Bob of Donelson Trophy
2015-Feb-08 14:20 UTC
[Samba] ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL
Once again, Bob is in 'the land of unknown bind knowledge.' What type of data am I adding? Shouldn't dns_update be run when adding the member server? Is this a "simple-bind-dn"? hum-m-m-m! --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-02-08 02:56, Rowland Penny wrote:> On 06/02/15 18:45, Bob of Donelson Trophy wrote: > >> I have been struggling with getting a member server to join my domain. Thanks to testing and using a VM, I can get the test member server to join my domain. The member server on "real hardware" cannot join, well sort of. When I "join", I get: net ads join -U Administrator Enter Administrator's password: Using short domain name -- DTS***M Joined 'DTMBR01' to dns domain 'dts***m.lan' DNS Update for dtmember01.dts***m.lan failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL And when I "leave", I get: net ads leave -U Administrator Enter Administrator's password: Deleted account for 'DTMBR01' in realm 'DTS***M.LAN' So, I look for what where? > > Hi Bob, your machine is actually joining the domain, it is the dns adding bit that is failing, try joining again and see if you can connect from another client, if it doesn't, run 'samba-tool dns add --help' and from this work out how to add the computers dns records. > > RowlandLinks: ------ [1] http://www.donelsontrophy.com
Rowland Penny
2015-Feb-08 14:37 UTC
[Samba] ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL
On 08/02/15 14:20, Bob of Donelson Trophy wrote:> > > Once again, Bob is in 'the land of unknown bind knowledge.' > > What type of data am I adding? > > Shouldn't dns_update be run when adding the member server? > > Is this a "simple-bind-dn"? > > hum-m-m-m! > > --- > > ------------------------- > > Bob Wooden of Donelson Trophy > > 615.885.2846 (main) > www.donelsontrophy.com [1] > > "Everyone deserves an award!!" > > On 2015-02-08 02:56, Rowland Penny wrote: > >> On 06/02/15 18:45, Bob of Donelson Trophy wrote: >> >>> I have been struggling with getting a member server to join my domain. Thanks to testing and using a VM, I can get the test member server to join my domain. The member server on "real hardware" cannot join, well sort of. When I "join", I get: net ads join -U Administrator Enter Administrator's password: Using short domain name -- DTS***M Joined 'DTMBR01' to dns domain 'dts***m.lan' DNS Update for dtmember01.dts***m.lan failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL And when I "leave", I get: net ads leave -U Administrator Enter Administrator's password: Deleted account for 'DTMBR01' in realm 'DTS***M.LAN' So, I look for what where? >> Hi Bob, your machine is actually joining the domain, it is the dns adding bit that is failing, try joining again and see if you can connect from another client, if it doesn't, run 'samba-tool dns add --help' and from this work out how to add the computers dns records. >> >> Rowland > > > Links: > ------ > [1] http://www.donelsontrophy.comOK, test your member server DNS record in AD: Run this on the server: samba-tool dns query <DC FQDN> <DNS Domain> <Member Server FQDN> A Where: <DC FQDN> is the fully qualified domain name of the DC i.e. DC.example.com <DNS Domain> is the domain name you are using i.e. example.com <Member Server FQDN> is the fully qualified domain name of the Member Server i.e. memberserver.example.com If it isn't there, then add it: samba-tool dns add <DC FQDN> <DNS Domain> <Member Server FQDN> A <IPaddress> <IPaddress> is the member server ipaddress i.e. 192.168.0.247 Rowland
Bob of Donelson Trophy
2015-Feb-08 19:03 UTC
[Samba] ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL
Okay!!! My member server ip address is 192.168.**.56 (static). When I run your command it is reporting the ip address of 192.168.**.55 (which is my DC02 address.) So, I need to correct this. How do I remove the 'old member server' ip address 192.168.**.55 reference and correct to 192.168.**.56? --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-02-08 12:50, Rowland Penny wrote:> On 08/02/15 18:37, Bob of Donelson Trophy wrote: > > On DC01. Same result, have to enter password twice . . . twice? > > Same output complaints . . . line for line. > > Hum-m-m! > --- > > ------------------------- > > Bob Wooden of Donelson Trophy > > 615.885.2846 (main) > www.donelsontrophy.com [1] > > "Everyone deserves an award!!" > > On 2015-02-08 12:25, Rowland Penny wrote: > On 08/02/15 18:20, Bob of Donelson Trophy wrote: > > Seems very strange (to me) that I need to enter the "Password for [DTS***Mroot]:" twice? > > And then the second question, what is the [DTS***Mroot] password, my "root" password for the DC01 or my "domainAdministrator" password? (Tried both.) > > And then I get: > > Failed to bind to uuid 50abc2a4-5**d-40b3-9**6-ee4fd5fba076 for 50abc2a4-5**d-40b3-9**6-ee4fd5fba076 at ncacn_ip_tcp:dtdc01[1024,sign] NT_STATUS_LOGON_FAILURE > ERROR(runtime): uncaught exception - (-1073741715, 'Logon failure') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 1056, in run > dns_conn = dns_connect(server, self.lp, self.creds) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 37, in dns_connect > dns_conn = dnsserver.dnsserver(binding_str, lp, creds) > > Hum-m-m-m? > --- > > ------------------------- > > Bob Wooden of Donelson Trophy > > 615.885.2846 (main) > www.donelsontrophy.com [1] > > "Everyone deserves an award!!" > > On 2015-02-08 08:37, Rowland Penny wrote: > > On 08/02/15 14:20, Bob of Donelson Trophy wrote: > Once again, Bob is in 'the land of unknown bind knowledge.' What type of data am I adding? Shouldn't dns_update be run when adding the member server? Is this a "simple-bind-dn"? hum-m-m-m! --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] [1 [1]] "Everyone deserves an award!!" On 2015-02-08 02:56, Rowland Penny wrote: On 06/02/15 18:45, Bob of Donelson Trophy wrote: I have been struggling with getting a member server to join my domain. Thanks to testing and using a VM, I can get the test member server to join my domain. The member server on "real hardware" cannot join, well sort of. When I "join", I get: net ads join -U Administrator Enter Administrator's password: Using short domain name -- DTS***M Joined 'DTMBR01' to dns domain 'dts***m.lan' DNS Update for dtmember01.dts***m.lan failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL And when I "leave", I get: net ads leave -U Administrator EnterAdministrator's password: Deleted account for 'DTMBR01' in realm 'DTS***M.LAN' So, I look for what where? Hi Bob, your machine is actually joining the domain, it is the dns adding bit that is failing, try joining again and see if you can connect from another client, if it doesn't, run 'samba-tool dns add --help' and from this work out how to add the computers dns records. Rowland Links: ------ [1] http://www.donelsontrophy.com [1] OK, test your member server DNS record in AD: Run this on the server: samba-tool dns query <DC FQDN> <DNS Domain> <Member Server FQDN> A Where: <DC FQDN> is the fully qualified domain name of the DC i.e. DC.example.com <DNS Domain> is the domain name you are using i.e. example.com <Member Server FQDN> is the fully qualified domain name of the Member Server i.e. memberserver.example.com If it isn't there, then add it: samba-tool dns add <DC FQDN> <DNS Domain> <Member Server FQDN> A <IPaddress> <IPaddress> is the member server ipaddress i.e. 192.168.0.247 Rowland Rats, Add '-U Administrator --password=<your AD Administrator password>' to the commands, it should work then, or try running the commands on the DC, they should work there without the password. Rowland OK, you have to use the Administrator password, even on the DC, this is the command & output when run on a DC: root at dc01:~# samba-tool dns query dc01.home.lan home.lan memtest2.home.lan A -U Administrator --password=********** Name=, Records=1, Children=0 A: 192.168.0.247 (flags=f0, serial=65, ttl=3600) and again, but on a member server: root at memtest2:~# samba-tool dns query dc01.home.lan home.lan memtest2.home.lan A -U Administrator --password=********** Name=, Records=1, Children=0 A: 192.168.0.247 (flags=f0, serial=65, ttl=3600) Rowland Links: ------ [1] http://www.donelsontrophy.com
Rowland Penny
2015-Feb-08 19:18 UTC
[Samba] ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL
On 08/02/15 19:03, Bob of Donelson Trophy wrote:> > > Okay!!! My member server ip address is 192.168.**.56 (static). > > When I run your command it is reporting the ip address of 192.168.**.55 > (which is my DC02 address.) > > So, I need to correct this. How do I remove the 'old member server' ip > address 192.168.**.55 reference and correct to 192.168.**.56? >OK, how did that happen ??? (don't bother answering, that was a rhetorical question) To delete the record: samba-tool dns delete <server> <zone> <name> A <data> -U Administrator --password=<Domain Administrator password> Where: <server> = your DC's fully qualified hostname <zone> = Your DNS domain name <name> = your member servers hostname <data> = your member servers ipaddress Rowland