On 6.5.2013 13:41, Pekka L.J. Jalkanen wrote: > I think that the thing I'm going to try right now is to actually run the > MS adprep.exe tool that ships with W2k8 R2. It should add RODC support > to the schema and MS also tells to run it before installing any W2k8 DCs > (RODC or not) to an existing W2k3 domain, so at least it shouldn't do > any damage. If it works around this bug, all the better.
I've now run the first phase of the procedure described in http://technet.microsoft.com/en-us/library/cc731243%28v=ws.10%29.aspx, i.e. the "adprep /forestprep" part. The tool itself ran successfully, and extended the schema with the files sch32.ldf - sch47.ldf and PAS.ldf, but it seems that now I'm having a replication problem: Windows Directory Service log: ----- Event Type: Error Event Source: NTDS Replication Event Category: DS RPC Client Event ID: 1411 Date: 6.5.2013 Time: 15:17:00 User: NT AUTHORITY\ANONYMOUS LOGON Computer: W2K3R2DC Description: Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller. Domain controller: 005c4019-c468-411d-9090-7b130c5c4fe5._msdcs.mydomain.site The call was denied. Communication with this domain controller might be affected. Additional Data Error value: 8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ----- The error is repeated many times (at least 30). I took a look of the schema with ADSI Edit. If the active DC is the Windows DC, I can see the attribute serverReferenceBL on both DC objects. If the active DC is the Samba DC, ADSI Edit first throws an error that says "Windows could not load the values for all the attributes. Error code: Xac". At the same time the familiar "cannot find attr[msDS-isRODC] in of schema" is seen on log.samba. After that the dialog opens, but shows all the attribute values as unset. log.samba (loglevel 0) at roughly the same time when the replication error appears in windows shows the following: ----- [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/replicated_objects.c:159(dsdb_repl_make_working_schema) Can't continue Schema load: didn't manage to convert any objects: all 6 remaining of 133 objects failed to convert [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/drepl_out_helpers.c:676(dreplsrv_op_pull_source_apply_changes_trigger) Failed to create working schema: WERR_INTERNAL_ERROR [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/replicated_objects.c:159(dsdb_repl_make_working_schema) Can't continue Schema load: didn't manage to convert any objects: all 6 remaining of 133 objects failed to convert [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/drepl_out_helpers.c:676(dreplsrv_op_pull_source_apply_changes_trigger) Failed to create working schema: WERR_INTERNAL_ERROR [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/replicated_objects.c:159(dsdb_repl_make_working_schema) Can't continue Schema load: didn't manage to convert any objects: all 6 remaining of 133 objects failed to convert [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/drepl_out_helpers.c:676(dreplsrv_op_pull_source_apply_changes_trigger) Failed to create working schema: WERR_INTERNAL_ERROR [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/replicated_objects.c:159(dsdb_repl_make_working_schema) Can't continue Schema load: didn't manage to convert any objects: all 6 remaining of 133 objects failed to convert [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/drepl_out_helpers.c:676(dreplsrv_op_pull_source_apply_changes_trigger) Failed to create working schema: WERR_INTERNAL_ERROR [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/drepl_out_helpers.c:705(dreplsrv_op_pull_source_apply_changes_trigger) Failed to convert objects: WERR_DS_DRA_SCHEMA_MISMATCH/NT_STATUS_INVALID_NETWORK_RESPONSE [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/drepl_out_helpers.c:705(dreplsrv_op_pull_source_apply_changes_trigger) Failed to convert objects: WERR_DS_DRA_SCHEMA_MISMATCH/NT_STATUS_INVALID_NETWORK_RESPONSE [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/replicated_objects.c:159(dsdb_repl_make_working_schema) Can't continue Schema load: didn't manage to convert any objects: all 6 remaining of 133 objects failed to convert [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/drepl_out_helpers.c:676(dreplsrv_op_pull_source_apply_changes_trigger) Failed to create working schema: WERR_INTERNAL_ERROR [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/replicated_objects.c:159(dsdb_repl_make_working_schema) Can't continue Schema load: didn't manage to convert any objects: all 6 remaining of 133 objects failed to convert [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/drepl_out_helpers.c:676(dreplsrv_op_pull_source_apply_changes_trigger) Failed to create working schema: WERR_INTERNAL_ERROR [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/drepl_out_helpers.c:705(dreplsrv_op_pull_source_apply_changes_trigger) Failed to convert objects: WERR_DS_DRA_SCHEMA_MISMATCH/NT_STATUS_INVALID_NETWORK_RESPONSE [2013/05/06 15:18:09, 0] ../source4/dsdb/repl/drepl_out_helpers.c:705(dreplsrv_op_pull_source_apply_changes_trigger) Failed to convert objects: WERR_DS_DRA_SCHEMA_MISMATCH/NT_STATUS_INVALID_NETWORK_RESPONSE [2013/05/06 15:18:10, 0] ../source4/dsdb/repl/replicated_objects.c:159(dsdb_repl_make_working_schema) Can't continue Schema load: didn't manage to convert any objects: all 6 remaining of 133 objects failed to convert [2013/05/06 15:18:10, 0] ../source4/dsdb/repl/drepl_out_helpers.c:676(dreplsrv_op_pull_source_apply_changes_trigger) Failed to create working schema: WERR_INTERNAL_ERROR [2013/05/06 15:18:10, 0] ../source4/dsdb/repl/replicated_objects.c:159(dsdb_repl_make_working_schema) Can't continue Schema load: didn't manage to convert any objects: all 6 remaining of 133 objects failed to convert [2013/05/06 15:18:10, 0] ../source4/dsdb/repl/drepl_out_helpers.c:676(dreplsrv_op_pull_source_apply_changes_trigger) Failed to create working schema: WERR_INTERNAL_ERROR [2013/05/06 15:18:10, 0] ../source4/dsdb/repl/drepl_out_helpers.c:705(dreplsrv_op_pull_source_apply_changes_trigger) Failed to convert objects: WERR_DS_DRA_SCHEMA_MISMATCH/NT_STATUS_INVALID_NETWORK_RESPONSE [2013/05/06 15:18:10, 0] ../source4/dsdb/repl/drepl_out_helpers.c:705(dreplsrv_op_pull_source_apply_changes_trigger) Failed to convert objects: WERR_DS_DRA_SCHEMA_MISMATCH/NT_STATUS_INVALID_NETWORK_RESPONSE [2013/05/06 15:18:10, 0] ../source4/dsdb/repl/replicated_objects.c:159(dsdb_repl_make_working_schema) Can't continue Schema load: didn't manage to convert any objects: all 6 remaining of 133 objects failed to convert [2013/05/06 15:18:10, 0] ../source4/dsdb/repl/drepl_out_helpers.c:676(dreplsrv_op_pull_source_apply_changes_trigger) Failed to create working schema: WERR_INTERNAL_ERROR [2013/05/06 15:18:10, 0] ../source4/dsdb/repl/replicated_objects.c:159(dsdb_repl_make_working_schema) Can't continue Schema load: didn't manage to convert any objects: all 6 remaining of 133 objects failed to convert [2013/05/06 15:18:10, 0] ../source4/dsdb/repl/drepl_out_helpers.c:676(dreplsrv_op_pull_source_apply_changes_trigger) Failed to create working schema: WERR_INTERNAL_ERROR ----- There are many pages of similar errors, and Samba tries in vain to continue replication all the time. "samba-tool drs showrepl" is reporting increasing number of consecutive failures. I guess I'll have little alternatives to demoting and re-promoting my Samba DC again. *sigh* Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba