Автоматическая репликация Active Directory не работает: dc1 = samba = CentOS + samba4 + dc2 = dc = WinSrv2008R2SP1

Главный контроллер домена сделан с помощью samba 4.3.4 на CentOS 7 (name = samba). Только что сделал новый второй контроллер домена на WinSrv2008R2Sp1 (name = dc).

Репликация Sysvol была выполнена с использованием следующей статьи, а папка Sysvol правильно копируется с помощью robocopy каждые 5 минут (хотя репликация файлов службы не может запускаться с ошибкой 1053, и все зависимости запущены и выглядят нормально): https://wiki.samba.org/index.php/Robocopy_based_SysVol_replication_workaround

Проблема заключается в автоматической репликации, которая должна происходить каждые 15 минут: она не работает (например, я создаю пользователя на samba, а на dc он не появляется через 15 минут и т. Д.).

Репликация работает вручную с обеих сторон (и т. Е. Появляется вновь созданный пользователь):

по самбе:

[root @ samba] # samba-tool drs реплицировать dc samba dc = xxxxx, dc = com --full-sync Репликация с samba на dc прошла успешно.

на dc:

Microsoft Windows [Версия 6.1.7601] Авторское право (c) Корпорация Microsoft, 2009 г. Все права защищены.

C: \ Windows \ system32> repadmin / replicate dc samba dc = xxxxx, dc = com Синхронизация с samba на dc успешно завершена.

Роли:

NetDOM / query Мастер схемы FSMO samba.xxxxx.com Мастер именования доменов samba.xxxxx.com PDC
samba.xxxxx.com Диспетчер пула RID samba.xxxxx.com Мастер инфраструктуры samba.xxxxx.com Команда успешно выполнена.

Как заставить работать обычную автоматическую 15-минутную репликацию AD без создания заданий в планировщике и т. Д.? Я планирую сделать Windows DC = dc основным, а CentOS = samba второстепенным, поэтому я хочу, чтобы все работало как можно нормально :)

Вот dcdiag от dc (WinSrv2008R2SP1):

C:\Windows\system32>dcdiag

Directory Server Diagnosis

Performing initial setup:    Trying to find home server...    Home Server = DC    * Identified AD Forest.    Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC
      Starting test: Connectivity
         ......................... DC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC
      Starting test: Advertising
         Warning: DC is not advertising as a time server.
         ......................... DC failed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
         ......................... DC failed test FrsEvent
      Starting test: DFSREvent
         ......................... DC passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC passed test MachineAccount
      Starting test: NCSecDesc
         ......................... DC passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC passed test ObjectsReplicated
      Starting test: Replications
         ......................... DC passed test Replications
      Starting test: RidManager
         ......................... DC passed test RidManager
      Starting test: Services
         ......................... DC passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0xC0001B61
            Time Generated: 04/25/2017   13:34:13
            Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
         An error event occurred.  EventID: 0xC0001B61
            Time Generated: 04/25/2017   13:34:24
            Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
         An error event occurred.  EventID: 0xC0001B61
            Time Generated: 04/25/2017   13:37:59
            Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
         An error event occurred.  EventID: 0x0000165B
            Time Generated: 04/25/2017   13:38:16
            Event String:
            The session setup from computer 'XXNODE-16-PC' failed because the security database does not contain a trust account 'XXNODE-16-PC$' referenced by the specified computer.
         An error event occurred.  EventID: 0xC0001B61
            Time Generated: 04/25/2017   13:41:07
            Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
         An error event occurred.  EventID: 0xC0001B61
            Time Generated: 04/25/2017   13:41:18
            Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
         An error event occurred.  EventID: 0xC0001B61
            Time Generated: 04/25/2017   13:41:37
            Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
         An error event occurred.  EventID: 0x000016AD
            Time Generated: 04/25/2017   13:43:03
            Event String: The session setup from the computer XXNODE-16-PC failed to authenticate. The following error occurred:
         ......................... DC failed test SystemLog
      Starting test: VerifyReferences
         Some objects relating to the DC DC have problems:
            [1] Problem: Missing Expected Value
             Base Object: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxxxx,DC=com
             Base Object Description: "DSA Object"
             Value Object Attribute Name: serverReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

            [1] Problem: Missing Expected Value
             Base Object: CN=DC,OU=Domain Controllers,DC=xxxxx,DC=com
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: frsComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

         ......................... DC failed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
            The application directory partition DC=ForestDnsZones,DC=xxxxx,DC=com is missing a security descriptor reference domain.  The administrator should set the msDS-SD-Reference-Domain
            attribute on the cross reference object CN=5cb6f429-dfba-45e5-914f-82a6b2a10fb4,CN=Partitions,CN=Configuration,DC=xxxxx,DC=com to the DN of a domain.
         ......................... ForestDnsZones failed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
            The application directory partition DC=DomainDnsZones,DC=xxxxx,DC=com is missing a security descriptor reference domain.  The administrator should set the msDS-SD-Reference-Domain
            attribute on the cross reference object CN=fb322730-c969-4fa2-8ba8-cff0ac78969d,CN=Partitions,CN=Configuration,DC=xxxxx,DC=com to the DN of a domain.
         ......................... DomainDnsZones failed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : xxxxx
      Starting test: CheckSDRefDom
         ......................... xxxxx passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... xxxxx passed test CrossRefValidation

   Running enterprise tests on : xxxxx.com
      Starting test: LocatorCheck
         ......................... xxxxx.com passed test LocatorCheck
      Starting test: Intersite
         ......................... xxxxx.com passed test Intersite