CED Ing. Damiano Bolla
2025-Jul-03 06:59 UTC
[Samba] WERR_DNS_ERROR_DS_UNAVAILABLE when asking for local dns server info
this is what works
----------------------
root at vdce:/home/damiano/work# cat /etc/hostname
vdce
----------------------
root at vdce:/home/damiano/work# cat /etc/hosts
127.0.0.1?????? localhost
192.168.999.40? vdce.CONTOSO.local???? vdce
----------------------
root at vdce:/home/damiano/work# cat /etc/krb5.conf
[libdefaults]
??????? default_realm = CONTOSO.LOCAL
??????? dns_lookup_realm = false
??????? dns_lookup_kdc = true
[realms]
CONTOSO.LOCAL = {
??????? default_domain = CONTOSO.local
}
[domain_realm]
??????? VDCE = CONTOSO.LOCAL
----------------------
root at vdce:/home/damiano/work# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd:???????? files
group:????????? files
shadow:???????? files
gshadow:??????? files
#hosts:????????? files mdns4_minimal [NOTFOUND=return] dns
hosts:????????? files dns
networks:?????? files
protocols:????? db files
services:?????? db files
ethers:???????? db files
rpc:??????????? db files
netgroup:?????? nis
----------------------
root at vdce:/home/damiano/work# nslookup vdce
Server:???????? 192.168.999.40
Address:??????? 192.168.999.40#53
Name:?? vdce.CONTOSO.local
Address: 192.168.999.40
----------------------
root at vdce:/home/damiano/work#? net --use-krb5-ccache=/tmp/krb5cc_0 -S
virtdc time
Thu Jul? 3 08:50:12 2025
----------------------
root at vdce:/home/damiano/work#? net --use-krb5-ccache=/tmp/krb5cc_0 -S
vdce time
Thu Jul? 3 08:49:31 2025
----------------------
I can use RSAT (from windows machine, clearly) to connect to xx.40 and
administer "active directory users and computers"
---------------------- I have removed the other windows machines from
the report
PS C:\Users\xxxxxxx> repadmin /replsummary
Replication Summary Start Time: 2025-07-03 08:56:54
Source DSA????????? largest delta??? fails/total %%?? error
?VDCD????????????????????? 03m:58s??? 0 /? 10??? 0
Destination DSA???? largest delta??? fails/total %%?? error
?VDCD????????????????????? 59m:57s??? 0 /? 10??? 0
---------------------------------- however....
root at vdce:/home/damiano/work# samba-tool dns serverinfo vdce
--use-krb5-ccache=/tmp/krb5cc_0
ERROR(runtime): Could not contact RPC server
[WERR_DNS_ERROR_DS_UNAVAILABLE] - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
the question, again....
the question is "how can I find out if RPC server for DNS (that is NOT
the dns server itself, it is the "administrative" part) is
"enabled") ?
and if it is not enabled.... how do I enable it ?
or alternatively, where (what file and possibly what "string") should
I
look for for possible invalid params related to RPC server for DNS ?
Il 2025-07-03 8:38 AM, Rowland Penny via samba ha
scritto:> samba-tool dns serverinfo rpidc1 --use-krb5-ccache=/tmp/krb5cc_0
Rowland Penny
2025-Jul-03 08:13 UTC
[Samba] WERR_DNS_ERROR_DS_UNAVAILABLE when asking for local dns server info
On Thu, 3 Jul 2025 08:59:35 +0200 "CED Ing. Damiano Bolla via samba" <samba at lists.samba.org> wrote:> this is what works > > ---------------------- > > root at vdce:/home/damiano/work# cat /etc/hostname > vdce > > ---------------------- > > root at vdce:/home/damiano/work# cat /etc/hosts > 127.0.0.1?????? localhost > 192.168.999.40? vdce.CONTOSO.local???? vdce > > ---------------------- > > root at vdce:/home/damiano/work# cat /etc/krb5.conf > [libdefaults] > ??????? default_realm = CONTOSO.LOCAL > ??????? dns_lookup_realm = false > ??????? dns_lookup_kdc = true > > [realms] > CONTOSO.LOCAL = { > ??????? default_domain = CONTOSO.local > } > > [domain_realm] > ??????? VDCE = CONTOSO.LOCAL > > ---------------------- > > root at vdce:/home/damiano/work# cat /etc/nsswitch.conf > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages > installed, try: # `info libc "Name Service Switch"' for information > about this file. > > passwd:???????? files > group:????????? files > shadow:???????? files > gshadow:??????? files > > #hosts:????????? files mdns4_minimal [NOTFOUND=return] dns > hosts:????????? files dns > networks:?????? files > > protocols:????? db files > services:?????? db files > ethers:???????? db files > rpc:??????????? db files > > netgroup:?????? nis > > ---------------------- > > root at vdce:/home/damiano/work# nslookup vdce > Server:???????? 192.168.999.40 > Address:??????? 192.168.999.40#53 > > Name:?? vdce.CONTOSO.local > Address: 192.168.999.40 > > ---------------------- > > root at vdce:/home/damiano/work#? net --use-krb5-ccache=/tmp/krb5cc_0 -S > virtdc time > Thu Jul? 3 08:50:12 2025 > > ---------------------- > > root at vdce:/home/damiano/work#? net --use-krb5-ccache=/tmp/krb5cc_0 -S > vdce time > Thu Jul? 3 08:49:31 2025 > ---------------------- > > I can use RSAT (from windows machine, clearly) to connect to xx.40 > and administer "active directory users and computers" > > ---------------------- I have removed the other windows machines from > the report > > PS C:\Users\xxxxxxx> repadmin /replsummary > Replication Summary Start Time: 2025-07-03 08:56:54 > > Source DSA????????? largest delta??? fails/total %%?? error > ?VDCD????????????????????? 03m:58s??? 0 /? 10??? 0 > > Destination DSA???? largest delta??? fails/total %%?? error > ?VDCD????????????????????? 59m:57s??? 0 /? 10??? 0 > >Well, everything looks ok, but I missed asking for /etc/resolv.conf, from what you have posted, it should look like this: search contoso.local nameserver 192.168.999.40 If it doesn't, then I suggest you edit it to match and try again.> ---------------------------------- however.... > > root at vdce:/home/damiano/work# samba-tool dns serverinfo vdce > --use-krb5-ccache=/tmp/krb5cc_0 > ERROR(runtime): Could not contact RPC server > [WERR_DNS_ERROR_DS_UNAVAILABLE] - (9717, > 'WERR_DNS_ERROR_DS_UNAVAILABLE') > > the question, again.... > > the question is "how can I find out if RPC server for DNS (that is > NOT the dns server itself, it is the "administrative" part) is > "enabled") ?Does running the following command on the DC produce output ?: ps ax | grep 'samba' | grep 'rpc' You could try the rpcclient command: rpcclient -U "" -N -I 192.168.999.40 -c srvinfo vdce Does that produce output ?> > and if it is not enabled.... how do I enable it ?Thing is, it should be enabled, there is a default line in smb.conf on a DC: server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns That is a list of the services that run on a DC and you have to remove the service from the list (either by entering the line in your smb.conf without the service(s) you want to stop or by entering "server services -'the_service_you_do_not_want_to_run' e.g. 'server services -dns') While writing this, I remembered something from the beginning of the year, so searched the mailing list archive, I wonder if this is your problem ? : https://lists.samba.org/archive/samba/2025-January/250736.html Rowland
Peter Milesson
2025-Jul-03 09:26 UTC
[Samba] WERR_DNS_ERROR_DS_UNAVAILABLE when asking for local dns server info
On 7/3/25 08:59, CED Ing. Damiano Bolla via samba wrote:> this is what works > > ---------------------- > > root at vdce:/home/damiano/work# cat /etc/hostname > vdce > > ---------------------- > > root at vdce:/home/damiano/work# cat /etc/hosts > 127.0.0.1?????? localhost > 192.168.999.40? vdce.CONTOSO.local???? vdce > > ---------------------- >Hi folks, the IP address 192.168.999.40 is not valid. Shouldn't it be 99 instead? Best regards, Peter> root at vdce:/home/damiano/work# cat /etc/krb5.conf > [libdefaults] > ??????? default_realm = CONTOSO.LOCAL > ??????? dns_lookup_realm = false > ??????? dns_lookup_kdc = true > > [realms] > CONTOSO.LOCAL = { > ??????? default_domain = CONTOSO.local > } > > [domain_realm] > ??????? VDCE = CONTOSO.LOCAL > > ---------------------- > > root at vdce:/home/damiano/work# cat /etc/nsswitch.conf > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, > try: > # `info libc "Name Service Switch"' for information about this file. > > passwd:???????? files > group:????????? files > shadow:???????? files > gshadow:??????? files > > #hosts:????????? files mdns4_minimal [NOTFOUND=return] dns > hosts:????????? files dns > networks:?????? files > > protocols:????? db files > services:?????? db files > ethers:???????? db files > rpc:??????????? db files > > netgroup:?????? nis > > ---------------------- > > root at vdce:/home/damiano/work# nslookup vdce > Server:???????? 192.168.999.40 > Address:??????? 192.168.999.40#53 > > Name:?? vdce.CONTOSO.local > Address: 192.168.999.40 > > ---------------------- > > root at vdce:/home/damiano/work#? net --use-krb5-ccache=/tmp/krb5cc_0 -S > virtdc time > Thu Jul? 3 08:50:12 2025 > > ---------------------- > > root at vdce:/home/damiano/work#? net --use-krb5-ccache=/tmp/krb5cc_0 -S > vdce time > Thu Jul? 3 08:49:31 2025 > ---------------------- > > I can use RSAT (from windows machine, clearly) to connect to xx.40 and > administer "active directory users and computers" > > ---------------------- I have removed the other windows machines from > the report > > PS C:\Users\xxxxxxx> repadmin /replsummary > Replication Summary Start Time: 2025-07-03 08:56:54 > > Source DSA????????? largest delta??? fails/total %%?? error > ?VDCD????????????????????? 03m:58s??? 0 /? 10??? 0 > > Destination DSA???? largest delta??? fails/total %%?? error > ?VDCD????????????????????? 59m:57s??? 0 /? 10??? 0 > > > ---------------------------------- however.... > > root at vdce:/home/damiano/work# samba-tool dns serverinfo vdce > --use-krb5-ccache=/tmp/krb5cc_0 > ERROR(runtime): Could not contact RPC server > [WERR_DNS_ERROR_DS_UNAVAILABLE] - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') > > the question, again.... > > the question is "how can I find out if RPC server for DNS (that is NOT > the dns server itself, it is the "administrative" part) is "enabled") ? > > and if it is not enabled.... how do I enable it ? > > or alternatively, where (what file and possibly what "string") should > I look for for possible invalid params related to RPC server for DNS ? > > > Il 2025-07-03 8:38 AM, Rowland Penny via samba ha scritto: >> samba-tool dns serverinfo rpidc1 --use-krb5-ccache=/tmp/krb5cc_0 >