Hi,
I set up a policy as test. When I run
gpupdate /force
on a Windows 10 client, I get error messages:
-Group policy processing was unsuccessful. Windows cannot resolve computer
name.
-Group policy processing was unsuccessful. Windows cannot resolve user name.
The windows client was joined the domain, and I logged in with a domain
user.
Server side: Samba 4.13.4. It is a fresh installation. I went through the
Samba documentation, and the test commands run successful, so I don't know,
what Windows cannot resolve.
I installed RSAT. I added our AD to the Group policy management tool. When
I click on ad.ourdomain.hu, I get an error:
Processing error encountered with this default domain controller while
data-collection (sorry, I tried to translate it from Hungarian to English).
Change the domain controller and try again.
I applied samba-tool sysvolreset after I got error message related to rpc
too.
I installed two dcs: dc1, dc2. dc2 gets sysvol content with rsync.
smb.conf:
[global]
bind interfaces only = Yes
dns forwarder = 208.67.222.222 208.67.220.220
interfaces = lo eth0
netbios name = DC1
realm = AD.OURDOMAIN.HU
server role = active directory domain controller
workgroup = AD
idmap_ldb:use rfc2307 = yes
allow dns updates = secure only
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/ad.ourdomain.hu/scripts
read only = No
Regards,
Tamas Pisch.
Hi, I tried to solve the problem, but without success. I googled, tried out things. I give some additional info. dc1 is a guest on an xcpng hypervisor (site1). dc2 is a guest on a Windows 2008 R2 Hyper-V (site2, default). I connect to the domain through VPN. The replication between the servers is ok. I can ping the dcs. As I said, I can join to the AD, and can log in as a domain user. nslookup ad.ourdomain.hu Server: Unknown Address: 172.18.255.196 Name: ad.ourdomain.hu Address: 172.18.255.196 172.17.253.253 nltest /query Flags: 0 Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS I tried to rejoin the client (disjoin; on dc: samba-tool computer delete testcomputer\$;on client: join), but the situation is the same. Any idea, what could cause that, and what can I do with it? Regards, Tamas Pisch. Pisch Tam?s <pischta at gmail.com> ezt ?rta (id?pont: 2021. m?rc. 16., K, 15:53):> Hi, > > I set up a policy as test. When I run > gpupdate /force > on a Windows 10 client, I get error messages: > -Group policy processing was unsuccessful. Windows cannot resolve computer > name. > -Group policy processing was unsuccessful. Windows cannot resolve user > name. > The windows client was joined the domain, and I logged in with a domain > user. > Server side: Samba 4.13.4. It is a fresh installation. I went through the > Samba documentation, and the test commands run successful, so I don't know, > what Windows cannot resolve. > I installed RSAT. I added our AD to the Group policy management tool. When > I click on ad.ourdomain.hu, I get an error: > Processing error encountered with this default domain controller while > data-collection (sorry, I tried to translate it from Hungarian to English). > Change the domain controller and try again. > I applied samba-tool sysvolreset after I got error message related to rpc > too. > I installed two dcs: dc1, dc2. dc2 gets sysvol content with rsync. > smb.conf: > [global] > bind interfaces only = Yes > dns forwarder = 208.67.222.222 208.67.220.220 > interfaces = lo eth0 > netbios name = DC1 > realm = AD.OURDOMAIN.HU > server role = active directory domain controller > workgroup = AD > idmap_ldb:use rfc2307 = yes > allow dns updates = secure only > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [netlogon] > path = /var/lib/samba/sysvol/ad.ourdomain.hu/scripts > read only = No > Regards, > > Tamas Pisch. > >
On both DC's run the debugscript. and diff them. https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh And your sure there is nothing blocking needed ports in/on the vpn (tunnels) greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Pisch Tam?s via > samba > Verzonden: vrijdag 19 maart 2021 11:48 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Group Policies are not applied > > Hi, > > I tried to solve the problem, but without success. I googled, tried out > things. > I give some additional info. > dc1 is a guest on an xcpng hypervisor (site1). dc2 is a guest on a Windows > 2008 R2 Hyper-V (site2, default). I connect to the domain through VPN. > The replication between the servers is ok. > I can ping the dcs. As I said, I can join to the AD, and can log in as a > domain user. > nslookup ad.ourdomain.hu > Server: Unknown > Address: 172.18.255.196 > Name: ad.ourdomain.hu > Address: 172.18.255.196 > 172.17.253.253 > nltest /query > Flags: 0 > Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS > I tried to rejoin the client (disjoin; on dc: samba-tool computer delete > testcomputer\$;on client: join), but the situation is the same. > Any idea, what could cause that, and what can I do with it? > > Regards, > > Tamas Pisch. > > > > Pisch Tam?s <pischta at gmail.com> ezt ?rta (id??pont: 2021. m?rc. 16., K, > 15:53): > > > Hi, > > > > I set up a policy as test. When I run > > gpupdate /force > > on a Windows 10 client, I get error messages: > > -Group policy processing was unsuccessful. Windows cannot resolve > computer > > name. > > -Group policy processing was unsuccessful. Windows cannot resolve user > > name. > > The windows client was joined the domain, and I logged in with a domain > > user. > > Server side: Samba 4.13.4. It is a fresh installation. I went through > the > > Samba documentation, and the test commands run successful, so I don't > know, > > what Windows cannot resolve. > > I installed RSAT. I added our AD to the Group policy management tool. > When > > I click on ad.ourdomain.hu, I get an error: > > Processing error encountered with this default domain controller while > > data-collection (sorry, I tried to translate it from Hungarian to > English). > > Change the domain controller and try again. > > I applied samba-tool sysvolreset after I got error message related to > rpc > > too. > > I installed two dcs: dc1, dc2. dc2 gets sysvol content with rsync. > > smb.conf: > > [global] > > bind interfaces only = Yes > > dns forwarder = 208.67.222.222 208.67.220.220 > > interfaces = lo eth0 > > netbios name = DC1 > > realm = AD.OURDOMAIN.HU > > server role = active directory domain controller > > workgroup = AD > > idmap_ldb:use rfc2307 = yes > > allow dns updates = secure only > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > > [netlogon] > > path = /var/lib/samba/sysvol/ad.ourdomain.hu/scripts > > read only = No > > Regards, > > > > Tamas Pisch. > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 16/03/2021 14:53, Pisch Tam?s via samba wrote:> Hi, > > I set up a policy as test. When I run > gpupdate /force > on a Windows 10 client, I get error messages: > -Group policy processing was unsuccessful. Windows cannot resolve computer > name. > -Group policy processing was unsuccessful. Windows cannot resolve user name. > The windows client was joined the domain, and I logged in with a domain > user. > Server side: Samba 4.13.4. It is a fresh installation. I went through the > Samba documentation, and the test commands run successful, so I don't know, > what Windows cannot resolve. > I installed RSAT. I added our AD to the Group policy management tool. When > I click on ad.ourdomain.hu, I get an error: > Processing error encountered with this default domain controller while > data-collection (sorry, I tried to translate it from Hungarian to English). > Change the domain controller and try again. > I applied samba-tool sysvolreset after I got error message related to rpc > too. > I installed two dcs: dc1, dc2. dc2 gets sysvol content with rsync.Are you syncing idmap.ldb as well as Sysvol ? Rowland