Check Samba replication status for error

Upgraded 3 servers in my network to 5.0-2 errata366… all upgraded without error. I checked the diagnostic page just to be sure, and see this. other threads seem to point to certificates, but they are all current and the same on all servers. I don’t know what else to check.

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 280, in execute
    result = execute(umc_module, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/41_samba_tool_showrepl.py", line 146, in run
    problems = list(drs.replication_problems())
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/41_samba_tool_showrepl.py", line 98, in replication_problems
    for replica_info, neighbour in self.neighbours():
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/41_samba_tool_showrepl.py", line 93, in neighbours
    (info_type, info) = self._replica_info(replica_info_direction)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/41_samba_tool_showrepl.py", line 88, in _replica_info
    (info_type, info) = self.drsuapi.DsReplicaGetInfo(self.handle, 1, req1)
samba.NTSTATUSError: (3221356597, 'The operation cannot be performed.')

I did try to follow other threads but this is way over what I know how to deal with.

Any suggestions I can try??

root@ucs1:~# samba-tool drs showrepl
ERROR(runtime): DsReplicaGetInfo of type 0 failed - (3221356597, 'The operation cannot be performed.')
root@ucs1:~#
root@ucs2:~# samba-tool drs showrepl
Default-First-Site-Name\UCS2
DSA Options: 0x00000001
DSA object GUID: e72feddb-d0be-4e50-a335-0cb29f9aff91
DSA invocationId: 3d70d9f5-6779-44ba-8c5f-5893bd4023ba

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=sgvfr,DC=lan
        Default-First-Site-Name\UCS1 via RPC
                DSA object GUID: 08aab86f-8814-4a7a-86b2-87a25b68c6ed
                Last attempt @ Thu Jul 21 22:03:24 2022 PDT was successful
                0 consecutive failure(s).
                Last success @ Thu Jul 21 22:03:24 2022 PDT

DC=sgvfr,DC=lan
        Default-First-Site-Name\UCS1 via RPC
                DSA object GUID: 08aab86f-8814-4a7a-86b2-87a25b68c6ed
                Last attempt @ Thu Jul 21 22:03:24 2022 PDT was successful
                0 consecutive failure(s).
                Last success @ Thu Jul 21 22:03:24 2022 PDT

DC=ForestDnsZones,DC=sgvfr,DC=lan
        Default-First-Site-Name\UCS1 via RPC
                DSA object GUID: 08aab86f-8814-4a7a-86b2-87a25b68c6ed
                Last attempt @ Thu Jul 21 22:03:24 2022 PDT was successful
                0 consecutive failure(s).
                Last success @ Thu Jul 21 22:03:24 2022 PDT

CN=Configuration,DC=sgvfr,DC=lan
        Default-First-Site-Name\UCS1 via RPC
                DSA object GUID: 08aab86f-8814-4a7a-86b2-87a25b68c6ed
                Last attempt @ Thu Jul 21 22:03:24 2022 PDT was successful
                0 consecutive failure(s).
                Last success @ Thu Jul 21 22:03:24 2022 PDT

CN=Schema,CN=Configuration,DC=sgvfr,DC=lan
        Default-First-Site-Name\UCS1 via RPC
                DSA object GUID: 08aab86f-8814-4a7a-86b2-87a25b68c6ed
                Last attempt @ Thu Jul 21 22:03:24 2022 PDT was successful
                0 consecutive failure(s).
                Last success @ Thu Jul 21 22:03:24 2022 PDT

==== OUTBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=sgvfr,DC=lan
        Default-First-Site-Name\UCS1 via RPC
                DSA object GUID: 08aab86f-8814-4a7a-86b2-87a25b68c6ed
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=sgvfr,DC=lan
        Default-First-Site-Name\UCS1 via RPC
                DSA object GUID: 08aab86f-8814-4a7a-86b2-87a25b68c6ed
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=sgvfr,DC=lan
        Default-First-Site-Name\UCS1 via RPC
                DSA object GUID: 08aab86f-8814-4a7a-86b2-87a25b68c6ed
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=sgvfr,DC=lan
        Default-First-Site-Name\UCS1 via RPC
                DSA object GUID: 08aab86f-8814-4a7a-86b2-87a25b68c6ed
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=sgvfr,DC=lan
        Default-First-Site-Name\UCS1 via RPC
                DSA object GUID: 08aab86f-8814-4a7a-86b2-87a25b68c6ed
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 1179162f-0004-4c97-9a9c-c2b8b22467f3
        Enabled        : TRUE
        Server DNS name : ucs1.sgvfr.lan
        Server DN name  : CN=NTDS Settings,CN=UCS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sgvfr,DC=lan
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
root@ucs2:~#
root@ucs3:~# samba-tool drs showrepl
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to ucs3. failed - drsException: DRS connection to ucs3. failed: (3221225524, 'The object name is                               not found.')
  File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 55, in drsuapi_connect
    (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
  File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 63, in drsuapi_connect
    raise drsException("DRS connection to %s failed: %s" % (server, e))
root@ucs3:~#

We had the same problem (I think) just because Samba was not restarted properly, because of left-over processes. A system reboot fixed it.

Thanks @Andreas_T, I perform a rolling reboot after every upgrade regardless and this error remained… Strangely this morning, it is gone… seems to have fixed itself while I was asleep haha.

I won’t complain… UCS has been rock solid for me for several years.

When I think about it further… the showrepl error on UCS3 is most likely because it only syncs LDAP for remote/external authentication, I didn’t add this one as a domain controller.

Mastodon