Bug 1028440

Summary: Winsync replica initialization and incremental updates from DS to AD fails on RHEL7
Product: Red Hat Enterprise Linux 7 Reporter: Sankar Ramalingam <sramling>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Sankar Ramalingam <sramling>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 7.0CC: martinez, nhosoi, nkinder, sramling
Target Milestone: rcKeywords: Regression, TestBlocker
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.1.6-9.el7 Doc Type: Bug Fix
Doc Text:
This bug was introduced by another bug fix on 389-ds-base for rhel-7.0: Bug 1011220 - WinSync removes User must change password flag on the Windows side No need to doc.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 09:26:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Sankar Ramalingam 2013-11-08 12:57:39 UTC 
Description of problem: Winsync fails to synchronize users/group from DS to AD. It throws error message as "windows_replay_update: Cannot replay add operation".


Version-Release number of selected component (if applicable): 389-ds-base-1.3.1.6-5.el7


How reproducible: Consistently


Steps to Reproduce:
1. Install 389-ds-base-1.3.1.x packages on RHEL7 and create winsync agreement.
2. Install and configure win2008r2 AD.
3. Install and Configure Passsync component on Win2008r2
4. Copy/Import AD/DS certificates
5. Create few users at AD
6. Create few users at DS
7. Run replica initialization from DS.
8. Check whether entries from DS added AD and vice versa.
9. Entries from AD got synced to DS, but not the other way round.

Actual results: Entries fails to sync from DS to AD.


Expected results: Entries should be synced bi-directionally.


Additional info: Few lines from DS error logs.

[08/Nov/2013:06:35:07 -0500] NSMMReplicationPlugin - agmt="cn=WinPassSync" (win2k8rhvd64:636): Replica has no update vector. It has never been initialized.
[08/Nov/2013:06:35:10 -0500] NSMMReplicationPlugin - agmt="cn=WinPassSync" (win2k8rhvd64:636): Replica has no update vector. It has never been initialized.
[08/Nov/2013:06:35:13 -0500] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=WinPassSync" (win2k8rhvd64:636)".
[08/Nov/2013:06:35:18 -0500] NSMMReplicationPlugin - agmt="cn=WinPassSync" (win2k8rhvd64:636): windows_replay_update: Cannot replay add operation.
[08/Nov/2013:06:35:20 -0500] NSMMReplicationPlugin - agmt="cn=WinPassSync" (win2k8rhvd64:636): Replication bind with SIMPLE auth resumed
[08/Nov/2013:06:35:20 -0500] NSMMReplicationPlugin - agmt="cn=WinPassSync" (win2k8rhvd64:636): Replica has no update vector. It has never been initialized.
[08/Nov/2013:06:35:20 -0500] NSMMReplicationPlugin - agmt="cn=WinPassSync" (win2k8rhvd64:636): Replica has no update vector. It has never been initialized.
Comment 6 Noriko Hosoi 2013-11-08 21:37:11 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/47589
Comment 8 Sankar Ramalingam 2013-11-11 07:24:28 UTC 
The issue is gone with the newer builds of 389-ds-base which is provided by Noriko. Hence, marking the bug as Verified.
Comment 10 Sankar Ramalingam 2013-11-19 08:01:37 UTC 
Tested with 389-ds-base-1.3.1.6-10.el7.x86_64.rpm builds. No issues found with Winsync. Hence, marking the bug as Verified.
Comment 11 Ludek Smid 2014-06-13 09:26:06 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.