You might have a "chicken and the egg" issue with DNS. The prospective (soon-to-be-joined) DC has itself listed in resolv.conf -- so it looks there but can't find an entry for an existing DC to join? Remove the self-referential entry and try again. Add it back after the join.
Hello Kris,> You might have a "chicken and the egg" issue with DNS. The prospective > (soon-to-be-joined) DC has itself listed in resolv.conf -- so it looks > there but can't find an entry for an existing DC to join? Remove the > self-referential entry and try again. Add it back after the join.Since I've already joined the domain, I don't think that should be an issue. Anyway, I've just removed the host itself from resolv.conf and ran: samba_dnsupdate --use-samba-tool --fail-immediately -d 5 which resulted to: ... ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 945, in run raise e File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 941, in run 0, server, zone, name, add_rec_buf, None) Failed update of 25 entries and samba_dnsupdate --fail-immediately -d 5 ... Ticket in credentials cache for VM-DC4$@DOMAIN.COM will expire in 35999 secs Starting GENSEC mechanism gssapi_krb5_sasl GSSAPI credentials for VM-DC4$@DOMAIN.COM will expire in 36000 secs ; TSIG error with server: tsig verify failure update failed: REFUSED -- Best regards, Alex
Hai, .. Small comment, im very very busy, due to corona. Setup your resolv.conf .. For the second dc and extras. First, search your.dom.tld. nameserver dc01 After the join, search your.dom.tld. nameserver dc01 nameserver dc02 And after replication verifications. search your.dom.tld. nameserver dc02 nameserver dc01 Try it.. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Alex > via samba > Verzonden: maandag 16 maart 2020 16:12 > Aan: Kris Lou > CC: Alex; samba > Onderwerp: Re: [Samba] samba dc dns issue > > Hello Kris, > > > You might have a "chicken and the egg" issue with DNS. The > prospective > > (soon-to-be-joined) DC has itself listed in resolv.conf -- > so it looks > > there but can't find an entry for an existing DC to join? > Remove the > > self-referential entry and try again. Add it back after the join. > > Since I've already joined the domain, I don't think that > should be an issue. > Anyway, I've just removed the host itself from resolv.conf and ran: > samba_dnsupdate --use-samba-tool --fail-immediately -d 5 > > which resulted to: > ... > ERROR(runtime): uncaught exception - (9717, > 'WERR_DNS_ERROR_DS_UNAVAILABLE') > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/_ > _init__.py", line 186, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/d > ns.py", line 945, in run > raise e > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/d > ns.py", line 941, in run > 0, server, zone, name, add_rec_buf, None) > Failed update of 25 entries > > and > samba_dnsupdate --fail-immediately -d 5 > ... > Ticket in credentials cache for VM-DC4$@DOMAIN.COM will > expire in 35999 secs > Starting GENSEC mechanism gssapi_krb5_sasl > GSSAPI credentials for VM-DC4$@DOMAIN.COM will expire in 36000 secs > ; TSIG error with server: tsig verify failure > update failed: REFUSED > > -- > Best regards, > Alex > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
After double checking, all the missing records are in place now. So, it looks like despite of the errors printed, it did the job! Thanks Kris! Wondering why the errors were printed, though..>> You might have a "chicken and the egg" issue with DNS. The prospective >> (soon-to-be-joined) DC has itself listed in resolv.conf -- so it looks >> there but can't find an entry for an existing DC to join? Remove the >> self-referential entry and try again. Add it back after the join.> Since I've already joined the domain, I don't think that should be an issue. > Anyway, I've just removed the host itself from resolv.conf and ran: > samba_dnsupdate --use-samba-tool --fail-immediately -d 5> which resulted to: > ... > ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 945, in run > raise e > File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 941, in run > 0, server, zone, name, add_rec_buf, None) > Failed update of 25 entries> and > samba_dnsupdate --fail-immediately -d 5 > ... > Ticket in credentials cache for VM-DC4$@DOMAIN.COM will expire in 35999 secs > Starting GENSEC mechanism gssapi_krb5_sasl > GSSAPI credentials for VM-DC4$@DOMAIN.COM will expire in 36000 secs > ; TSIG error with server: tsig verify failure > update failed: REFUSED-- Best regards, Alex