Ghost Replica DC shows in Samba

heavyit · November 7, 2022, 2:06pm

Hi,

I have removed an old DC server from one of my sites and removed it from the Computers section of the UMC.

However when running a System Diagnostic on the Primary DC I get the following error.

`samba-tool drs showrepl` returned a problem with the replication.
Inbound 'CN=Configuration,DC=physio,DC=co,DC=uk': error during DRS replication from Default-First-Site-Name/M-UCS-01 (WERR_FILE_NOT_FOUND)
Inbound 'DC=ForestDnsZones,DC=physio,DC=co,DC=uk': error during DRS replication from Default-First-Site-Name/M-UCS-01 (WERR_FILE_NOT_FOUND)
Inbound 'DC=physio,DC=co,DC=uk': error during DRS replication from Default-First-Site-Name/M-UCS-01 (WERR_FILE_NOT_FOUND)
Inbound 'CN=Schema,CN=Configuration,DC=physio,DC=co,DC=uk': error during DRS replication from Default-First-Site-Name/M-UCS-01 (WERR_FILE_NOT_FOUND)
Inbound 'DC=DomainDnsZones,DC=physio,DC=co,DC=uk': error during DRS replication from Default-First-Site-Name/M-UCS-01 (WERR_FILE_NOT_FOUND)
Outbound 'CN=Configuration,DC=physio,DC=co,DC=uk': error during DRS replication to Default-First-Site-Name/M-UCS-01 (WERR_FILE_NOT_FOUND)
Outbound 'DC=ForestDnsZones,DC=physio,DC=co,DC=uk': error during DRS replication to Default-First-Site-Name/M-UCS-01 (WERR_FILE_NOT_FOUND)
Outbound 'DC=physio,DC=co,DC=uk': error during DRS replication to Default-First-Site-Name/M-UCS-01 (WERR_FILE_NOT_FOUND)
Outbound 'CN=Schema,CN=Configuration,DC=physio,DC=co,DC=uk': error during DRS replication to Default-First-Site-Name/M-UCS-01 (WERR_FILE_NOT_FOUND)
Outbound 'DC=DomainDnsZones,DC=physio,DC=co,DC=uk': error during DRS replication to Default-First-Site-Name/M-UCS-01 (WERR_FILE_NOT_FOUND)

This DC is no longer accessible, and I have also run the following commands on the master to verify removal

univention-s4search --cross-ncs "(&(objectClass=server) (CN=M-UCS))" serverReference | ldapsearch-wrapper

ldbdel -H /var/lib/samba/private/sam.ldb \
CN=M-UCS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=physio,DC=co,DC=uk \
--recursive

samba-tool drs kcc

/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh | grep -i M-UCS

There are no instances of this computer in the samba database, and no DNS records appearing. I am also unable to add any other additional DC’s at the moment as the join fails on the s4-connector script.

What would be the remediation steps here?

externa1 · November 7, 2022, 4:28pm

Use RSAT tool “Active Directory Sites and Services” to remove the no more existend server

rg
Christian

heavyit · November 7, 2022, 9:20pm

Hi @externa1, upon using AD Sites & Services, I am seeing the following error when trying to delete the NTDS settings, and then the M-UCS-01 server.

heavyit · November 7, 2022, 9:24pm

Actually, this has been fixed by running the following, I had missed off the -01 from the server name the first time, deleting the records from Active Directory Sites & Services, then running the following worked.

univention-s4search --cross-ncs "(&(objectClass=server) (CN=**M-UCS-01**))" serverReference | ldapsearch-wrapper

ldbdel -H /var/lib/samba/private/sam.ldb \

CN=**M-UCS-01**,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=surrey-physio,DC=co,DC=uk \

--recursive

samba-tool drs kcc

/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh | grep -i **M-UCS-01**