Secondary DC not registered with KDC
Aaron E.
ssureshot at gmail.com
Wed Jun 6 08:30:07 MDT 2012
First Great work buys Congrats on the Beta!
Second, Replication is working but I am getting the following errors
about the DC2 not being registered wth the kdc. I've listed DC1 log
first and second I've added the output from samba-tool-drs showrepl..
The secondary DC was demoted and re-joined as the secondary dc.
Let me know what else you need and I will get it to you..
DC1 Samba Log
2012/06/06 10:25:08, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed building TGS-REP to ipv4:10.150.10.12:37198
[2012/06/06 10:25:08, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ ASTRODC2$@ASTROINTERNAL.COM from
ipv4:10.150.10.12:43124 for
ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM [canonicalize]
[2012/06/06 10:25:08, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Searching referral for ASTRODC2.ASTROINTERNAL.COM
[2012/06/06 10:25:08, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Server not found in database:
ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM: no such entry found
in hdb
[2012/06/06 10:25:08, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed building TGS-REP to ipv4:10.150.10.12:43124
[2012/06/06 10:25:08, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ ASTRODC2$@ASTROINTERNAL.COM from
ipv4:10.150.10.12:54582 for
ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM
[2012/06/06 10:25:08, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Server not found in database:
ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM: no such entry found
in hdb
[2012/06/06 10:25:08, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed building TGS-REP to ipv4:10.150.10.12:54582
[2012/06/06 10:25:08, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ ASTRODC2$@ASTROINTERNAL.COM from
ipv4:10.150.10.12:45942 for
ldap/astrodc2.astrointernal.com at ASTROINTERNAL.COM [canonicalize]
[2012/06/06 10:25:08, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
DC2
root at astrodc2--~\>> samba-tool drs showrepl
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:astrodc2.astrointernal.com[,seal]
Server ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM is not
registered with our KDC: Miscellaneous failure (see text): Server
(ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM) unknown
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_INVALID_PARAMETER
Got challenge flags:
Got NTLMSSP neg_flags=0x60898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
Server ldap/astrodc2.astrointernal.com at ASTROINTERNAL.COM is not
registered with our KDC: Miscellaneous failure (see text): Server
(ldap/astrodc2.astrointernal.com at ASTROINTERNAL.COM) unknown
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_INVALID_PARAMETER
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
Default-First-Site-Name\ASTRODC2
DSA Options: 0x00000001
DSA object GUID: be899af6-ed2d-482b-946b-c00e89915cc2
DSA invocationId: a2db161f-fde2-4358-982c-a980ead61a6a
==== INBOUND NEIGHBORS ====
DC=astrointernal,DC=com
Default-First-Site-Name\ASTRODC1 via RPC
DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
Last attempt @ Wed Jun 6 10:16:01 2012 EDT was successful
0 consecutive failure(s).
Last success @ Wed Jun 6 10:16:01 2012 EDT
CN=Schema,CN=Configuration,DC=astrointernal,DC=com
Default-First-Site-Name\ASTRODC1 via RPC
DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
Last attempt @ Wed Jun 6 10:16:01 2012 EDT was successful
0 consecutive failure(s).
Last success @ Wed Jun 6 10:16:01 2012 EDT
CN=Configuration,DC=astrointernal,DC=com
Default-First-Site-Name\ASTRODC1 via RPC
DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
Last attempt @ Wed Jun 6 10:16:01 2012 EDT was successful
0 consecutive failure(s).
Last success @ Wed Jun 6 10:16:01 2012 EDT
==== OUTBOUND NEIGHBORS ====
DC=astrointernal,DC=com
Default-First-Site-Name\ASTRODC1 via RPC
DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=astrointernal,DC=com
Default-First-Site-Name\ASTRODC1 via RPC
DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=astrointernal,DC=com
Default-First-Site-Name\ASTRODC1 via RPC
DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: ca599f3b-0bd6-48eb-9a3d-43b9d3d4a879
Enabled : TRUE
Server DNS name : ASTRODC2.astrointernal.com
Server DN name : CN=NTDS
Settings,CN=ASTRODC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=astrointernal,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
More information about the samba-technical
mailing list