Guys, thanks for the catch! This time I removed dns-backend key from the command line and tried both variants: with and without "dns update command" in smb.conf: samba-tool domain join domain.com DC -k yes --server=vm-dc1.domain.com -v -d 5 2>&1 | tee join.txt And both times I got similar errors: either WERR_DNS_ERROR_DS_UNAVAILABLE or "TSIG error with server: tsig verify failure"> On 13/03/2020 16:04, Kris Lou via samba wrote: >>> >>> Join command was: >>> samba-tool domain join domain.com DC -k yes --server=vm-dc1.domain.com --dns-backend >>> SAMBA_INTERNAL -v -d 5 2>&1 | tee join.txt >> >> Here, you have "--dns-backend SAMBA_INTERNAL" where perhaps you meant >> "--dns-backend=SAMBA_INTERNAL" ? >> >> I'm guessing that it was interpreted as "--dns-backend=NONE" >> >> > Good catch, I missed that, probably because you do not have to provide > it, it is the default.> If this is a new DC, I would just demote it and start again, but this > time without the '--dns-backend' switch.-- Best regards, Alex
Guys, any updates on this? Your help is really appreciated.> This time I removed dns-backend key from the command line and tried both > variants: with and without "dns update command" in smb.conf: > samba-tool domain join domain.com DC -k yes --server=vm-dc1.domain.com -v -d 5 2>&1 | tee join.txt> And both times I got similar errors: either WERR_DNS_ERROR_DS_UNAVAILABLE or > "TSIG error with server: tsig verify failure">> On 13/03/2020 16:04, Kris Lou via samba wrote: >>>> >>>> Join command was: >>>> samba-tool domain join domain.com DC -k yes --server=vm-dc1.domain.com --dns-backend >>>> SAMBA_INTERNAL -v -d 5 2>&1 | tee join.txt >>> >>> Here, you have "--dns-backend SAMBA_INTERNAL" where perhaps you meant >>> "--dns-backend=SAMBA_INTERNAL" ? >>> >>> I'm guessing that it was interpreted as "--dns-backend=NONE" >>> >>> >> Good catch, I missed that, probably because you do not have to provide >> it, it is the default.>> If this is a new DC, I would just demote it and start again, but this >> time without the '--dns-backend' switch.-- Best regards, Alex
You might have a "chicken and the egg" issue with DNS. The prospective (soon-to-be-joined) DC has itself listed in resolv.conf -- so it looks there but can't find an entry for an existing DC to join? Remove the self-referential entry and try again. Add it back after the join.