On Wed, 2013-05-15 at 10:09 +0300, Giedrius wrote: > 2013.05.14 18:48, Denis Cardon rašė: > > Hi Giedrius, > > > >> i've got initial setup on DC1 (4.0.1)... all working good and > >> flawless > >> Added additional geographically distributed controllers (DC2, DC3, > >> DC4,DC5) with 4.0.5 - no problem. > >> All PC's can connect to their own site/DC > >> > >> Transferred all FSMO's to DC2 - transferred successfully (with > >> seize "error" bug) > >> DC1 crashed badly.... during maintenance, SAMBA was updated to > >> 4.0.5, data restored from backup. > >> > >> Now, the problem is: > >> 1) DC1 sees itself as owner of all FSMO's, although DC[2,3,4,5] > >> sees DC2 as owner of FSMO's > >> 3) DC1 is missing some users (created between backup and crash), > >> wbinfo for these users return E_DOMAIN_NOT_FOUND > >> 4) Got "decrypt integrity check failed" errors, fixed with > >> chtdcpass, witch not results to "Failed to find HOST$#DOMAIN(kvno)" > >> (client reboot seems to fix this) > >> 4) any attempt to replicate missing information from DC2/DC3 to > >> DC1 (samba-tool drs replicate) results in errors after it (cannot find > >> own NTDS) > >> 5) impossible to demote / unjoin server and provision from > >> scratch - some DRS errors > >> > >> Question is: > >> how can i change FSMO owner (ldbedit ?) on DC1 to be DC2 and > >> then: > >> a) replicate missing users (and computer trust accounts) > >> to DC1 > >> b) force removing DC1 from domain for good ( reinstall from > >> scratch ) > >> > >> Domain as a whole recreation from scratch is sadly *not* an > >> option :( > > > > On https://wiki.samba.org/index.php/Backup_and_Recovery#General it is > > clearly stated that you shouldn't restore a DC from backup in a multi DC > > environment. > Ok, my bad. > > > > > Others DC have evolved since you backed up your data, and you cannot > > have synchronisation with the other DCs. It is not a Samba problem, but > > it is by design because the multi master replication between DCs. > > > > You should just re-install samba4 4.0.5 on your DC1 server, and then > > join it to the domain as a DC, it will synchronise and all will be back > > to normal. > > > But how do i force remove the old server from domain ? (Windows tools > and samba's net unjoin failed)
Just re-join it with the same name, that does as much as we can do. It isn't perfectly ideal, but it should be good enough. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba