CED Ing. Damiano Bolla
2025-Jul-03 09:31 UTC
[Samba] WERR_DNS_ERROR_DS_UNAVAILABLE when asking for local dns server info
999 and CONTOSO is a replaced string for the actual content.... as i have written I can use RSAT domain admin to "talk" to the samba server the question is specifically related to RPC and DNS management, since the actual DNS works Il 2025-07-03 11:26 AM, Peter Milesson via samba ha scritto:> > On 7/3/25 08:59, CED Ing. Damiano Bolla via samba wrote: >> this is what works >> >> ---------------------- >> >> root at vdce:/home/damiano/work# cat /etc/hostname >> vdce >> >> ---------------------- >> >> root at vdce:/home/damiano/work# cat /etc/hosts >> 127.0.0.1?????? localhost >> 192.168.999.40? vdce.CONTOSO.local???? vdce >> >> ---------------------- >> > Hi folks, > > the IP address 192.168.999.40 is not valid. Shouldn't it be 99 instead? > > Best regards, > > Peter > > >> root at vdce:/home/damiano/work# cat /etc/krb5.conf >> [libdefaults] >> ??????? default_realm = CONTOSO.LOCAL >> ??????? dns_lookup_realm = false >> ??????? dns_lookup_kdc = true >> >> [realms] >> CONTOSO.LOCAL = { >> ??????? default_domain = CONTOSO.local >> } >> >> [domain_realm] >> ??????? VDCE = CONTOSO.LOCAL >> >> ---------------------- >> >> root at vdce:/home/damiano/work# cat /etc/nsswitch.conf >> # /etc/nsswitch.conf >> # >> # Example configuration of GNU Name Service Switch functionality. >> # If you have the `glibc-doc-reference' and `info' packages >> installed, try: >> # `info libc "Name Service Switch"' for information about this file. >> >> passwd:???????? files >> group:????????? files >> shadow:???????? files >> gshadow:??????? files >> >> #hosts:????????? files mdns4_minimal [NOTFOUND=return] dns >> hosts:????????? files dns >> networks:?????? files >> >> protocols:????? db files >> services:?????? db files >> ethers:???????? db files >> rpc:??????????? db files >> >> netgroup:?????? nis >> >> ---------------------- >> >> root at vdce:/home/damiano/work# nslookup vdce >> Server:???????? 192.168.999.40 >> Address:??????? 192.168.999.40#53 >> >> Name:?? vdce.CONTOSO.local >> Address: 192.168.999.40 >> >> ---------------------- >> >> root at vdce:/home/damiano/work#? net --use-krb5-ccache=/tmp/krb5cc_0 -S >> virtdc time >> Thu Jul? 3 08:50:12 2025 >> >> ---------------------- >> >> root at vdce:/home/damiano/work#? net --use-krb5-ccache=/tmp/krb5cc_0 -S >> vdce time >> Thu Jul? 3 08:49:31 2025 >> ---------------------- >> >> I can use RSAT (from windows machine, clearly) to connect to xx.40 >> and administer "active directory users and computers" >> >> ---------------------- I have removed the other windows machines from >> the report >> >> PS C:\Users\xxxxxxx> repadmin /replsummary >> Replication Summary Start Time: 2025-07-03 08:56:54 >> >> Source DSA????????? largest delta??? fails/total %%?? error >> ?VDCD????????????????????? 03m:58s??? 0 /? 10??? 0 >> >> Destination DSA???? largest delta??? fails/total %%?? error >> ?VDCD????????????????????? 59m:57s??? 0 /? 10??? 0 >> >> >> ---------------------------------- however.... >> >> root at vdce:/home/damiano/work# samba-tool dns serverinfo vdce >> --use-krb5-ccache=/tmp/krb5cc_0 >> ERROR(runtime): Could not contact RPC server >> [WERR_DNS_ERROR_DS_UNAVAILABLE] - (9717, >> 'WERR_DNS_ERROR_DS_UNAVAILABLE') >> >> the question, again.... >> >> the question is "how can I find out if RPC server for DNS (that is >> NOT the dns server itself, it is the "administrative" part) is >> "enabled") ? >> >> and if it is not enabled.... how do I enable it ? >> >> or alternatively, where (what file and possibly what "string") should >> I look for for possible invalid params related to RPC server for DNS ? >> >> >> Il 2025-07-03 8:38 AM, Rowland Penny via samba ha scritto: >>> samba-tool dns serverinfo rpidc1 --use-krb5-ccache=/tmp/krb5cc_0 >> >
Rowland Penny
2025-Jul-03 09:42 UTC
[Samba] WERR_DNS_ERROR_DS_UNAVAILABLE when asking for local dns server info
On Thu, 3 Jul 2025 11:31:32 +0200 "CED Ing. Damiano Bolla via samba" <samba at lists.samba.org> wrote:> 999 and CONTOSO is a replaced string for the actual content....Replacing your domain with CONTOSO, I can understand, but replacing an internal IPv4 address, doesn't make sense, it is unroutable outside your network. Rowland