I set up 2 samba ad dcs on Ubuntu Server 21.10 in a heterogeneous environment and came across some errors trying to remote backup DB of DC01 to DC02 via Samba-Tool. I hit up the mailing list and ended up rejoining the second DC which must've messed up some dns records. Clients of DC02 get the no internet globe in the taskbar which - after some tests - means a dns problem to me.
I was thinking about completely removing site 2 implementing dc02 in site 1 and set it up after control of functionality but im worried i'll end up worse than right now
i'll end up worse than right now.
DC02 is currently on site 2.
ipconfig DC01
network:
version: 2
renderer: networkd
ethernets:
eno1:
addresses:
- 192.168.50.11/24
nameservers:
addresses: [192.168.50.11, 10.0.1.9, 192.168.50.1]
routes:
- to: default
via: 192.168.50.1
ipconfig DC02
network:
version: 2
renderer: networkd
ethernets:
eno1:
addresses:
- 10.0.1.9/24
nameservers:
addresses: [192.168.50.11, 10.0.1.9]
routes:
- to: default
via: 10.0.1.253
smb.conf DC01
# Global parameters
[global]
min protocol = NT1
dns forwarder = 8.8.8.8
netbios name = dc01
realm = my.domain
server role = active directory domain controller
workgroup = my
idmap_ldb:use rfc2307 = yes
map to guest = Bad User
log file = /var/log/samba/%m
log level = 3
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/my.domain/scripts
read only = No
#--------------------location1----------------------------
[U2-X]
path = /var/lib/samba/shares/location1/U2/X
read only = no
[U1-X]
path = /var/lib/samba/shares/location1/U1/X
read only = no
[U1-Y]
path = /var/lib/samba/shares/location1/U1/Y
read only = no
[U1-Fetview]
path = /var/lib/samba/shares/location1/U1/Fetview
read only = no
[Z]
path = /var/lib/samba/shares/location1/Z
read only = no
[Scan]
path = /var/lib/samba/shares/location1/Scan
read only = no
smb.conf DC02
# Global parameters
[global]
dns forwarder = 8.8.8.8
netbios name = dc02
realm = my.domain
server role = active directory domain controller
workgroup = my
idmap_ldb:use rfc2307 = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/my.domain/scripts
read only = No
dcdiag
C:\Users\Administrator.my>dcdiag /test:dns /e /s:dc02.my.domain
Verzeichnisserverdiagnose
Anfangssetup wird ausgeführt:
* Identifizierte AD-Gesamtstruktur.
Auf dem Server dc02 ist bei der Attributsuche der LDAP-Suchfunktion ein Fehler aufgetreten. Rückgabewert = 81
Fehler beim Überprüfen des Domänencontrollers auf Verwendung von FRS oder DFSR. Fehler: Win32 Error 81 Die Tests
"VerifyReferences", "FrsEvent" und "DfsrEvent" können aufgrund dieses Fehlers möglicherweise nicht ausgeführt
werden.
Sammeln der Ausgangsinformationen abgeschlossen.
Erforderliche Anfangstests werden ausgeführt.
Server wird getestet: Location1\dc01
Starting test: Connectivity
......................... dc01 hat den Test Connectivity bestanden.
Server wird getestet: Location2\dc02
Starting test: Connectivity
Der Host 72041d70-edc8-4609-ba97-caf97ed84c23._msdcs.my.domain konnte nicht zu einer IP-Adresse aufgelöst
werden. Überprüfen Sie DNS-Server, DHCP, Servername, usw.
Fehler beim Überprüfen der LDAP- und RPC-Konnektivität. Überprüfen Sie die Firewalleinstellungen.
......................... Der Test Connectivity für dc02 ist fehlgeschlagen.
Primärtests werden ausgeführt.
Server wird getestet: Location1\dc01
Server wird getestet: Location2\dc02
Starting test: DNS
Starting test: DNS
DNS-Tests werden ordnungsgemäß ausgeführt. Warten Sie einige Minuten...
......................... Der Test DNS für dc01 ist fehlgeschlagen.
......................... Der Test DNS für dc02 ist fehlgeschlagen.
Partitionstests werden ausgeführt auf: my
Partitionstests werden ausgeführt auf: Schema
Partitionstests werden ausgeführt auf: ForestDnsZones
Partitionstests werden ausgeführt auf: Configuration
Partitionstests werden ausgeführt auf: DomainDnsZones
Unternehmenstests werden ausgeführt auf: my.domain
Starting test: DNS
Testergebnisse für Domänencontroller:
Domänencontroller: dc02.my.domain
Domäne: my.domain
TEST: Basic (Basc)
Fehler: Keine LDAP-Konnektivität
Error: No WMI connectivity
Für diesen Domänencontroller wurden keine Hosteinträge (A oder AAAA) gefunden.
Domänencontroller: dc01.my.domain
Domäne: my.domain
TEST: Basic (Basc)
Error: No WMI connectivity
Für diesen Domänencontroller wurden keine Hosteinträge (A oder AAAA) gefunden.
Zusammenfassung der DNS-Testergebnisse:
Auth. Bas. Weiterl. Entf. Dyn. RReg. Erw.
_________________________________________________________________
Domäne: my.domain
dc02 PASS FAIL n/a n/a n/a n/a n/a
dc01 PASS FAIL n/a n/a n/a n/a n/a
......................... Der Test DNS für my.domain ist fehlgeschlagen.
RSAT-DNS
If i check the DNS-Entries now it all seems right.
my.domain
mcdns
dnsupdate
IPs: ['10.0.1.9']
force update: A dc01.my.domain 10.0.1.9
force update: CNAME a452ed54-667a-43d3-9182-21d84a4919a4._msdcs.my.domain dadc0 1.my.domain
force update: NS my.domain dc01.my.domain
force update: NS _msdcs.my.domain dc01.my.domain
force update: A my.domain 10.0.1.9
force update: SRV _ldap._tcp.my.domain dc01.my.domain 389
force update: SRV _ldap._tcp.dc._msdcs.my.domain dc01.my.domain 389
force update: SRV _ldap._tcp.32052c12-4458-47f7-adb0-95f7c16fc694.domains._msdcs .my.domain dc01.my.domain 389
force update: SRV _kerberos._tcp.my.domain dc01.my.domain 88
force update: SRV _kerberos._udp.my.domain dc01.my.domain 88
force update: SRV _kerberos._tcp.dc._msdcs.my.domain dc01.my.domain 88
force update: SRV _kpasswd._tcp.my.domain dc01.my.domain 464
force update: SRV _kpasswd._udp.my.domain dc01.my.domain 464
force update: SRV _ldap._tcp.Location1._sites.my.domain dc01.my.domain 389
force update: SRV _ldap._tcp.Location1._sites.dc._msdcs.my.domain dc01.my.in tern 389
force update: SRV _kerberos._tcp.Location1._sites.my.domain dc01.my.domain 8 8
force update: SRV _kerberos._tcp.Location1._sites.dc._msdcs.my.domain dc01.mv z.domain 88
force update: SRV _ldap._tcp.pdc._msdcs.my.domain dc01.my.domain 389
force update: A gc._msdcs.my.domain 10.0.1.9
force update: SRV _gc._tcp.my.domain dc01.my.domain 3268
force update: SRV _ldap._tcp.gc._msdcs.my.domain dc01.my.domain 3268
force update: SRV _gc._tcp.Location1._sites.my.domain dc01.my.domain 3268
force update: SRV _ldap._tcp.Location1._sites.gc._msdcs.my.domain dc01.my.in tern 3268
force update: A DomainDnsZones.my.domain 10.0.1.9
force update: SRV _ldap._tcp.DomainDnsZones.my.domain dc01.my.domain 389
force update: SRV _ldap._tcp.Location1._sites.DomainDnsZones.my.domain dc01.m vz.domain 389
force update: A ForestDnsZones.my.domain 10.0.1.9
force update: SRV _ldap._tcp.ForestDnsZones.my.domain dc01.my.domain 389
force update: SRV _ldap._tcp.Location1._sites.ForestDnsZones.my.domain dc01.m vz.domain 389
29 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
update(nsupdate): A dc01.my.domain 10.0.1.9
Calling nsupdate for A dc01.my.domain 10.0.1.9 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
dc01.my.domain. 900 IN A 10.0.1.9
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): CNAME a452ed54-667a-43d3-9182-21d84a4919a4._msdcs.my.domain d adc01.my.domain
Calling nsupdate for CNAME a452ed54-667a-43d3-9182-21d84a4919a4._msdcs.my.inter n dc01.my.domain (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
a452ed54-667a-43d3-9182-21d84a4919a4._msdcs.my.domain. 900 IN CNAME dc01.my. domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): NS my.domain dc01.my.domain
Calling nsupdate for NS my.domain dc01.my.domain (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
my.domain. 900 IN NS dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): NS _msdcs.my.domain dc01.my.domain
Calling nsupdate for NS _msdcs.my.domain dc01.my.domain (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_msdcs.my.domain. 900 IN NS dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): A my.domain 10.0.1.9
Calling nsupdate for A my.domain 10.0.1.9 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
my.domain. 900 IN A 10.0.1.9
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.my.domain dc01.my.domain 389
Calling nsupdate for SRV _ldap._tcp.my.domain dc01.my.domain 389 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.my.domain. 900 IN SRV 0 100 389 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.dc._msdcs.my.domain dc01.my.domain 389
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.my.domain dc01.my.domain 389 ( add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.my.domain. 900 IN SRV 0 100 389 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.32052c12-4458-47f7-adb0-95f7c16fc694.domains._m sdcs.my.domain dc01.my.domain 389
Calling nsupdate for SRV _ldap._tcp.32052c12-4458-47f7-adb0-95f7c16fc694.domains ._msdcs.my.domain dc01.my.domain 389 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.32052c12-4458-47f7-adb0-95f7c16fc694.domains._msdcs.my.domain. 900 I N SRV 0 100 389 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _kerberos._tcp.my.domain dc01.my.domain 88
Calling nsupdate for SRV _kerberos._tcp.my.domain dc01.my.domain 88 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.my.domain. 900 IN SRV 0 100 88 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _kerberos._udp.my.domain dc01.my.domain 88
Calling nsupdate for SRV _kerberos._udp.my.domain dc01.my.domain 88 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._udp.my.domain. 900 IN SRV 0 100 88 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _kerberos._tcp.dc._msdcs.my.domain dc01.my.domain 88
Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.my.domain dc01.my.domain 8 8 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.my.domain. 900 IN SRV 0 100 88 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _kpasswd._tcp.my.domain dc01.my.domain 464
Calling nsupdate for SRV _kpasswd._tcp.my.domain dc01.my.domain 464 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.my.domain. 900 IN SRV 0 100 464 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _kpasswd._udp.my.domain dc01.my.domain 464
Calling nsupdate for SRV _kpasswd._udp.my.domain dc01.my.domain 464 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.my.domain. 900 IN SRV 0 100 464 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.Location1._sites.my.domain dc01.my.domain 3 89
Calling nsupdate for SRV _ldap._tcp.Location1._sites.my.domain dc01.my.inter n 389 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Location1._sites.my.domain. 900 IN SRV 0 100 389 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.Location1._sites.dc._msdcs.my.domain dc01.mv z.domain 389
Calling nsupdate for SRV _ldap._tcp.Location1._sites.dc._msdcs.my.domain dc01 .my.domain 389 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Location1._sites.dc._msdcs.my.domain. 900 IN SRV 0 100 389 dc01.mv z.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _kerberos._tcp.Location1._sites.my.domain dc01.my.inte rn 88
Calling nsupdate for SRV _kerberos._tcp.Location1._sites.my.domain dc01.my.i ntern 88 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Location1._sites.my.domain. 900 IN SRV 0 100 88 dc01.my.inter n.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _kerberos._tcp.Location1._sites.dc._msdcs.my.domain dadc0 1.my.domain 88
Calling nsupdate for SRV _kerberos._tcp.Location1._sites.dc._msdcs.my.domain da dc01.my.domain 88 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Location1._sites.dc._msdcs.my.domain. 900 IN SRV 0 100 88 dc01 .my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.pdc._msdcs.my.domain dc01.my.domain 389
Calling nsupdate for SRV _ldap._tcp.pdc._msdcs.my.domain dc01.my.domain 389 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.pdc._msdcs.my.domain. 900 IN SRV 0 100 389 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): A gc._msdcs.my.domain 10.0.1.9
Calling nsupdate for A gc._msdcs.my.domain 10.0.1.9 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.my.domain. 900 IN A 10.0.1.9
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _gc._tcp.my.domain dc01.my.domain 3268
Calling nsupdate for SRV _gc._tcp.my.domain dc01.my.domain 3268 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.my.domain. 900 IN SRV 0 100 3268 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.gc._msdcs.my.domain dc01.my.domain 3268
Calling nsupdate for SRV _ldap._tcp.gc._msdcs.my.domain dc01.my.domain 3268 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.my.domain. 900 IN SRV 0 100 3268 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _gc._tcp.Location1._sites.my.domain dc01.my.domain 326 8
Calling nsupdate for SRV _gc._tcp.Location1._sites.my.domain dc01.my.domain 3268 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.Location1._sites.my.domain. 900 IN SRV 0 100 3268 dc01.my.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.Location1._sites.gc._msdcs.my.domain dc01.mv z.domain 3268
Calling nsupdate for SRV _ldap._tcp.Location1._sites.gc._msdcs.my.domain dc01 .my.domain 3268 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Location1._sites.gc._msdcs.my.domain. 900 IN SRV 0 100 3268 dc01.m vz.domain.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): A DomainDnsZones.my.domain 10.0.1.9
Calling nsupdate for A DomainDnsZones.my.domain 10.0.1.9 (add)
Successfully obtained Kerberos ticket to DNS/dc01.my.domain as dc02$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DomainDnsZones.my.domain. 900 IN A 10.0.1.9
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.DomainDnsZones.my.domain dc01.my.domain 389
Calling nsupdate for SRV _ldap._tcp.DomainDnsZones.my.domain dc01.my.domain
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
Failed update of 29 entries
What came to my attention is, the duplicate 10...* IP with the DC01 as Host.
I tried deleting duplicate or wrong pointed records but they appear again after refreshing - using samba-tool as well as rsat && The entries of the second site Location2 are also pointing to DC01. Will setting these correctly fix the dns issues? Can someone tell what is wrong? I'm worried rejoining will only mess them up even more. How would you troubleshoot this?
