In master
`samba-tool drs showrepl` returned a problem with the replication.
Inbound 'DC=DomainDnsZones,DC=ccm,DC=local': error during DRS replication from Default-First-Site-Name/FELDC01 (WERR_CONNECTION_REFUSED)
Inbound 'DC=ForestDnsZones,DC=ccm,DC=local': error during DRS replication from Default-First-Site-Name/FELDC01 (WERR_CONNECTION_REFUSED)
Inbound 'CN=Schema,CN=Configuration,DC=ccm,DC=local': error during DRS replication from Default-First-Site-Name/FELDC01 (WERR_CONNECTION_REFUSED)
Inbound 'CN=Configuration,DC=ccm,DC=local': error during DRS replication from Default-First-Site-Name/FELDC01 (WERR_CONNECTION_REFUSED)
Inbound 'DC=ccm,DC=local': error during DRS replication from Default-First-Site-Name/FELDC01 (WERR_CONNECTION_REFUSED)
Outbound 'DC=ccm,DC=local': error during DRS replication to Default-First-Site-Name/FELDC01 (WERR_CONNECTION_REFUSED)
In slave
Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/__init__.py", line 270, in execute
result = execute(umc_module, **kwargs)
File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/41_samba_tool_showrepl.py", line 148, in run
drs = DRSUAPI()
File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/41_samba_tool_showrepl.py", line 61, in __init__
drs_tuple = drs_utils.drsuapi_connect(self.server, self.load_param, self.credentials)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 56, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server, e))
drsException: drsException: DRS connection to feldc01.ccm.local failed: (-1073741258, 'The transport-connection attempt was refused by the remote system.')```
Hey,
which version were you updating from? 4.2-something? If so, note that Samba requires a lot more ports to be open in order to function correctly.
If you have any kind of firewall sitting between your DC Master and your DC Slave, make sure all of the required ports are open in both directions. Generally I’d advise to configure firewalls sitting between UCS DCs to allow unrestricted communication between UCS DCs. The firewalls on the UCS DCs themselves should take care of only allowing traffic that’s actually required by the services running on them.
Now let’s check whether the ports are open. Please post the output of the following two commands from your DC Master:
lsof -aPniTCP -c samba -sTCP:LISTEN
iptables -L INPUT -nv
Kind regards
mosu
Hello @Moritz_Bunkus,
The upgrade was from the 4.3 errata 89
root@CCMDC01:~# lsof -aPniTCP -c samba -sTCP:LISTEN
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
samba 2066 root 31u IPv6 25769 0t0 TCP [::1]:49152 (LISTEN)
samba 2066 root 32u IPv4 25770 0t0 TCP 127.0.0.1:49152 (LISTEN)
samba 2066 root 33u IPv4 25771 0t0 TCP 192.168.120.2:49152 (LISTEN)
samba 2066 root 36u IPv6 25787 0t0 TCP [::1]:49153 (LISTEN)
samba 2066 root 37u IPv4 27857 0t0 TCP 127.0.0.1:49153 (LISTEN)
samba 2066 root 38u IPv4 27858 0t0 TCP 192.168.120.2:49153 (LISTEN)
samba 2066 root 43u IPv6 27878 0t0 TCP [::1]:49154 (LISTEN)
samba 2066 root 44u IPv4 27879 0t0 TCP 127.0.0.1:49154 (LISTEN)
samba 2066 root 45u IPv4 27880 0t0 TCP 192.168.120.2:49154 (LISTEN)
samba 2066 root 48u IPv6 27896 0t0 TCP [::1]:135 (LISTEN)
samba 2066 root 49u IPv4 27897 0t0 TCP 127.0.0.1:135 (LISTEN)
samba 2066 root 50u IPv4 27898 0t0 TCP 192.168.120.2:135 (LISTEN)
samba 2069 root 24u IPv6 28862 0t0 TCP [::1]:389 (LISTEN)
samba 2069 root 28u IPv6 28863 0t0 TCP [::1]:636 (LISTEN)
samba 2069 root 30u IPv6 28864 0t0 TCP [::1]:3268 (LISTEN)
samba 2069 root 31u IPv6 28865 0t0 TCP [::1]:3269 (LISTEN)
samba 2069 root 32u IPv4 28866 0t0 TCP 127.0.0.1:389 (LISTEN)
samba 2069 root 33u IPv4 28867 0t0 TCP 127.0.0.1:636 (LISTEN)
samba 2069 root 34u IPv4 28868 0t0 TCP 127.0.0.1:3268 (LISTEN)
samba 2069 root 35u IPv4 28869 0t0 TCP 127.0.0.1:3269 (LISTEN)
samba 2069 root 36u IPv4 28870 0t0 TCP 192.168.120.2:389 (LISTEN)
samba 2069 root 37u IPv4 28871 0t0 TCP 192.168.120.2:636 (LISTEN)
samba 2069 root 38u IPv4 28872 0t0 TCP 192.168.120.2:3268 (LISTEN)
samba 2069 root 39u IPv4 28873 0t0 TCP 192.168.120.2:3269 (LISTEN)
samba 2072 root 24u IPv6 27845 0t0 TCP [::1]:88 (LISTEN)
samba 2072 root 32u IPv6 27847 0t0 TCP [::1]:464 (LISTEN)
samba 2072 root 34u IPv4 27849 0t0 TCP 127.0.0.1:88 (LISTEN)
samba 2072 root 36u IPv4 27851 0t0 TCP 127.0.0.1:464 (LISTEN)
samba 2072 root 38u IPv4 27853 0t0 TCP 192.168.120.2:88 (LISTEN)
samba 2072 root 40u IPv4 27855 0t0 TCP 192.168.120.2:464 (LISTEN)
samba 2314 root 24u IPv6 28862 0t0 TCP [::1]:389 (LISTEN)
samba 2314 root 28u IPv6 28863 0t0 TCP [::1]:636 (LISTEN)
samba 2314 root 30u IPv6 28864 0t0 TCP [::1]:3268 (LISTEN)
samba 2314 root 31u IPv6 28865 0t0 TCP [::1]:3269 (LISTEN)
samba 2314 root 32u IPv4 28866 0t0 TCP 127.0.0.1:389 (LISTEN)
samba 2314 root 33u IPv4 28867 0t0 TCP 127.0.0.1:636 (LISTEN)
samba 2314 root 34u IPv4 28868 0t0 TCP 127.0.0.1:3268 (LISTEN)
samba 2314 root 35u IPv4 28869 0t0 TCP 127.0.0.1:3269 (LISTEN)
samba 2314 root 36u IPv4 28870 0t0 TCP 192.168.120.2:389 (LISTEN)
samba 2314 root 37u IPv4 28871 0t0 TCP 192.168.120.2:636 (LISTEN)
samba 2314 root 38u IPv4 28872 0t0 TCP 192.168.120.2:3268 (LISTEN)
samba 2314 root 39u IPv4 28873 0t0 TCP 192.168.120.2:3269 (LISTEN)
samba 23581 root 31u IPv6 25769 0t0 TCP [::1]:49152 (LISTEN)
samba 23581 root 32u IPv4 25770 0t0 TCP 127.0.0.1:49152 (LISTEN)
samba 23581 root 33u IPv4 25771 0t0 TCP 192.168.120.2:49152 (LISTEN)
samba 23581 root 36u IPv6 25787 0t0 TCP [::1]:49153 (LISTEN)
samba 23581 root 37u IPv4 27857 0t0 TCP 127.0.0.1:49153 (LISTEN)
samba 23581 root 43u IPv6 27878 0t0 TCP [::1]:49154 (LISTEN)
samba 23581 root 44u IPv4 27879 0t0 TCP 127.0.0.1:49154 (LISTEN)
samba 23581 root 45u IPv4 27880 0t0 TCP 192.168.120.2:49154 (LISTEN)
samba 23581 root 48u IPv6 27896 0t0 TCP [::1]:135 (LISTEN)
samba 23581 root 49u IPv4 27897 0t0 TCP 127.0.0.1:135 (LISTEN)
samba 23581 root 50u IPv4 27898 0t0 TCP 192.168.120.2:135 (LISTEN)
samba 23623 root 31u IPv6 25769 0t0 TCP [::1]:49152 (LISTEN)
samba 23623 root 32u IPv4 25770 0t0 TCP 127.0.0.1:49152 (LISTEN)
samba 23623 root 33u IPv4 25771 0t0 TCP 192.168.120.2:49152 (LISTEN)
samba 23623 root 36u IPv6 25787 0t0 TCP [::1]:49153 (LISTEN)
samba 23623 root 37u IPv4 27857 0t0 TCP 127.0.0.1:49153 (LISTEN)
samba 23623 root 43u IPv6 27878 0t0 TCP [::1]:49154 (LISTEN)
samba 23623 root 44u IPv4 27879 0t0 TCP 127.0.0.1:49154 (LISTEN)
samba 23623 root 45u IPv4 27880 0t0 TCP 192.168.120.2:49154 (LISTEN)
samba 23623 root 48u IPv6 27896 0t0 TCP [::1]:135 (LISTEN)
samba 23623 root 49u IPv4 27897 0t0 TCP 127.0.0.1:135 (LISTEN)
samba 23623 root 50u IPv4 27898 0t0 TCP 192.168.120.2:135 (LISTEN)
samba 23641 root 31u IPv6 25769 0t0 TCP [::1]:49152 (LISTEN)
samba 23641 root 32u IPv4 25770 0t0 TCP 127.0.0.1:49152 (LISTEN)
samba 23641 root 33u IPv4 25771 0t0 TCP 192.168.120.2:49152 (LISTEN)
samba 23641 root 36u IPv6 25787 0t0 TCP [::1]:49153 (LISTEN)
samba 23641 root 37u IPv4 27857 0t0 TCP 127.0.0.1:49153 (LISTEN)
samba 23641 root 43u IPv6 27878 0t0 TCP [::1]:49154 (LISTEN)
samba 23641 root 44u IPv4 27879 0t0 TCP 127.0.0.1:49154 (LISTEN)
samba 23641 root 45u IPv4 27880 0t0 TCP 192.168.120.2:49154 (LISTEN)
samba 23641 root 48u IPv6 27896 0t0 TCP [::1]:135 (LISTEN)
samba 23641 root 49u IPv4 27897 0t0 TCP 127.0.0.1:135 (LISTEN)
samba 23641 root 50u IPv4 27898 0t0 TCP 192.168.120.2:135 (LISTEN)
samba 23651 root 31u IPv6 25769 0t0 TCP [::1]:49152 (LISTEN)
samba 23651 root 32u IPv4 25770 0t0 TCP 127.0.0.1:49152 (LISTEN)
samba 23651 root 33u IPv4 25771 0t0 TCP 192.168.120.2:49152 (LISTEN)
samba 23651 root 36u IPv6 25787 0t0 TCP [::1]:49153 (LISTEN)
samba 23651 root 37u IPv4 27857 0t0 TCP 127.0.0.1:49153 (LISTEN)
samba 23651 root 43u IPv6 27878 0t0 TCP [::1]:49154 (LISTEN)
samba 23651 root 44u IPv4 27879 0t0 TCP 127.0.0.1:49154 (LISTEN)
samba 23651 root 45u IPv4 27880 0t0 TCP 192.168.120.2:49154 (LISTEN)
samba 23651 root 48u IPv6 27896 0t0 TCP [::1]:135 (LISTEN)
samba 23651 root 49u IPv4 27897 0t0 TCP 127.0.0.1:135 (LISTEN)
samba 23651 root 50u IPv4 27898 0t0 TCP 192.168.120.2:135 (LISTEN)
samba 23667 root 31u IPv6 25769 0t0 TCP [::1]:49152 (LISTEN)
samba 23667 root 32u IPv4 25770 0t0 TCP 127.0.0.1:49152 (LISTEN)
samba 23667 root 33u IPv4 25771 0t0 TCP 192.168.120.2:49152 (LISTEN)
samba 23667 root 36u IPv6 25787 0t0 TCP [::1]:49153 (LISTEN)
samba 23667 root 37u IPv4 27857 0t0 TCP 127.0.0.1:49153 (LISTEN)
samba 23667 root 43u IPv6 27878 0t0 TCP [::1]:49154 (LISTEN)
samba 23667 root 44u IPv4 27879 0t0 TCP 127.0.0.1:49154 (LISTEN)
samba 23667 root 45u IPv4 27880 0t0 TCP 192.168.120.2:49154 (LISTEN)
samba 23667 root 48u IPv6 27896 0t0 TCP [::1]:135 (LISTEN)
samba 23667 root 49u IPv4 27897 0t0 TCP 127.0.0.1:135 (LISTEN)
samba 23667 root 50u IPv4 27898 0t0 TCP 192.168.120.2:135 (LISTEN)
samba 23673 root 31u IPv6 25769 0t0 TCP [::1]:49152 (LISTEN)
samba 23673 root 32u IPv4 25770 0t0 TCP 127.0.0.1:49152 (LISTEN)
samba 23673 root 33u IPv4 25771 0t0 TCP 192.168.120.2:49152 (LISTEN)
samba 23673 root 36u IPv6 25787 0t0 TCP [::1]:49153 (LISTEN)
samba 23673 root 37u IPv4 27857 0t0 TCP 127.0.0.1:49153 (LISTEN)
samba 23673 root 43u IPv6 27878 0t0 TCP [::1]:49154 (LISTEN)
samba 23673 root 44u IPv4 27879 0t0 TCP 127.0.0.1:49154 (LISTEN)
samba 23673 root 45u IPv4 27880 0t0 TCP 192.168.120.2:49154 (LISTEN)
samba 23673 root 48u IPv6 27896 0t0 TCP [::1]:135 (LISTEN)
samba 23673 root 49u IPv4 27897 0t0 TCP 127.0.0.1:135 (LISTEN)
samba 23673 root 50u IPv4 27898 0t0 TCP 192.168.120.2:135 (LISTEN)
samba 23679 root 31u IPv6 25769 0t0 TCP [::1]:49152 (LISTEN)
samba 23679 root 32u IPv4 25770 0t0 TCP 127.0.0.1:49152 (LISTEN)
samba 23679 root 33u IPv4 25771 0t0 TCP 192.168.120.2:49152 (LISTEN)
samba 23679 root 36u IPv6 25787 0t0 TCP [::1]:49153 (LISTEN)
samba 23679 root 37u IPv4 27857 0t0 TCP 127.0.0.1:49153 (LISTEN)
samba 23679 root 43u IPv6 27878 0t0 TCP [::1]:49154 (LISTEN)
samba 23679 root 44u IPv4 27879 0t0 TCP 127.0.0.1:49154 (LISTEN)
samba 23679 root 45u IPv4 27880 0t0 TCP 192.168.120.2:49154 (LISTEN)
samba 23679 root 48u IPv6 27896 0t0 TCP [::1]:135 (LISTEN)
samba 23679 root 49u IPv4 27897 0t0 TCP 127.0.0.1:135 (LISTEN)
samba 23679 root 50u IPv4 27898 0t0 TCP 192.168.120.2:135 (LISTEN)
root@CCMDC01:~# iptables -L INPUT -nv
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
107K 18M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
207K 48M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
183 16560 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7636
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:32765:32769
31 1608 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:137:139
338 17372 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135
2743 143K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:88
8 480 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7389
14 728 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3268
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:464
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:88
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2049
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:32765:32769
28 1456 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
177 15832 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3269
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:464
6 312 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
304 73222 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:389
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
2727 144K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:49152:65535
7926 565K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5666
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:636
931 119K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6670
14503 754K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
220 13192 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
589 30676 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:389
2 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7777
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:7777
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6669
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:749
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:544
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1024
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:11212
474 34654 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
This looks good so far. Are there any other firewalls/routers with firewall functionality sitting between the DCs? Have you tried restarting Samba on both machines?
@Moritz_Bunkus the servers are connected via an watchguard but both networks are trusted, so no firewall.
Both servers are restarted after upgrade.