Author Topic: how often/when do Zentyal servers replicate?  (Read 3419 times)

zippydan

  • Zen Monk
  • **
  • Posts: 80
  • Karma: +1/-0
    • View Profile
how often/when do Zentyal servers replicate?
« on: September 17, 2014, 10:47:49 pm »
I have a PDC and an ADC connected over a VPN. 

How often and when do they replicate? 
Is there any way to force a replication right now? 
Is there a reason why it seems like my PDC replicates to my ADC but not the other way around?

zippydan

  • Zen Monk
  • **
  • Posts: 80
  • Karma: +1/-0
    • View Profile
Re: how often/when do Zentyal servers replicate?
« Reply #1 on: September 22, 2014, 08:44:38 pm »
It seems my ADC successfully replicated on the first join, and maybe once after that, but it seems my PDC and ADC are not replicating with each at all anymore.

How can I check the status of replication?
How can I check to see if the DCs are communicating correctly?
How can I force a replication NOW?

zippydan

  • Zen Monk
  • **
  • Posts: 80
  • Karma: +1/-0
    • View Profile
Re: how often/when do Zentyal servers replicate?
« Reply #2 on: September 23, 2014, 01:23:05 am »
hi

ok you useless bums... you win... I fixed my own problem.  I had a few issues:

1. In my ADC webconfig, somewhere along the line the FQDN of my PDC got changed from "servername.companyname.local" to just "servername" - fixed
2. I had tested one change and then undid it and forgot about that: on both the ADC and PDC, both DC must have both DC defined in DNS under the information for companyname.local.  You should have the IP's for both ADC and PDC under "domain IPs", you should have the hostnames (and their IPs AGAIN) for both ADC and PDC under "domain hostnames", and you should have the hostnames for both ADC and PDC under "domain nameservers".  Again to be repetitively clear, these definitions must exist on both PDC and ADC. - fixed
3. Once both of those are corrected, you can then manually test a replication from the command line.  FROM THE ADC, run the following line:

Code: [Select]
sudo net rpc share migrate files sysvol -k --destination=ADCserverName.companyname.local -S PDCserverName.companyname.local --acls -U "companyname\\AdminAccountName"
where

ADCserverName.companyname.local = the FQDN of your ADC server
PDCserverName.companyname.local = the FQDN of your PDC server
companyname\\DomainAdminAccountName = the NETBIOS name of your domain \\ the name of an account with Domain Admin privileges on the PDC server

If everything is working right, it should prompt you to enter the password for your DomainAdminAccountName.  Hit enter and then after a few minutes it should successfully sync and you should see any changes on your ADC.

Source of learnings:
https://forum.zentyal.org/index.php?topic=21538.0
https://forum.zentyal.org/index.php/topic,18787.msg89858.html#msg89858
https://github.com/Zentyal/zentyal/blob/3.5/main/samba/src/EBox/Samba/SysvolSync.pm
https://tracker.zentyal.org/issues/871
https://wiki.zentyal.org/wiki/En/3.5/Users,_Computers_and_File_Sharing#Joining_Zentyal_server_to_an_existing_domain

I STILL don't know when and how often the servers replicate.
I also don't know if ADC -> PDC replication is working...
« Last Edit: September 23, 2014, 03:24:52 am by zippydan »

zippydan

  • Zen Monk
  • **
  • Posts: 80
  • Karma: +1/-0
    • View Profile
Re: how often/when do Zentyal servers replicate?
« Reply #3 on: September 23, 2014, 05:16:36 pm »
OK, replication is DEFINITELY only working from PDC -> ADC and is NOT working from ADC -> PDC

I added a user on the ADC and left it there all night long.  This morning, the PDC still had not received the new user.  Then, again this morning, I added a user on the PDC and it showed up on the ADC in less than an hour.

This seems to contradict the line in the documentation: (https://wiki.zentyal.org/wiki/En/3.5/Users,_Computers_and_File_Sharing#Joining_Zentyal_server_to_an_existing_domain)

"From now on, DNS, LDAP and Kerberos information will be synchronized both ways." (Italics/bold mine)

So let's assume that this is a "bug" in version 3.5 of Zentyal.  What is the command that I have to issue from the PDC to synchronize with the ADC?  Would it be the same just issued from the PDC?

Code: [Select]
sudo net rpc share migrate files sysvol -k --destination=ADCserverName.companyname.local -S PDCserverName.companyname.local --acls -U "companyname\\AdminAccountName"
Or do I need to reverse the --destination and -S?

Code: [Select]
sudo net rpc share migrate files sysvol -k --destination=PDCserverName.companyname.local -S ADCserverName.companyname.local --acls -U "companyname\\AdminAccountName"
Or is it a different set of options considering it is coming from the PDC?  From my understanding of modern AD, the concepts of PDC and ADC are not really valid as both DCs are considered equal.  So would it be the same command with --destination and -S reversed?

What about the AdminAccountName?  I guess it doesn't matter so much if the Domain Admin account exists on both DCs...