Backupdirectory node damaged - New installation

boospy · December 24, 2023, 3:08pm

Hello all,

my second backup directory node is damaged an not recoverable (Beautiful Christmas present). So i have this node removed:

Do I now have to remove all entries such as Kerberos, LDAPserver etc. in the LDAPtree from this removed server, or can I simply reinstall the node and rejoin?
(Same name, same IP) 5.0-6 errata904

I have at least removed the nodes in the name servers and LDAP-configs, otherwise there are timeouts. On the clients and on the Univention servers.

Thanks a lot and many greetings

externa1 · December 25, 2023, 12:11am

if you using samba domain - you should also remove it from the replication - best down through RSAT Tools
after it is removed everywhere there should not be a problem to reinstall with same name
rg
Christian

boospy · December 26, 2023, 12:42pm

Intermediate status:

Thanks @externa1 for the reply. All cleaned up. I have no RSAT Tools, because no Windows this time.

samba-tool domain demote --remove-other-dead-server=<server name>
samba-tool drs kcc

But i hat a problem with the internal SambaDB.
A very, very thanks at this point @scheinig for this post:

With this i was easy able to fix the DB.

boospy · December 26, 2023, 8:34pm

DC3 is now installed and is working. But i get this error on the other Backup Directory Node:

[2023/12/26 21:23:31.206536,  0, pid=2268] ../../source4/librpc/rpc/dcerpc_util.c:682(dcerpc_pipe_auth_recv)
  Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.2.1[49153,seal,krb5,target_hostname=cc08a0fd-4071-4624-9c4a-d16f31f6369d._msdcs.tux.lan,target_principal=GC/dc3.tux.lan/tux.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.16.23.2] NT_STATUS_INVALID_PARAMETER

Do I also have to remove the Samba replication on the other backup directory node? (from the old dc3 installation)

samba-tool domain demote --remove-other-dead-server=dc3
samba-tool drs kcc

And then dc3 and dc2 should find each other again?

The objects with “samba-tool dbcheck --cross-ncs” are on all nodes the same. But in the output on dc2 i get these errors:

WARNING: target DN is deleted for msDS-NC-Replica-Locations in object CN=8be032e2-9ac6-4026-9b4f-229711a9dd58,CN=Partitions,CN=Configuration,DC=tux,DC=lan -
<GUID=2bfa388c-d0f5-4718-b3ab-c779478ddd33>;<RMD_ADDTIME=133459269250000000>;<RMD_CHANGETIME=133459269250000000>;<RMD_FLAGS=0>;<RMD_INVOCID=a3d5ff1a-46bb-45e
b-93b0-a971b1e41283>;<RMD_LOCAL_USN=5660>;<RMD_ORIGINATING_USN=17861>;<RMD_VERSION=1>;CN=NTDS Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
CN=Configuration,DC=tux,DC=lan
Target GUID points at deleted DN 'CN=NTDS Settings\\0ADEL:2bfa388c-d0f5-4718-b3ab-c779478ddd33,CN=DC3\\0ADEL:ea70d741-6957-49ba-a35e-b72af9620d76,CN=Servers,
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tux,DC=lan'
Not removing

WARNING: target DN is deleted for msDS-NC-Replica-Locations in object CN=4b65467f-03a9-4877-bb08-aa3a26409d9f,CN=Partitions,CN=Configuration,DC=tux,DC=lan -
<GUID=2bfa388c-d0f5-4718-b3ab-c779478ddd33>;<RMD_ADDTIME=133459269250000000>;<RMD_CHANGETIME=133459269250000000>;<RMD_FLAGS=0>;<RMD_INVOCID=a3d5ff1a-46bb-45e
b-93b0-a971b1e41283>;<RMD_LOCAL_USN=5643>;<RMD_ORIGINATING_USN=17862>;<RMD_VERSION=1>;CN=NTDS Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
CN=Configuration,DC=tux,DC=lan
Target GUID points at deleted DN 'CN=NTDS Settings\\0ADEL:2bfa388c-d0f5-4718-b3ab-c779478ddd33,CN=DC3\\0ADEL:ea70d741-6957-49ba-a35e-b72af9620d76,CN=Servers,
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tux,DC=lan'
Not removing

And here the complete log from the GUI Check:

`samba-tool drs showrepl` gibt ein Problem mit der Replikation zurück.
In eingehend 'DC=ForestDnsZones,DC=tux,DC=lan': Fehler während der DRS Replikation von Default-First-Site-Name/DC3 (WERR_INVALID_PARAMETER).
In eingehend 'CN=Schema,CN=Configuration,DC=tux,DC=lan': Fehler während der DRS Replikation von Default-First-Site-Name/DC3 (WERR_INVALID_PARAMETER).
In eingehend 'DC=DomainDnsZones,DC=tux,DC=lan': Fehler während der DRS Replikation von Default-First-Site-Name/DC3 (WERR_INVALID_PARAMETER).
In eingehend 'DC=tux,DC=lan': Fehler während der DRS Replikation von Default-First-Site-Name/DC3 (WERR_INVALID_PARAMETER).
In eingehend 'CN=Configuration,DC=tux,DC=lan': Fehler während der DRS Replikation von Default-First-Site-Name/DC3 (WERR_INVALID_PARAMETER).
In ausgehend 'DC=ForestDnsZones,DC=tux,DC=lan': Fehler während der DRS Replikation nach Default-First-Site-Name/DC3 (WERR_INVALID_PARAMETER).
In ausgehend 'CN=Schema,CN=Configuration,DC=tux,DC=lan': Fehler während der DRS Replikation nach Default-First-Site-Name/DC3 (WERR_INVALID_PARAMETER).
In ausgehend 'DC=DomainDnsZones,DC=tux,DC=lan': Fehler während der DRS Replikation nach Default-First-Site-Name/DC3 (WERR_INVALID_PARAMETER).
In ausgehend 'DC=tux,DC=lan': Fehler während der DRS Replikation nach Default-First-Site-Name/DC3 (WERR_INVALID_PARAMETER).
In ausgehend 'CN=Configuration,DC=tux,DC=lan': Fehler während der DRS Replikation nach Default-First-Site-Name/DC3 (WERR_INVALID_PARAMETER).

boospy · December 31, 2023, 10:28am

An fix did not help:

This was definitely wrong.(had to roll back) A fix did also not help: “samba-tool dbcheck --cross-ncs --fix”

The only way was to rejoin the node (only the samba4 part). Now it sync normaly again. ID’s on “samba-tool dbcheck” and “univention-directory-listener-ctrl status” are the same on every change.