thr3ads.net - samba - [Samba] GPO issues - getting SYSVOL cleaned up again [Jul 2019]

If this information is useful, please help other people find it:
Share via:

Stefan G. Weichinger

2019-Jul-31 14:08 UTC

[Samba] GPO issues - getting SYSVOL cleaned up again

Am 31.07.19 um 15:59 schrieb L.P.H. van Belle via samba:> Ok, after that reboot
> 
> ! Note, atm dont care about secrets.keytab (yet) 
> .. I was a bit ahead with things...
> 
> One thing at a time, for the keytab to be corrected, you need a perfect
correct working
> A PTR CNAME GUIDs for the DC(3) first then we start thinking in kerberos
corrections.
> 
> Run samba_dnsupdate --verbose  ( on both DC's ) 
> Post that output, ill have a look, and im getting a choco. :-) 
Now look at all that fun:

dc.pilsbacher.at entry has been magically created again, it seems:


root at pre01svdeb02:~# samba_dnsupdate --verbose
IPs: ['192.168.16.205']
Looking for DNS entry A dc.pilsbacher.at 192.168.16.205 as dc.pilsbacher.at.
Looking for DNS entry A pilsbacher.at 192.168.16.205 as pilsbacher.at.
Looking for DNS entry SRV _ldap._tcp.pilsbacher.at dc.pilsbacher.at 389
as _ldap._tcp.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.pilsbacher.at dc.pilsbacher.at 389
Checking 0 100 389 dc.pilsbacher.at. against SRV
_ldap._tcp.pilsbacher.at dc.pilsbacher.at 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.pilsbacher.at
dc.pilsbacher.at 389 as _ldap._tcp.dc._msdcs.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.dc._msdcs.pilsbacher.at dc.pilsbacher.at 389
Checking 0 100 389 dc.pilsbacher.at. against SRV
_ldap._tcp.dc._msdcs.pilsbacher.at dc.pilsbacher.at 389
Looking for DNS entry SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.pilsbacher.at
dc.pilsbacher.at 389 as
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.pilsbacher.at
dc.pilsbacher.at 389
Checking 0 100 389 dc.pilsbacher.at. against SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.pilsbacher.at
dc.pilsbacher.at 389
Looking for DNS entry SRV _kerberos._tcp.pilsbacher.at dc.pilsbacher.at
88 as _kerberos._tcp.pilsbacher.at.
Checking 0 100 88 pre01svdeb03.pilsbacher.at. against SRV
_kerberos._tcp.pilsbacher.at dc.pilsbacher.at 88
Checking 0 100 88 dc.pilsbacher.at. against SRV
_kerberos._tcp.pilsbacher.at dc.pilsbacher.at 88
Looking for DNS entry SRV _kerberos._udp.pilsbacher.at dc.pilsbacher.at
88 as _kerberos._udp.pilsbacher.at.
Checking 0 100 88 pre01svdeb03.pilsbacher.at. against SRV
_kerberos._udp.pilsbacher.at dc.pilsbacher.at 88
Checking 0 100 88 dc.pilsbacher.at. against SRV
_kerberos._udp.pilsbacher.at dc.pilsbacher.at 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.pilsbacher.at
dc.pilsbacher.at 88 as _kerberos._tcp.dc._msdcs.pilsbacher.at.
Checking 0 100 88 pre01svdeb03.pilsbacher.at. against SRV
_kerberos._tcp.dc._msdcs.pilsbacher.at dc.pilsbacher.at 88
Checking 0 100 88 dc.pilsbacher.at. against SRV
_kerberos._tcp.dc._msdcs.pilsbacher.at dc.pilsbacher.at 88
Looking for DNS entry SRV _kpasswd._tcp.pilsbacher.at dc.pilsbacher.at
464 as _kpasswd._tcp.pilsbacher.at.
Checking 0 100 464 pre01svdeb03.pilsbacher.at. against SRV
_kpasswd._tcp.pilsbacher.at dc.pilsbacher.at 464
Checking 0 100 464 dc.pilsbacher.at. against SRV
_kpasswd._tcp.pilsbacher.at dc.pilsbacher.at 464
Looking for DNS entry SRV _kpasswd._udp.pilsbacher.at dc.pilsbacher.at
464 as _kpasswd._udp.pilsbacher.at.
Checking 0 100 464 pre01svdeb03.pilsbacher.at. against SRV
_kpasswd._udp.pilsbacher.at dc.pilsbacher.at 464
Checking 0 100 464 dc.pilsbacher.at. against SRV
_kpasswd._udp.pilsbacher.at dc.pilsbacher.at 464
Looking for DNS entry CNAME
e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.pilsbacher.at
dc.pilsbacher.at as
e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.pilsbacher.at.
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.pilsbacher.at dc.pilsbacher.at
389 as _ldap._tcp.Default-First-Site-Name._sites.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.pilsbacher.at dc.pilsbacher.at 389
Checking 0 100 389 dc.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.pilsbacher.at dc.pilsbacher.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at
dc.pilsbacher.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at
dc.pilsbacher.at 389
Checking 0 100 389 dc.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at
dc.pilsbacher.at 389
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.pilsbacher.at
dc.pilsbacher.at 88 as
_kerberos._tcp.Default-First-Site-Name._sites.pilsbacher.at.
Checking 0 100 88 pre01svdeb03.pilsbacher.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.pilsbacher.at
dc.pilsbacher.at 88
Checking 0 100 88 dc.pilsbacher.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.pilsbacher.at
dc.pilsbacher.at 88
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at
dc.pilsbacher.at 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at.
Checking 0 100 88 pre01svdeb03.pilsbacher.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at
dc.pilsbacher.at 88
Checking 0 100 88 dc.pilsbacher.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at
dc.pilsbacher.at 88
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.pilsbacher.at
dc.pilsbacher.at 389 as _ldap._tcp.pdc._msdcs.pilsbacher.at.
Checking 0 100 389 dc.pilsbacher.at. against SRV
_ldap._tcp.pdc._msdcs.pilsbacher.at dc.pilsbacher.at 389
Looking for DNS entry A gc._msdcs.pilsbacher.at 192.168.16.205 as
gc._msdcs.pilsbacher.at.
Looking for DNS entry SRV _gc._tcp.pilsbacher.at dc.pilsbacher.at 3268
as _gc._tcp.pilsbacher.at.
Checking 0 100 3268 pre01svdeb03.pilsbacher.at. against SRV
_gc._tcp.pilsbacher.at dc.pilsbacher.at 3268
Checking 0 100 3268 dc.pilsbacher.at. against SRV _gc._tcp.pilsbacher.at
dc.pilsbacher.at 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.pilsbacher.at
dc.pilsbacher.at 3268 as _ldap._tcp.gc._msdcs.pilsbacher.at.
Checking 0 100 3268 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.gc._msdcs.pilsbacher.at dc.pilsbacher.at 3268
Checking 0 100 3268 dc.pilsbacher.at. against SRV
_ldap._tcp.gc._msdcs.pilsbacher.at dc.pilsbacher.at 3268
Looking for DNS entry SRV
_gc._tcp.Default-First-Site-Name._sites.pilsbacher.at dc.pilsbacher.at
3268 as _gc._tcp.Default-First-Site-Name._sites.pilsbacher.at.
Checking 0 100 3268 pre01svdeb03.pilsbacher.at. against SRV
_gc._tcp.Default-First-Site-Name._sites.pilsbacher.at dc.pilsbacher.at 3268
Checking 0 100 3268 dc.pilsbacher.at. against SRV
_gc._tcp.Default-First-Site-Name._sites.pilsbacher.at dc.pilsbacher.at 3268
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.pilsbacher.at
dc.pilsbacher.at 3268 as
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.pilsbacher.at.
Checking 0 100 3268 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.pilsbacher.at
dc.pilsbacher.at 3268
Checking 0 100 3268 dc.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.pilsbacher.at
dc.pilsbacher.at 3268
Looking for DNS entry A DomainDnsZones.pilsbacher.at 192.168.16.205 as
DomainDnsZones.pilsbacher.at.
Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.pilsbacher.at
dc.pilsbacher.at 389 as _ldap._tcp.DomainDnsZones.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.DomainDnsZones.pilsbacher.at dc.pilsbacher.at 389
Checking 0 100 389 dc.pilsbacher.at. against SRV
_ldap._tcp.DomainDnsZones.pilsbacher.at dc.pilsbacher.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pilsbacher.at
dc.pilsbacher.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pilsbacher.at
dc.pilsbacher.at 389
Checking 0 100 389 dc.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pilsbacher.at
dc.pilsbacher.at 389
Looking for DNS entry A ForestDnsZones.pilsbacher.at 192.168.16.205 as
ForestDnsZones.pilsbacher.at.
Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.pilsbacher.at
dc.pilsbacher.at 389 as _ldap._tcp.ForestDnsZones.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.ForestDnsZones.pilsbacher.at dc.pilsbacher.at 389
Checking 0 100 389 dc.pilsbacher.at. against SRV
_ldap._tcp.ForestDnsZones.pilsbacher.at dc.pilsbacher.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pilsbacher.at
dc.pilsbacher.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pilsbacher.at
dc.pilsbacher.at 389
Checking 0 100 389 dc.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pilsbacher.at
dc.pilsbacher.at 389
No DNS updates needed


root at pre01svdeb03:~# samba_dnsupdate  --verbose
IPs: ['192.168.16.206']
Looking for DNS entry A pre01svdeb03.pilsbacher.at 192.168.16.206 as
pre01svdeb03.pilsbacher.at.
Looking for DNS entry NS pilsbacher.at pre01svdeb03.pilsbacher.at as
pilsbacher.at.
Looking for DNS entry NS _msdcs.pilsbacher.at pre01svdeb03.pilsbacher.at
as _msdcs.pilsbacher.at.
Looking for DNS entry A pilsbacher.at 192.168.16.206 as pilsbacher.at.
Looking for DNS entry SRV _ldap._tcp.pilsbacher.at
pre01svdeb03.pilsbacher.at 389 as _ldap._tcp.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.pilsbacher.at pre01svdeb03.pilsbacher.at 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at 389 as _ldap._tcp.dc._msdcs.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.dc._msdcs.pilsbacher.at pre01svdeb03.pilsbacher.at 389
Looking for DNS entry SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at 389 as
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at 389
Looking for DNS entry SRV _kerberos._tcp.pilsbacher.at
pre01svdeb03.pilsbacher.at 88 as _kerberos._tcp.pilsbacher.at.
Checking 0 100 88 pre01svdeb03.pilsbacher.at. against SRV
_kerberos._tcp.pilsbacher.at pre01svdeb03.pilsbacher.at 88
Looking for DNS entry SRV _kerberos._udp.pilsbacher.at
pre01svdeb03.pilsbacher.at 88 as _kerberos._udp.pilsbacher.at.
Checking 0 100 88 pre01svdeb03.pilsbacher.at. against SRV
_kerberos._udp.pilsbacher.at pre01svdeb03.pilsbacher.at 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at 88 as _kerberos._tcp.dc._msdcs.pilsbacher.at.
Checking 0 100 88 pre01svdeb03.pilsbacher.at. against SRV
_kerberos._tcp.dc._msdcs.pilsbacher.at pre01svdeb03.pilsbacher.at 88
Looking for DNS entry SRV _kpasswd._tcp.pilsbacher.at
pre01svdeb03.pilsbacher.at 464 as _kpasswd._tcp.pilsbacher.at.
Checking 0 100 464 pre01svdeb03.pilsbacher.at. against SRV
_kpasswd._tcp.pilsbacher.at pre01svdeb03.pilsbacher.at 464
Looking for DNS entry SRV _kpasswd._udp.pilsbacher.at
pre01svdeb03.pilsbacher.at 464 as _kpasswd._udp.pilsbacher.at.
Checking 0 100 464 pre01svdeb03.pilsbacher.at. against SRV
_kpasswd._udp.pilsbacher.at pre01svdeb03.pilsbacher.at 464
Looking for DNS entry CNAME
a60fbb5f-926b-484d-992c-c1ef5cc0936d._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at as
a60fbb5f-926b-484d-992c-c1ef5cc0936d._msdcs.pilsbacher.at.
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.pilsbacher.at
pre01svdeb03.pilsbacher.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.pilsbacher.at
pre01svdeb03.pilsbacher.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at 389
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.pilsbacher.at
pre01svdeb03.pilsbacher.at 88 as
_kerberos._tcp.Default-First-Site-Name._sites.pilsbacher.at.
Checking 0 100 88 pre01svdeb03.pilsbacher.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.pilsbacher.at
pre01svdeb03.pilsbacher.at 88
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at.
Checking 0 100 88 pre01svdeb03.pilsbacher.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at 88
Looking for DNS entry A gc._msdcs.pilsbacher.at 192.168.16.206 as
gc._msdcs.pilsbacher.at.
Looking for DNS entry SRV _gc._tcp.pilsbacher.at
pre01svdeb03.pilsbacher.at 3268 as _gc._tcp.pilsbacher.at.
Checking 0 100 3268 pre01svdeb03.pilsbacher.at. against SRV
_gc._tcp.pilsbacher.at pre01svdeb03.pilsbacher.at 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at 3268 as _ldap._tcp.gc._msdcs.pilsbacher.at.
Checking 0 100 3268 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.gc._msdcs.pilsbacher.at pre01svdeb03.pilsbacher.at 3268
Looking for DNS entry SRV
_gc._tcp.Default-First-Site-Name._sites.pilsbacher.at
pre01svdeb03.pilsbacher.at 3268 as
_gc._tcp.Default-First-Site-Name._sites.pilsbacher.at.
Checking 0 100 3268 pre01svdeb03.pilsbacher.at. against SRV
_gc._tcp.Default-First-Site-Name._sites.pilsbacher.at
pre01svdeb03.pilsbacher.at 3268
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at 3268 as
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.pilsbacher.at.
Checking 0 100 3268 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.pilsbacher.at
pre01svdeb03.pilsbacher.at 3268
Looking for DNS entry A DomainDnsZones.pilsbacher.at 192.168.16.206 as
DomainDnsZones.pilsbacher.at.
Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.pilsbacher.at
pre01svdeb03.pilsbacher.at 389 as _ldap._tcp.DomainDnsZones.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.DomainDnsZones.pilsbacher.at pre01svdeb03.pilsbacher.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pilsbacher.at
pre01svdeb03.pilsbacher.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pilsbacher.at
pre01svdeb03.pilsbacher.at 389
Looking for DNS entry A ForestDnsZones.pilsbacher.at 192.168.16.206 as
ForestDnsZones.pilsbacher.at.
Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.pilsbacher.at
pre01svdeb03.pilsbacher.at 389 as _ldap._tcp.ForestDnsZones.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.ForestDnsZones.pilsbacher.at pre01svdeb03.pilsbacher.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pilsbacher.at
pre01svdeb03.pilsbacher.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pilsbacher.at.
Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pilsbacher.at
pre01svdeb03.pilsbacher.at 389
No DNS updates needed

Stefan G. Weichinger

2019-Jul-31 14:18 UTC

head link

[Samba] GPO issues - getting SYSVOL cleaned up again

Am 31.07.19 um 16:08 schrieb Stefan G. Weichinger via samba:
> Now look at all that fun:
> 
> dc.pilsbacher.at entry has been magically created again, it seems:
> 
> 
> root at pre01svdeb02:~# samba_dnsupdate --verbose
> IPs: ['192.168.16.205']
> Looking for DNS entry A dc.pilsbacher.at 192.168.16.205 as
dc.pilsbacher.at.

and it's all over DNS-tree now again ...

L.P.H. van Belle

2019-Jul-31 14:26 UTC

head link

[Samba] GPO issues - getting SYSVOL cleaned up again

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: woensdag 31 juli 2019 16:19
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] GPO issues - getting SYSVOL cleaned up again
> 
> Am 31.07.19 um 16:08 schrieb Stefan G. Weichinger via samba:
> 
> > Now look at all that fun:
> > 
> > dc.pilsbacher.at entry has been magically created again, it seems:
> > 
> > 
> > root at pre01svdeb02:~# samba_dnsupdate --verbose
> > IPs: ['192.168.16.205']
> > Looking for DNS entry A dc.pilsbacher.at 192.168.16.205 as 
> dc.pilsbacher.at.
> 
> 
> and it's all over DNS-tree now again ...
> 
> 
No worries, it getting better, even when you dont see it. 
You might not see it as improvement but it is. 

Why.. 
Before...  
Failed nsupdate: 1
Failed update of 23 entries 

Now.... > No DNS updates needed  ( on both servers ) 
So yes this is an improvement. 


Next, verify this, and post me the outputs. 
You can use any server to run this, EXECPT the DC's. 

dig a dc.pilsbacher.at @192.168.16.205 |grep -v ";"
dig a dc.pilsbacher.at @192.168.16.206 |grep -v ";"

dig a pre01svdeb03.pilsbacher.at @192.168.16.205 |grep -v ";"
dig a pre01svdeb03.pilsbacher.at @192.168.16.206 |grep -v ";"

dig -x 192.168.16.205 @192.168.16.205 |grep -v ";"
dig -x 192.168.16.206 @192.168.16.205 |grep -v ";"

dig -x 192.168.16.205 @192.168.16.206 |grep -v ";"
dig -x 192.168.16.206 @192.168.16.206 |grep -v ";"

dig a pilsbacher.at  @192.168.16.205 |grep -v ";"
dig a pilsbacher.at  @192.168.16.206 |grep -v ";"

dig a _msdcs.pilsbacher.at  @192.168.16.205 |grep -v ";"
dig a _msdcs.pilsbacher.at  @192.168.16.206 |grep -v ";"

Stefan G. Weichinger

2019-Jul-31 14:32 UTC

head link

[Samba] GPO issues - getting SYSVOL cleaned up again

Am 31.07.19 um 16:26 schrieb L.P.H. van Belle via samba:
> No worries, it getting better, even when you dont see it. 
> You might not see it as improvement but it is. 
really ... wow ;-)
> Why.. 
> Before...  
> Failed nsupdate: 1
> Failed update of 23 entries 
> 
> Now.... 
>> No DNS updates needed  ( on both servers ) 
> 
> So yes this is an improvement. 
> 
> 
> Next, verify this, and post me the outputs. 
> You can use any server to run this, EXECPT the DC's. 
OK, done on a DM file server:

root at pre01svdeb01:~# dig a dc.pilsbacher.at @192.168.16.205 |grep -v
";"



dc.pilsbacher.at.	900	IN	A	192.168.16.205

pilsbacher.at.		3600	IN	SOA	dc.pilsbacher.at. hostmaster.pilsbacher.at.
1072701 900 600 86400 3600


root at pre01svdeb01:~# dig a dc.pilsbacher.at @192.168.16.206 |grep -v
";"



dc.pilsbacher.at.	900	IN	A	192.168.16.205

pilsbacher.at.		3600	IN	SOA	pre01svdeb03.pilsbacher.at.
hostmaster.pilsbacher.at. 1072701 900 600 86400 3600


root at pre01svdeb01:~# dig a pre01svdeb03.pilsbacher.at @192.168.16.205
|grep -v ";"



pre01svdeb03.pilsbacher.at. 900	IN	A	192.168.16.206

pilsbacher.at.		3600	IN	SOA	dc.pilsbacher.at. hostmaster.pilsbacher.at.
1072701 900 600 86400 3600


root at pre01svdeb01:~# dig a pre01svdeb03.pilsbacher.at @192.168.16.206
|grep -v ";"



pre01svdeb03.pilsbacher.at. 900	IN	A	192.168.16.206

pilsbacher.at.		3600	IN	SOA	pre01svdeb03.pilsbacher.at.
hostmaster.pilsbacher.at. 1072701 900 600 86400 3600


root at pre01svdeb01:~# dig -x 192.168.16.205 @192.168.16.205 |grep -v
";"



205.16.168.192.in-addr.arpa. 900 IN	PTR	PRE01SVDEB02.pilsbacher.at.

16.168.192.in-addr.arpa. 3600	IN	SOA	dc.pilsbacher.at.
hostmaster.pilsbacher.at. 7 900 600 86400 3600


root at pre01svdeb01:~# dig -x 192.168.16.206 @192.168.16.205 |grep -v
";"



206.16.168.192.in-addr.arpa. 3600 IN	PTR	pre01svdeb03.pilsbacher.at.

16.168.192.in-addr.arpa. 3600	IN	SOA	dc.pilsbacher.at.
hostmaster.pilsbacher.at. 7 900 600 86400 3600


root at pre01svdeb01:~# dig -x 192.168.16.205 @192.168.16.206 |grep -v
";"



205.16.168.192.in-addr.arpa. 900 IN	PTR	PRE01SVDEB02.pilsbacher.at.

16.168.192.in-addr.arpa. 3600	IN	SOA	pre01svdeb03.pilsbacher.at.
hostmaster.pilsbacher.at. 7 900 600 86400 3600


root at pre01svdeb01:~# dig -x 192.168.16.206 @192.168.16.206 |grep -v
";"



206.16.168.192.in-addr.arpa. 3600 IN	PTR	pre01svdeb03.pilsbacher.at.

16.168.192.in-addr.arpa. 3600	IN	SOA	pre01svdeb03.pilsbacher.at.
hostmaster.pilsbacher.at. 7 900 600 86400 3600


root at pre01svdeb01:~# dig a pilsbacher.at  @192.168.16.205 |grep -v
";"



pilsbacher.at.		900	IN	A	192.168.16.205
pilsbacher.at.		900	IN	A	192.168.16.206

pilsbacher.at.		3600	IN	SOA	dc.pilsbacher.at. hostmaster.pilsbacher.at.
1072701 900 600 86400 3600


root at pre01svdeb01:~# dig a pilsbacher.at  @192.168.16.206 |grep -v
";"



pilsbacher.at.		900	IN	A	192.168.16.205
pilsbacher.at.		900	IN	A	192.168.16.206

pilsbacher.at.		3600	IN	SOA	pre01svdeb03.pilsbacher.at.
hostmaster.pilsbacher.at. 1072701 900 600 86400 3600


root at pre01svdeb01:~# dig a _msdcs.pilsbacher.at  @192.168.16.205 |grep
-v ";"



_msdcs.pilsbacher.at.	3600	IN	SOA	dc.pilsbacher.at.
hostmaster.pilsbacher.at. 631065 900 600 86400 3600


root at pre01svdeb01:~# dig a _msdcs.pilsbacher.at  @192.168.16.206 |grep
-v ";"



_msdcs.pilsbacher.at.	3600	IN	SOA	pre01svdeb03.pilsbacher.at.
hostmaster.pilsbacher.at. 631065 900 600 86400 3600

L.P.H. van Belle

2019-Jul-31 14:51 UTC

head link

[Samba] GPO issues - getting SYSVOL cleaned up again

I forgot. 

dig a pre01svdeb02.pilsbacher.at @192.168.16.205
dig a pre01svdeb02.pilsbacher.at @192.168.16.206

Can you run these also for me. 
And there are no CNAMEs pointing to the AD-DCs ?

L.P.H. van Belle

2019-Jul-31 15:33 UTC

head link

[Samba] GPO issues - getting SYSVOL cleaned up again

Hai, 

And thanks for the other check i needed to know if the A record did exist. 
>> ldap1 CNAME pre01svdeb02
>> ldap2 CNAME pre01svdeb03
>sorry, typo -------------^Yes i was expecting that. ;-) 

What i see, all SOA record and serialnr are same where is should be so thats ok.
What i noticed is this part. 

dig a dc.pilsbacher.at @192.168.16.205/206 replies. 

DNS1 ( DC1 /pre01svdeb02 (old DC) )	:	A 192.168.16.205 dc.pilsbacher.at
<<< OLD NAME REPLY.
DNS2 ( DC2 /pre01svdeb03 )		:	A 192.168.16.206 pre01svdeb03.pilsbacher.at

Both DNS replies the same on lookup A dc.pilsbacher.at to 192.168.16.205
But your PTR Lookup, replies different. 

dig -x 192.168.16.205 @192.168.16.205
205.16.168.192.in-addr.arpa. 900 IN	PTR	PRE01SVDEB02.pilsbacher.at.	
<<< NEW NAME REPLY.

dig -x 192.168.16.205 @192.168.16.206
205.16.168.192.in-addr.arpa. 900 IN	PTR	PRE01SVDEB02.pilsbacher.at.	
<<< NEW NAME REPLY.

And the problem your hitting is as far i can see from a buggy samba version in
the past.
How i see that. PRE01SVDEB02 and pre01svdeb03  The CAPS and non-caps. 
And now im getting flashbacks.. 

Ive been here before, when i accedently added a new ad with an existing name or
IP.
:-// 3-4 years ago..  
Now this is One for in the evening.. (sorry), but that is the best way to fix
it.

Which is the DC with FSMO roles, if its DC1 then move them to
pre01svdeb03.pilsbacher.at
Remove/purge this DC and join clean again. ( no need to reinstall os etc. just
samba )

DC1 
systemctl stop samba-ad-dc 
Backup/remove the files from /var/lib/samba /var/cache/samba and its subfolders!
And /etc/samba/smb.conf

-- and stop ... 
Now, go cleanup with the windows DNS tool. ( connect to DC2 ) 
Verify ALL zones and especially : _msdcs.pilsbacher.at.  
Remove the faulty GUID and ip/servernames from every thing sub folder etc there.

Remove the A record to DC. 
Remove the PTR record to PRE01SVDEB02
Remove everything related to DC PRE01SVDEB02 and 192.168.16.205

Done, then verify it again, make very sure all records are gone.

I suggest to verify /etc/hosts /etc/resolv.conf also but these should be fine.
Point you first DNS entry in /etc/resolv.conf to the other DC 192.168.16.206 
(pre01svdeb03.pilsbacher.at)

kinit Administrator
And join the domain again. 
! DONT start samba yet. 

Stop samba on DC2, copy idmap file to DC1 

Now start samba on DC1 
And sync sysvol again. 
And set/verify the rights from windows again on sysvol/netlogon. 

And now everything is fixed and correct.

I spent a long time before i did above, and same as you, a few part kept coming
back wrong.

This is in the end the best i can think/recall in fixing it. 

I wish i had better news, but in the end, you will have a good working setup. 


Greetz, 

Louis

Reasonably Related Threads

Search for more possibly parallel threads

samba - Jul 2019 - GPO issues - getting SYSVOL cleaned up again

[Samba] GPO issues - getting SYSVOL cleaned up again

[Samba] GPO issues - getting SYSVOL cleaned up again

[Samba] GPO issues - getting SYSVOL cleaned up again

[Samba] GPO issues - getting SYSVOL cleaned up again

[Samba] GPO issues - getting SYSVOL cleaned up again

[Samba] GPO issues - getting SYSVOL cleaned up again

Reasonably Related Threads