[Samba] ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL

Bob of Donelson Trophy bob at donelsontrophy.net
Sun Feb 8 12:03:17 MST 2015 

 

Okay!!! My member server ip address is 192.168.**.56 (static). 

When I run your command it is reporting the ip address of 192.168.**.55
(which is my DC02 address.) 

So, I need to correct this. How do I remove the 'old member server' ip
address 192.168.**.55 reference and correct to 192.168.**.56? 

---

-------------------------

Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [1]

"Everyone deserves an award!!"

On 2015-02-08 12:50, Rowland Penny wrote: 

> On 08/02/15 18:37, Bob of Donelson Trophy wrote: 
> 
> On DC01. Same result, have to enter password twice . . . twice? 
> 
> Same output complaints . . . line for line. 
> 
> Hum-m-m! 
> ---
> 
> -------------------------
> 
> Bob Wooden of Donelson Trophy
> 
> 615.885.2846 (main)
> www.donelsontrophy.com [1]
> 
> "Everyone deserves an award!!"
> 
> On 2015-02-08 12:25, Rowland Penny wrote: 
> On 08/02/15 18:20, Bob of Donelson Trophy wrote: 
> 
> Seems very strange (to me) that I need to enter the "Password for [DTS***Mroot]:" twice? 
> 
> And then the second question, what is the [DTS***Mroot] password, my "root" password for the DC01 or my "domainAdministrator" password? (Tried both.) 
> 
> And then I get: 
> 
> Failed to bind to uuid 50abc2a4-5**d-40b3-9**6-ee4fd5fba076 for 50abc2a4-5**d-40b3-9**6-ee4fd5fba076 at ncacn_ip_tcp:dtdc01[1024,sign] NT_STATUS_LOGON_FAILURE
> ERROR(runtime): uncaught exception - (-1073741715, 'Logon failure')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 1056, in run
> dns_conn = dns_connect(server, self.lp, self.creds)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 37, in dns_connect
> dns_conn = dnsserver.dnsserver(binding_str, lp, creds) 
> 
> Hum-m-m-m? 
> ---
> 
> -------------------------
> 
> Bob Wooden of Donelson Trophy
> 
> 615.885.2846 (main)
> www.donelsontrophy.com [1]
> 
> "Everyone deserves an award!!"
> 
> On 2015-02-08 08:37, Rowland Penny wrote: 
> 
> On 08/02/15 14:20, Bob of Donelson Trophy wrote:
> Once again, Bob is in 'the land of unknown bind knowledge.' What type of data am I adding? Shouldn't dns_update be run when adding the member server? Is this a "simple-bind-dn"? hum-m-m-m! --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] [1 [1]] "Everyone deserves an award!!" On 2015-02-08 02:56, Rowland Penny wrote: On 06/02/15 18:45, Bob of Donelson Trophy wrote: I have been struggling with getting a member server to join my domain. Thanks to testing and using a VM, I can get the test member server to join my domain. The member server on "real hardware" cannot join, well sort of. When I "join", I get: net ads join -U Administrator Enter Administrator's password: Using short domain name -- DTS***M Joined 'DTMBR01' to dns domain 'dts***m.lan' DNS Update for dtmember01.dts***m.lan failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL And when I "leave", I get: net ads leave -U Administrator Enter
Administrator's password: Deleted account for 'DTMBR01' in realm 'DTS***M.LAN' So, I look for what where? Hi Bob, your machine is actually joining the domain, it is the dns adding bit that is failing, try joining again and see if you can connect from another client, if it doesn't, run 'samba-tool dns add --help' and from this work out how to add the computers dns records. Rowland
 Links: ------ [1] http://www.donelsontrophy.com [1] 

OK, test your member server DNS record in AD:

Run this on the server:

samba-tool dns query <DC FQDN> <DNS Domain> <Member Server FQDN> A

Where:

<DC FQDN> is the fully qualified domain name of the DC i.e.
DC.example.com
<DNS Domain> is the domain name you are using i.e. example.com
<Member Server FQDN> is the fully qualified domain name of the Member
Server i.e. memberserver.example.com

If it isn't there, then add it:

samba-tool dns add <DC FQDN> <DNS Domain> <Member Server FQDN> A
<IPaddress>

<IPaddress> is the member server ipaddress i.e. 192.168.0.247

Rowland

 Rats, Add '-U Administrator --password=<your AD Administrator
password>' to the commands, it should work then, or try running the
commands on the DC, they should work there without the password.

 Rowland OK, you have to use the Administrator password, even on the DC,
this is the command & output when run on a DC:

 root at dc01:~# samba-tool dns query dc01.home.lan home.lan
memtest2.home.lan A -U Administrator --password=**********
 Name=, Records=1, Children=0
 A: 192.168.0.247 (flags=f0, serial=65, ttl=3600)

 and again, but on a member server:

 root at memtest2:~# samba-tool dns query dc01.home.lan home.lan
memtest2.home.lan A -U Administrator --password=**********
 Name=, Records=1, Children=0
 A: 192.168.0.247 (flags=f0, serial=65, ttl=3600)

 Rowland

 

Links:
------
[1] http://www.donelsontrophy.com

More information about the samba mailing list