Thanks for the suggestion Rowland, I had already tried that though and both
secondary DC's resolve....
host -t CNAME fbce444a-8707-4c69-8066-d75aacfb07f0._msdcs.mydomain.com.
fbce444a-8707-4c69-8066-d75aacfb07f0._msdcs.mydomain.com is an alias for
dc02.mydomain.com.
host -t CNAME 04225dbe-d69c-4ea5-8930-eb8746790180._msdcs.mydomain.com.
04225dbe-d69c-4ea5-8930-eb8746790180._msdcs.mydomain.com is an alias for
dc03.mydomain.com.
On 30 September 2016 at 19:52, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 30 Sep 2016 19:44:36 +0100
> "Maton, Brett via samba" <samba at lists.samba.org> wrote:
>
> > I think I'm missing some SRV records...
> >
> > Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._
> > sites.ForestDnsZones.mydomain.com dc03.mydomain.com 389 (add)
> > Outgoing update query:
> > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:
0
> > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> > ;; UPDATE SECTION:
> > _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.com.
> > 900 IN SRV 0 100 389 dc03.mydomain.com.
> >
> > tkey query failed: GSSAPI error: Major = Unspecified GSS failure.
> > Minor code may provide more information, Minor = Server not found in
> > Kerberos database.
> >
> > I get the same errors on dc02.
> >
> > If I look at the forest in MS DNS tool I can find _gc _ldap _kerberos
> > SRV records for dc01 bot not for the others.
> >
> > Am I on the right track here, or just besting around the bushes ?
>
> Have a look here:
>
> https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba