I think I'm missing some SRV records... Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._ sites.ForestDnsZones.mydomain.com dc03.mydomain.com 389 (add) Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.com. 900 IN SRV 0 100 389 dc03.mydomain.com. tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database. I get the same errors on dc02. If I look at the forest in MS DNS tool I can find _gc _ldap _kerberos SRV records for dc01 bot not for the others. Am I on the right track here, or just besting around the bushes ?
On Fri, 30 Sep 2016 19:44:36 +0100 "Maton, Brett via samba" <samba at lists.samba.org> wrote:> I think I'm missing some SRV records... > > Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._ > sites.ForestDnsZones.mydomain.com dc03.mydomain.com 389 (add) > Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > ;; UPDATE SECTION: > _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.com. > 900 IN SRV 0 100 389 dc03.mydomain.com. > > tkey query failed: GSSAPI error: Major = Unspecified GSS failure. > Minor code may provide more information, Minor = Server not found in > Kerberos database. > > I get the same errors on dc02. > > If I look at the forest in MS DNS tool I can find _gc _ldap _kerberos > SRV records for dc01 bot not for the others. > > Am I on the right track here, or just besting around the bushes ?Have a look here: https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record Rowland
Thanks for the suggestion Rowland, I had already tried that though and both secondary DC's resolve.... host -t CNAME fbce444a-8707-4c69-8066-d75aacfb07f0._msdcs.mydomain.com. fbce444a-8707-4c69-8066-d75aacfb07f0._msdcs.mydomain.com is an alias for dc02.mydomain.com. host -t CNAME 04225dbe-d69c-4ea5-8930-eb8746790180._msdcs.mydomain.com. 04225dbe-d69c-4ea5-8930-eb8746790180._msdcs.mydomain.com is an alias for dc03.mydomain.com. On 30 September 2016 at 19:52, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 30 Sep 2016 19:44:36 +0100 > "Maton, Brett via samba" <samba at lists.samba.org> wrote: > > > I think I'm missing some SRV records... > > > > Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._ > > sites.ForestDnsZones.mydomain.com dc03.mydomain.com 389 (add) > > Outgoing update query: > > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 > > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > > ;; UPDATE SECTION: > > _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.com. > > 900 IN SRV 0 100 389 dc03.mydomain.com. > > > > tkey query failed: GSSAPI error: Major = Unspecified GSS failure. > > Minor code may provide more information, Minor = Server not found in > > Kerberos database. > > > > I get the same errors on dc02. > > > > If I look at the forest in MS DNS tool I can find _gc _ldap _kerberos > > SRV records for dc01 bot not for the others. > > > > Am I on the right track here, or just besting around the bushes ? > > Have a look here: > > https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba