNS names of new entry which refuse to be added? Same
question for the two DC your colleague removed from AD?
3 - what version of Samba are you running? New versions include a
command switch to remove DC from AD database from another DC. In
others words you could cleanup database from old DC entries.
4 - what gives the following commands? And what are DNS name and IP
of your FSMO owner?
samba-tool dns query dc200 AD.DOMAIN.TLD AD.DOMAIN.TLD SOA
samba-tool dns query dc200 _msdcs.AD.DOMAIN.TLD _msdcs.AD.DOMAIN.TLD SOA
Thx mathias for your reply
First, yes im using internal DNS, i just try to add new dns from
other dc but it doesnt work, i think the (maybe) corrupted dns
data already sync to other dc
And i still run my samba4 installation, because sofar the only
problem is, i cant add new dns record
In other case i found up one of my team just re install 2 samba4
server in site office with different AD domain without demote
first .. i dont know if this issue related to my dns problem ..
Is this the only DC involved in that issue? If yes I would stop
the service on that DC the avoid contamination of others (I don't
know if this issue can propagate but I'm sure I would learn if it
is in prod ;)
In prod, what you really want is your AD works. No matter which DC
is FSMO nor if some DC get reinstalled. Remove the DC from your AD
to limit risks, investigate later if you wan to, repair first but
repair AD, not the DC.
Then I must admit you have AD as you speak DNS.
Perhaps you are running internal DNS, in that case you can only
push DNS modification on DC declared as SOA in LDAP DB. If broken
DC is SOA, it is also certainly FSMO, move FSMO and SOA on some
other host (you can stop broken DC first, no matter).
If you are running BIND9_DLZ DNS back end you can simply change
your clients DNS resolver to use another DC, as Bind + DLZ knows
it can modify it's DB (its zones) every DC using Bind + DLZ as DNS
back end would reply they are SOA and so they all will accept DNS
modification requests.
Cheers,
mathias
dear all
i have problem with my samba4 installation
currently we still using samba 4.1.11
we have many about 30 site office who is connected to the head
office by Vpn with 1 mbps
i have 2 DC in head office and have oen DC in every Site office
since yesterday i found out in my one off my DC in head office, the
Main DC (the DC that we make as first DNS in other DC in head office
of site office) , we cant add new DNS entry, then i try to dbcheck
--cross-ncs --fix --yes , and dbcheck --reindex
and still i cant add new DNS Entry
//ERROR(runtime): uncaught exception - (1383,
'WERR_INTERNAL_DB_ERROR')//
// File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run//
// return self.run(*args, **kwargs)//
// File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py", line
1067, in run//
// 0, server, zone, name, add_rec_buf, None)/
and today i found up samba process take 100% of my CPU usage ..
can anyone here help me to give me some hint ?
Zhia
-- To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba