Sven Schwedas
2017-Sep-05 12:27 UTC
[Samba] Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
Today's episode of "why is AD break", brought to you by:> [2017/09/05 10:17:06.015617, 3] ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update) > Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not registered with our KDC: Miscellaneous failure (see text): Server (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown > [2017/09/05 10:17:06.015717, 0] ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv) > Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.17.66[1024,seal,krb5,target_hostname=bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at,target_principal=GC/graz-dc-1b.ad.tao.at/ad.tao.at,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.16.213] NT_STATUS_INVALID_PARAMETER > [2017/09/05 10:17:06.015869, 4] ../source4/dsdb/repl/drepl_notify.c:196(dreplsrv_notify_op_callback) > dreplsrv_notify: Failed to send DsReplicaSync to bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at for DC=ad,DC=tao,DC=at - NT_STATUS_INVALID_PARAMETER : WERR_INVALID_PARAMThe few google results for this seem to indicate DNS issues, but I'm not sure where those should come from. The servers in question resolve graz-dc-1b.ad.tao.at as well as bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at to the correct IP. Same goes for _kerberos.* and the other SRV records in _msdcs. and the AD domain itself. Any ideas where else to look? -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz https://www.tao-digital.at | Tel +43 680 301 7167
L.P.H. van Belle
2017-Sep-05 12:40 UTC
[Samba] Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
Ah.. I had a "member break down" .. Out of the blue,.. Kerberos problem, but pretty simple to fix. kinit Administrator Check your spn of the ad server with : samba-tool spn list DC_HOSTNAME$ Check keytab klist -ke /var/lib/samba/private/secrets.keytab Can you check this. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sven > Schwedas via samba > Verzonden: dinsdag 5 september 2017 14:28 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Server GC/name.dom/dom is not registered > with our KDC: Miscellaneous failure (see text): Server > (GC/name/dom at DOM) unknown > > Today's episode of "why is AD break", brought to you by: > > > [2017/09/05 10:17:06.015617, 3] > ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update) > > Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not > registered with our > > KDC: Miscellaneous failure (see text): Server > > (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown > > [2017/09/05 10:17:06.015717, 0] > ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv) > > Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for > > > ncacn_ip_tcp:192.168.17.66[1024,seal,krb5,target_hostname=bcffbad8-1ad > > > d-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at,target_principal=GC/graz-dc- > > > 1b.ad.tao.at/ad.tao.at,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc > > 2dcd2/0x00000004,localaddress=192.168.16.213] > > NT_STATUS_INVALID_PARAMETER > > [2017/09/05 10:17:06.015869, 4] > ../source4/dsdb/repl/drepl_notify.c:196(dreplsrv_notify_op_callback) > > dreplsrv_notify: Failed to send DsReplicaSync to > > bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at for > > DC=ad,DC=tao,DC=at - NT_STATUS_INVALID_PARAMETER : > WERR_INVALID_PARAM > > The few google results for this seem to indicate DNS issues, > but I'm not sure where those should come from. The servers in > question resolve graz-dc-1b.ad.tao.at as well as > bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at to the > correct IP. > Same goes for _kerberos.* and the other SRV records in > _msdcs. and the AD domain itself. > > Any ideas where else to look? > > -- > Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, > Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype > sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz > https://www.tao-digital.at | Tel +43 680 301 7167 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Sven Schwedas
2017-Sep-05 13:33 UTC
[Samba] Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
On 2017-09-05 14:40, L.P.H. van Belle wrote:> Ah.. I had a "member break down" .. > > Out of the blue,.. Kerberos problem, but pretty simple to fix. > > kinit AdministratorWorks on all DCs.> Check your spn of the ad server with : > samba-tool spn list DC_HOSTNAME$ > > Check keytab > klist -ke /var/lib/samba/private/secrets.keytabOutputs attached. graz-dc-1b is the one making trouble, graz-dc-sem is the FSMO role holder. Keytabs look reasonable, as far as I can see, but why does graz-dc-sem have the same SPN output as graz-dc-1b in addition to its own?> Can you check this. > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sven >> Schwedas via samba >> Verzonden: dinsdag 5 september 2017 14:28 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] Server GC/name.dom/dom is not registered >> with our KDC: Miscellaneous failure (see text): Server >> (GC/name/dom at DOM) unknown >> >> Today's episode of "why is AD break", brought to you by: >> >>> [2017/09/05 10:17:06.015617, 3] >> ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update) >>> Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not >> registered with our >>> KDC: Miscellaneous failure (see text): Server >>> (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown >>> [2017/09/05 10:17:06.015717, 0] >> ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv) >>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for >>> >> ncacn_ip_tcp:192.168.17.66[1024,seal,krb5,target_hostname=bcffbad8-1ad >>> >> d-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at,target_principal=GC/graz-dc- >>> >> 1b.ad.tao.at/ad.tao.at,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc >>> 2dcd2/0x00000004,localaddress=192.168.16.213] >>> NT_STATUS_INVALID_PARAMETER >>> [2017/09/05 10:17:06.015869, 4] >> ../source4/dsdb/repl/drepl_notify.c:196(dreplsrv_notify_op_callback) >>> dreplsrv_notify: Failed to send DsReplicaSync to >>> bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at for >>> DC=ad,DC=tao,DC=at - NT_STATUS_INVALID_PARAMETER : >> WERR_INVALID_PARAM >> >> The few google results for this seem to indicate DNS issues, >> but I'm not sure where those should come from. The servers in >> question resolve graz-dc-1b.ad.tao.at as well as >> bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at to the >> correct IP. >> Same goes for _kerberos.* and the other SRV records in >> _msdcs. and the AD domain itself. >> >> Any ideas where else to look? >> >> -- >> Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, >> Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype >> sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz >> https://www.tao-digital.at | Tel +43 680 301 7167 >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >-- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz https://www.tao-digital.at | Tel +43 680 301 7167 -------------- next part -------------- Keytab name: FILE:/var/lib/samba/private/secrets.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 HOST/graz-dc-1b at AD.TAO.AT (des-cbc-crc) 2 HOST/graz-dc-1b.ad.tao.at at AD.TAO.AT (des-cbc-crc) 2 GRAZ-DC-1B$@AD.TAO.AT (des-cbc-crc) 2 HOST/graz-dc-1b at AD.TAO.AT (des-cbc-md5) 2 HOST/graz-dc-1b.ad.tao.at at AD.TAO.AT (des-cbc-md5) 2 GRAZ-DC-1B$@AD.TAO.AT (des-cbc-md5) 2 HOST/graz-dc-1b at AD.TAO.AT (arcfour-hmac) 2 HOST/graz-dc-1b.ad.tao.at at AD.TAO.AT (arcfour-hmac) 2 GRAZ-DC-1B$@AD.TAO.AT (arcfour-hmac) 2 HOST/graz-dc-1b at AD.TAO.AT (aes128-cts-hmac-sha1-96) 2 HOST/graz-dc-1b.ad.tao.at at AD.TAO.AT (aes128-cts-hmac-sha1-96) 2 GRAZ-DC-1B$@AD.TAO.AT (aes128-cts-hmac-sha1-96) 2 HOST/graz-dc-1b at AD.TAO.AT (aes256-cts-hmac-sha1-96) 2 HOST/graz-dc-1b.ad.tao.at at AD.TAO.AT (aes256-cts-hmac-sha1-96) 2 GRAZ-DC-1B$@AD.TAO.AT (aes256-cts-hmac-sha1-96) -------------- next part -------------- graz-dc-1b$ User CN=GRAZ-DC-1B,OU=Domain Controllers,DC=ad,DC=tao,DC=at has the following servicePrincipalName: HOST/GRAZ-DC-1B HOST/graz-dc-1b.ad.tao.at GC/graz-dc-1b.ad.tao.at/ad.tao.at E3514235-4B06-11D1-AB04-00C04FC2DCD2/bcffbad8-1add-46b9-bf69-90e52c0f09ea/ad.tao.at HOST/graz-dc-1b.ad.tao.at/AD ldap/graz-dc-1b.ad.tao.at/AD ldap/graz-dc-1b.ad.tao.at HOST/graz-dc-1b.ad.tao.at/ad.tao.at ldap/graz-dc-1b.ad.tao.at/ad.tao.at ldap/bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at ldap/GRAZ-DC-1B RestrictedKrbHost/GRAZ-DC-1B RestrictedKrbHost/graz-dc-1b.ad.tao.at ldap/graz-dc-1b.ad.tao.at/DomainDnsZones.ad.tao.at ldap/graz-dc-1b.ad.tao.at/ForestDnsZones.ad.tao.at -------------- next part -------------- Keytab name: FILE:/var/lib/samba/private/secrets.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 HOST/graz-dc-sem at AD.TAO.AT (des-cbc-crc) 1 HOST/graz-dc-sem.ad.tao.at at AD.TAO.AT (des-cbc-crc) 1 GRAZ-DC-SEM$@AD.TAO.AT (des-cbc-crc) 1 HOST/graz-dc-sem at AD.TAO.AT (des-cbc-md5) 1 HOST/graz-dc-sem.ad.tao.at at AD.TAO.AT (des-cbc-md5) 1 GRAZ-DC-SEM$@AD.TAO.AT (des-cbc-md5) 1 HOST/graz-dc-sem at AD.TAO.AT (arcfour-hmac) 1 HOST/graz-dc-sem.ad.tao.at at AD.TAO.AT (arcfour-hmac) 1 GRAZ-DC-SEM$@AD.TAO.AT (arcfour-hmac) 1 HOST/graz-dc-sem at AD.TAO.AT (aes128-cts-hmac-sha1-96) 1 HOST/graz-dc-sem.ad.tao.at at AD.TAO.AT (aes128-cts-hmac-sha1-96) 1 GRAZ-DC-SEM$@AD.TAO.AT (aes128-cts-hmac-sha1-96) 1 HOST/graz-dc-sem at AD.TAO.AT (aes256-cts-hmac-sha1-96) 1 HOST/graz-dc-sem.ad.tao.at at AD.TAO.AT (aes256-cts-hmac-sha1-96) 1 GRAZ-DC-SEM$@AD.TAO.AT (aes256-cts-hmac-sha1-96) -------------- next part -------------- graz-dc-sem$ User CN=GRAZ-DC-SEM,OU=Domain Controllers,DC=ad,DC=tao,DC=at has the following servicePrincipalName: HOST/graz-dc-sem.ad.tao.at HOST/graz-dc-sem.ad.tao.at/AD ldap/graz-dc-sem.ad.tao.at/AD GC/graz-dc-sem.ad.tao.at/ad.tao.at ldap/graz-dc-sem.ad.tao.at HOST/graz-dc-sem.ad.tao.at/ad.tao.at ldap/graz-dc-sem.ad.tao.at/ad.tao.at HOST/GRAZ-DC-SEM E3514235-4B06-11D1-AB04-00C04FC2DCD2/160f5a53-5c29-4a83-aeee-6cb1dbabeed7/ad.tao.at ldap/160f5a53-5c29-4a83-aeee-6cb1dbabeed7._msdcs.ad.tao.at ldap/GRAZ-DC-SEM RestrictedKrbHost/GRAZ-DC-SEM RestrictedKrbHost/graz-dc-sem.ad.tao.at ldap/graz-dc-sem.ad.tao.at/DomainDnsZones.ad.tao.at ldap/graz-dc-sem.ad.tao.at/ForestDnsZones.ad.tao.at HOST/graz-dc-1b.ad.tao.at HOST/graz-dc-1b.ad.tao.at/AD ldap/graz-dc-1b.ad.tao.at/AD GC/graz-dc-1b.ad.tao.at/ad.tao.at ldap/graz-dc-1b.ad.tao.at HOST/graz-dc-1b.ad.tao.at/ad.tao.at ldap/graz-dc-1b.ad.tao.at/ad.tao.at E3514235-4B06-11D1-AB04-00C04FC2DCD2/bcffbad8-1add-46b9-bf69-90e52c0f09ea/ad.tao.at ldap/bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at RestrictedKrbHost/graz-dc-1b.ad.tao.at ldap/graz-dc-1b.ad.tao.at/DomainDnsZones.ad.tao.at ldap/graz-dc-1b.ad.tao.at/ForestDnsZones.ad.tao.at -------------- next part -------------- Keytab name: FILE:/var/lib/samba/private/secrets.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 HOST/villach-dc-bis at AD.TAO.AT (des-cbc-crc) 1 HOST/villach-dc-bis.ad.tao.at at AD.TAO.AT (des-cbc-crc) 1 VILLACH-DC-BIS$@AD.TAO.AT (des-cbc-crc) 1 HOST/villach-dc-bis at AD.TAO.AT (des-cbc-md5) 1 HOST/villach-dc-bis.ad.tao.at at AD.TAO.AT (des-cbc-md5) 1 VILLACH-DC-BIS$@AD.TAO.AT (des-cbc-md5) 1 HOST/villach-dc-bis at AD.TAO.AT (arcfour-hmac) 1 HOST/villach-dc-bis.ad.tao.at at AD.TAO.AT (arcfour-hmac) 1 VILLACH-DC-BIS$@AD.TAO.AT (arcfour-hmac) 1 HOST/villach-dc-bis at AD.TAO.AT (aes128-cts-hmac-sha1-96) 1 HOST/villach-dc-bis.ad.tao.at at AD.TAO.AT (aes128-cts-hmac-sha1-96) 1 VILLACH-DC-BIS$@AD.TAO.AT (aes128-cts-hmac-sha1-96) 1 HOST/villach-dc-bis at AD.TAO.AT (aes256-cts-hmac-sha1-96) 1 HOST/villach-dc-bis.ad.tao.at at AD.TAO.AT (aes256-cts-hmac-sha1-96) 1 VILLACH-DC-BIS$@AD.TAO.AT (aes256-cts-hmac-sha1-96) -------------- next part -------------- villach-dc-bis$ User CN=VILLACH-DC-BIS,OU=Domain Controllers,DC=ad,DC=tao,DC=at has the following servicePrincipalName: HOST/VILLACH-DC-BIS HOST/VILLACH-DC-BIS.ad.tao.at GC/VILLACH-DC-BIS.ad.tao.at/ad.tao.at E3514235-4B06-11D1-AB04-00C04FC2DCD2/e1569c90-50f9-4bb5-bd85-79145e3ff6fd/ad.tao.at HOST/VILLACH-DC-BIS.ad.tao.at/AD ldap/VILLACH-DC-BIS.ad.tao.at/AD ldap/VILLACH-DC-BIS.ad.tao.at HOST/VILLACH-DC-BIS.ad.tao.at/ad.tao.at ldap/VILLACH-DC-BIS.ad.tao.at/ad.tao.at ldap/e1569c90-50f9-4bb5-bd85-79145e3ff6fd._msdcs.ad.tao.at ldap/VILLACH-DC-BIS RestrictedKrbHost/VILLACH-DC-BIS RestrictedKrbHost/VILLACH-DC-BIS.ad.tao.at ldap/VILLACH-DC-BIS.ad.tao.at/DomainDnsZones.ad.tao.at ldap/VILLACH-DC-BIS.ad.tao.at/ForestDnsZones.ad.tao.at -------------- next part -------------- Keytab name: FILE:/var/lib/samba/private/secrets.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 HOST/villach-dc-sem at AD.TAO.AT (des-cbc-crc) 1 HOST/villach-dc-sem.ad.tao.at at AD.TAO.AT (des-cbc-crc) 1 VILLACH-DC-SEM$@AD.TAO.AT (des-cbc-crc) 1 HOST/villach-dc-sem at AD.TAO.AT (des-cbc-md5) 1 HOST/villach-dc-sem.ad.tao.at at AD.TAO.AT (des-cbc-md5) 1 VILLACH-DC-SEM$@AD.TAO.AT (des-cbc-md5) 1 HOST/villach-dc-sem at AD.TAO.AT (arcfour-hmac) 1 HOST/villach-dc-sem.ad.tao.at at AD.TAO.AT (arcfour-hmac) 1 VILLACH-DC-SEM$@AD.TAO.AT (arcfour-hmac) 1 HOST/villach-dc-sem at AD.TAO.AT (aes128-cts-hmac-sha1-96) 1 HOST/villach-dc-sem.ad.tao.at at AD.TAO.AT (aes128-cts-hmac-sha1-96) 1 VILLACH-DC-SEM$@AD.TAO.AT (aes128-cts-hmac-sha1-96) 1 HOST/villach-dc-sem at AD.TAO.AT (aes256-cts-hmac-sha1-96) 1 HOST/villach-dc-sem.ad.tao.at at AD.TAO.AT (aes256-cts-hmac-sha1-96) 1 VILLACH-DC-SEM$@AD.TAO.AT (aes256-cts-hmac-sha1-96) -------------- next part -------------- villach-dc-sem$ User CN=VILLACH-DC-SEM,OU=Domain Controllers,DC=ad,DC=tao,DC=at has the following servicePrincipalName: HOST/VILLACH-DC-SEM HOST/VILLACH-DC-SEM.ad.tao.at GC/VILLACH-DC-SEM.ad.tao.at/ad.tao.at E3514235-4B06-11D1-AB04-00C04FC2DCD2/eb5f9772-cd8f-4cde-9629-f1898c94aedd/ad.tao.at HOST/VILLACH-DC-SEM.ad.tao.at/AD ldap/VILLACH-DC-SEM.ad.tao.at/AD ldap/VILLACH-DC-SEM.ad.tao.at HOST/VILLACH-DC-SEM.ad.tao.at/ad.tao.at ldap/VILLACH-DC-SEM.ad.tao.at/ad.tao.at ldap/eb5f9772-cd8f-4cde-9629-f1898c94aedd._msdcs.ad.tao.at ldap/VILLACH-DC-SEM RestrictedKrbHost/VILLACH-DC-SEM RestrictedKrbHost/VILLACH-DC-SEM.ad.tao.at ldap/VILLACH-DC-SEM.ad.tao.at/DomainDnsZones.ad.tao.at ldap/VILLACH-DC-SEM.ad.tao.at/ForestDnsZones.ad.tao.at
L.P.H. van Belle
2017-Sep-05 14:21 UTC
[Samba] Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
> Keytabs look reasonable, as far as I can see, but why does > graz-dc-sem have the same SPN output as graz-dc-1b in > addition to its own?A snapshotted server/cloned server? I dont know but thats not correct. I suggest, cleanup the DS with FSMO roles. Then remove a failty server and re-add it as a new installed DC. ( the good DS with FSMO) First backup: /var/lib/samba/private/secrets.keytab Remove the incorrect entries from keytab file with ktutil rkt /var/lib/samba/private/secrets.keytab list -e -t Check if dates here are related to other work you/someone did? Now you can remove the failty one from the domain and re-add it (with provisioning) Backup and cleanup /etc/samba/smb.conf (rename) /var/cache/samba ( remove all files from folder) /var/lib/samba ( remove all files and directories from folder) Now re-provision and you should have correct working DC's again. ! Before re-provisioning, make sure all OLD records dns and AD are gone. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Sven Schwedas [mailto:sven.schwedas at tao.at] > Verzonden: dinsdag 5 september 2017 15:34 > Aan: L.P.H. van Belle; samba at lists.samba.org > Onderwerp: Re: [Samba] Server GC/name.dom/dom is not > registered with our KDC: Miscellaneous failure (see text): > Server (GC/name/dom at DOM) unknown > > On 2017-09-05 14:40, L.P.H. van Belle wrote: > > Ah.. I had a "member break down" .. > > > > Out of the blue,.. Kerberos problem, but pretty simple to fix. > > > > kinit Administrator > > Works on all DCs. > > > Check your spn of the ad server with : > > samba-tool spn list DC_HOSTNAME$ > > > > Check keytab > > klist -ke /var/lib/samba/private/secrets.keytab > > Outputs attached. graz-dc-1b is the one making trouble, > graz-dc-sem is the FSMO role holder. > > Keytabs look reasonable, as far as I can see, but why does > graz-dc-sem have the same SPN output as graz-dc-1b in > addition to its own? > > > Can you check this. > > > > Greetz, > > > > Louis > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sven > >> Schwedas via samba > >> Verzonden: dinsdag 5 september 2017 14:28 > >> Aan: samba at lists.samba.org > >> Onderwerp: [Samba] Server GC/name.dom/dom is not > registered with our > >> KDC: Miscellaneous failure (see text): Server > >> (GC/name/dom at DOM) unknown > >> > >> Today's episode of "why is AD break", brought to you by: > >> > >>> [2017/09/05 10:17:06.015617, 3] > >> ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update) > >>> Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not > >> registered with our > >>> KDC: Miscellaneous failure (see text): Server > >>> (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown > >>> [2017/09/05 10:17:06.015717, 0] > >> ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv) > >>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for > >>> > >> > ncacn_ip_tcp:192.168.17.66[1024,seal,krb5,target_hostname=bcffbad8-1a > >> d > >>> > >> > d-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at,target_principal=GC/graz-dc > >> - > >>> > >> > 1b.ad.tao.at/ad.tao.at,abstract_syntax=e3514235-4b06-11d1-ab04-00c04f > >> c > >>> 2dcd2/0x00000004,localaddress=192.168.16.213] > >>> NT_STATUS_INVALID_PARAMETER > >>> [2017/09/05 10:17:06.015869, 4] > >> > ../source4/dsdb/repl/drepl_notify.c:196(dreplsrv_notify_op_callback) > >>> dreplsrv_notify: Failed to send DsReplicaSync to > >>> bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at for > >>> DC=ad,DC=tao,DC=at - NT_STATUS_INVALID_PARAMETER : > >> WERR_INVALID_PARAM > >> > >> The few google results for this seem to indicate DNS > issues, but I'm > >> not sure where those should come from. The servers in question > >> resolve graz-dc-1b.ad.tao.at as well as > >> bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at to > the correct > >> IP. > >> Same goes for _kerberos.* and the other SRV records in _msdcs. and > >> the AD domain itself. > >> > >> Any ideas where else to look? > >> > >> -- > >> Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, > >> Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype > >> sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz > >> https://www.tao-digital.at | Tel +43 680 301 7167 > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > > > > -- > Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, > Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype > sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz > https://www.tao-digital.at | Tel +43 680 301 7167 >
Possibly Parallel Threads
- NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC
- Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
- Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
- Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
- NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC