thierry DeTheGeek
2016-Feb-28 08:34 UTC
[Samba] Inconsistency in LSA database prevents me to edit DNS zone
Hi all A few month ago I had to change the IP address of my DC running Samba 4 and Bind 9 as backend, in a LXC container running Debian 8u2. I followed this documentation https://wiki.samba.org/index.php/Change_IP_address_of_an_Samba_AD_DC The documentation was rather good, but I found it was incomplete while updating the DNS entries with samba_dnsupdate --verbose I had to use the DNS management MMC console to update all entries containing the old IP address of my DC, not mentioned in the errors reported by the above command. A few weeks later I wanted to add a DNS entry in the DNS server and all attempts are rejected with the following message : The Local Security Authority (LSA) database contains an internal inconsistency I workarounded the issue with samba-tool. Today I wanted to do more complex DNS settings and I wish to use RSAT instead of samba-tool. This is the only issue I noticed so far. I'm created a few GPOs whithout any issue, my domain members and SMB shares are working great too. Do someone have an idea about this issue ?
Mueller
2016-Feb-29 07:25 UTC
[Samba] Inconsistency in LSA database prevents me to edit DNS zone
Only one hint! Do not use windows 8.1 and above with RSAT and DNS. Changing DNS Settings with the RSAT tool from Windows 8.1 did destroy my Samba4 Domain/DNS. Greetings Daniel EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de -----Ursprüngliche Nachricht----- Von: thierry DeTheGeek [mailto:dethegeek at gmail.com] Gesendet: Sonntag, 28. Februar 2016 09:34 An: samba at lists.samba.org Betreff: [Samba] Inconsistency in LSA database prevents me to edit DNS zone Hi all A few month ago I had to change the IP address of my DC running Samba 4 and Bind 9 as backend, in a LXC container running Debian 8u2. I followed this documentation https://wiki.samba.org/index.php/Change_IP_address_of_an_Samba_AD_DC The documentation was rather good, but I found it was incomplete while updating the DNS entries with samba_dnsupdate --verbose I had to use the DNS management MMC console to update all entries containing the old IP address of my DC, not mentioned in the errors reported by the above command. A few weeks later I wanted to add a DNS entry in the DNS server and all attempts are rejected with the following message : The Local Security Authority (LSA) database contains an internal inconsistency I workarounded the issue with samba-tool. Today I wanted to do more complex DNS settings and I wish to use RSAT instead of samba-tool. This is the only issue I noticed so far. I'm created a few GPOs whithout any issue, my domain members and SMB shares are working great too. Do someone have an idea about this issue ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba