Secondary DC not registered with KDC
Aaron E.
ssureshot at gmail.com
Thu Jun 7 09:51:32 MDT 2012
I'm scratching my head with this.. Is this a normal error with debug 3?
Any help in direction or troubleshooting with this is appreciated. Any
searches I can perform on the DB or items I need to delete or add?
I believe this has been a good DB since alpha 18 or 19.. This is the
DB that I would like to turn production if I can clean up the errors and
get Secondary DC DNS worked through and working.. I'd hate to have to
reconfigure my terminal servers and group policy, squid and mailservers
that I've setup tuned to this installation.. I would love to start
migrating users in the next few weeks ..
Got NTLMSSP neg_flags=0x60088235
Server ldap/astrodc2.astrointernal.com at ASTROINTERNAL.COM is not
registered with our KDC: Miscellaneous failure (see text): Server
(ldap/astrodc2.astrointernal.com at ASTROINTERNAL.COM) unknown
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_INVALID_PARAMETER
root at adc2--/opt/samba4/etc\>> ldbsearch -H ldap://astrodc1
-Uadministrator%xxxxxxx |grep ldap
servicePrincipalName: ldap/ASTRODC2.astrointernal.com/ASTROINTERNAL
servicePrincipalName: ldap/ASTRODC2.astrointernal.com
servicePrincipalName: ldap/ASTRODC2.astrointernal.com/astrointernal.com
servicePrincipalName:
ldap/be899af6-ed2d-482b-946b-c00e89915cc2._msdcs.astroin
servicePrincipalName: ldap/ASTRODC2
servicePrincipalName: ldap/astrodc1.astrointernal.com/ASTROINTERNAL
servicePrincipalName: ldap/astrodc1.astrointernal.com
servicePrincipalName: ldap/astrodc1.astrointernal.com/astrointernal.com
servicePrincipalName:
ldap/8b2675ab-c9f9-4859-85fe-425b65483ffe._msdcs.astroin
servicePrincipalName: ldap/ASTRODC1
servicePrincipalName: ldap/ASTRODC2.astrointernal.com/ASTROINTERNAL
servicePrincipalName: ldap/ASTRODC2.astrointernal.com
servicePrincipalName: ldap/ASTRODC2.astrointernal.com/astrointernal.com
servicePrincipalName:
ldap/db0a2e8d-f331-4034-b0a3-f44b9cefc246._msdcs.astroin
servicePrincipalName:
ldap/astrodc1.astrointernal.com/DomainDnsZones.astrointe
servicePrincipalName:
ldap/astrodc1.astrointernal.com/ForestDnsZones.astrointe
ref: ldap://astrointernal.com/CN=Configuration,DC=astrointernal,DC=com
ref: ldap://astrointernal.com/DC=DomainDnsZones,DC=astrointernal,DC=com
ref: ldap://astrointernal.com/DC=ForestDnsZones,DC=astrointernal,DC=com
On 06/06/2012 10:30 AM, Aaron E. wrote:
> First Great work buys Congrats on the Beta!
>
> Second, Replication is working but I am getting the following errors
> about the DC2 not being registered wth the kdc. I've listed DC1 log
> first and second I've added the output from samba-tool-drs showrepl..
>
> The secondary DC was demoted and re-joined as the secondary dc.
>
> Let me know what else you need and I will get it to you..
>
> DC1 Samba Log
>
> 2012/06/06 10:25:08, 3]
> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed building TGS-REP to ipv4:10.150.10.12:37198
> [2012/06/06 10:25:08, 3]
> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: TGS-REQ ASTRODC2$@ASTROINTERNAL.COM from
> ipv4:10.150.10.12:43124 for
> ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM [canonicalize]
> [2012/06/06 10:25:08, 3]
> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Searching referral for ASTRODC2.ASTROINTERNAL.COM
> [2012/06/06 10:25:08, 3]
> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Server not found in database:
> ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM: no such entry found
> in hdb
> [2012/06/06 10:25:08, 3]
> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed building TGS-REP to ipv4:10.150.10.12:43124
> [2012/06/06 10:25:08, 3]
> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: TGS-REQ ASTRODC2$@ASTROINTERNAL.COM from
> ipv4:10.150.10.12:54582 for
> ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM
> [2012/06/06 10:25:08, 3]
> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Server not found in database:
> ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM: no such entry found
> in hdb
> [2012/06/06 10:25:08, 3]
> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed building TGS-REP to ipv4:10.150.10.12:54582
> [2012/06/06 10:25:08, 3]
> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: TGS-REQ ASTRODC2$@ASTROINTERNAL.COM from
> ipv4:10.150.10.12:45942 for
> ldap/astrodc2.astrointernal.com at ASTROINTERNAL.COM [canonicalize]
> [2012/06/06 10:25:08, 3]
> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
>
> DC2
> root at astrodc2--~\>> samba-tool drs showrepl
> ldb_wrap open of secrets.ldb
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'sasl-DIGEST-MD5' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:astrodc2.astrointernal.com[,seal]
> Server ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM is not
> registered with our KDC: Miscellaneous failure (see text): Server
> (ldap/ASTRODC2.ASTROINTERNAL.COM at ASTROINTERNAL.COM) unknown
> SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
> NT_STATUS_INVALID_PARAMETER
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60898235
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088235
> Server ldap/astrodc2.astrointernal.com at ASTROINTERNAL.COM is not
> registered with our KDC: Miscellaneous failure (see text): Server
> (ldap/astrodc2.astrointernal.com at ASTROINTERNAL.COM) unknown
> SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
> NT_STATUS_INVALID_PARAMETER
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60898205
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088205
> Default-First-Site-Name\ASTRODC2
> DSA Options: 0x00000001
> DSA object GUID: be899af6-ed2d-482b-946b-c00e89915cc2
> DSA invocationId: a2db161f-fde2-4358-982c-a980ead61a6a
>
> ==== INBOUND NEIGHBORS ====
>
> DC=astrointernal,DC=com
> Default-First-Site-Name\ASTRODC1 via RPC
> DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
> Last attempt @ Wed Jun 6 10:16:01 2012 EDT was successful
> 0 consecutive failure(s).
> Last success @ Wed Jun 6 10:16:01 2012 EDT
>
> CN=Schema,CN=Configuration,DC=astrointernal,DC=com
> Default-First-Site-Name\ASTRODC1 via RPC
> DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
> Last attempt @ Wed Jun 6 10:16:01 2012 EDT was successful
> 0 consecutive failure(s).
> Last success @ Wed Jun 6 10:16:01 2012 EDT
>
> CN=Configuration,DC=astrointernal,DC=com
> Default-First-Site-Name\ASTRODC1 via RPC
> DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
> Last attempt @ Wed Jun 6 10:16:01 2012 EDT was successful
> 0 consecutive failure(s).
> Last success @ Wed Jun 6 10:16:01 2012 EDT
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=astrointernal,DC=com
> Default-First-Site-Name\ASTRODC1 via RPC
> DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=astrointernal,DC=com
> Default-First-Site-Name\ASTRODC1 via RPC
> DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=astrointernal,DC=com
> Default-First-Site-Name\ASTRODC1 via RPC
> DSA object GUID: 8b2675ab-c9f9-4859-85fe-425b65483ffe
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: ca599f3b-0bd6-48eb-9a3d-43b9d3d4a879
> Enabled : TRUE
> Server DNS name : ASTRODC2.astrointernal.com
> Server DN name : CN=NTDS
> Settings,CN=ASTRODC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=astrointernal,DC=com
>
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
More information about the samba-technical
mailing list