[Samba] Win Clients and DNS

Viktor Trojanovic viktor at troja.ch
Mon Nov 16 18:39:56 UTC 2015



On 16.11.2015 18:25, Rowland Penny wrote:
> On 16/11/15 17:18, Viktor Trojanovic wrote:
>>
>>
>> On 16.11.2015 17:52, Rowland Penny wrote:
>>> On 16/11/15 16:35, James wrote:
>>>> On 11/16/2015 11:15 AM, Viktor Trojanovic wrote:
>>>>>
>>>>>
>>>>> On 16.11.2015 16:54, Ole Traupe wrote:
>>>>>> Is this your first-and-only DC ever for that domain?
>>>>>>
>>>>>> Did you try to re-join the Win clients with deleting the client 
>>>>>> objects after the 'leave'?
>>>>>>
>>>>>> Ole
>>>>>>
>>>>>
>>>>> Yes, first and only. As I said, it's more or less a lab setup that 
>>>>> I was planning to deploy on a very small scale.
>>>>>
>>>>> Re-join the win clients after deletion: I'm not sure what you 
>>>>> mean. Leaving the domain, then deleting the computer accounts in 
>>>>> the AD? What would the purpose of that be?
>>>>>
>>>>> Rowland and I came to the conclusion that it can't be a DNS issue. 
>>>>> And I checked the AD db, there are no errors there either.
>>>>>
>>>>> Viktor
>>>>>
>>>>>>
>>>>>> Am 16.11.2015 um 16:26 schrieb Viktor Trojanovic:
>>>>>>>
>>>>>>>
>>>>>>> On 16.11.2015 15:59, L.P.H. van Belle wrote:
>>>>>>>> There is nothing wrong with your policies.
>>>>>>>>
>>>>>>>> Test if it all works and if it does, ignore these messages.
>>>>>>>>
>>>>>>>> I having the same message. ( samba 4.2.5 )
>>>>>>>>
>>>>>>>> Gr.
>>>>>>>>
>>>>>>>> Louis
>>>>>>>
>>>>>>> I'm actually not sure about that. These are error, not warning 
>>>>>>> messages in the windows event viewer, and the concerned GP 
>>>>>>> folder is the same that sysvolcheck returns an error on. So, as 
>>>>>>> sysvolcheck on Linux returns the error on another folder, so 
>>>>>>> does the event viewer in Windows return an error on the same 
>>>>>>> folder and not the other one anymore.
>>>>>>>
>>>>>>> Something really strange is happening here.
>>>>>>>
>>>>>>>>
>>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>>>>>>>>> Viktor Trojanovic
>>>>>>>>> Verzonden: maandag 16 november 2015 15:54
>>>>>>>>> Aan: Rowland Penny; samba at lists.samba.org
>>>>>>>>> Onderwerp: Re: [Samba] Win Clients and DNS
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 16.11.2015 15:34, Rowland Penny wrote:
>>>>>>>>>> On 16/11/15 14:18, Viktor Trojanovic wrote:
>>>>>>>>>>> On 16.11.2015 14:22, L.P.H. van Belle wrote:
>>>>>>>>>>>> More explained..
>>>>>>>>>>>>
>>>>>>>>>>>> Only my laptops get a DHCP IP.
>>>>>>>>>>>> All my other computers have static ip.
>>>>>>>>>>>>
>>>>>>>>>>>> After the AD join, it does not matter if
>>>>>>>>>>>> 1) a desktop pc, when a static IP changes for a computer.
>>>>>>>>>>>> 2) a laptop gets a different IP.
>>>>>>>>>>>> The PC always updates its A and PTR
>>>>>>>>>>>>
>>>>>>>>>>>> So, in both cases my A and PTR records are changed in the DNS.
>>>>>>>>>>>>
>>>>>>>>>>>> Maybe an firewall setting on you pc is blocking the update 
>>>>>>>>>>>> to the
>>>>>>>>>>>> dns server or on the server you now allowing the dns updates.
>>>>>>>>>>>>
>>>>>>>>>>>> Can you have a look into that?
>>>>>>>>>>>>
>>>>>>>>>>>> Greetz,
>>>>>>>>>>>>
>>>>>>>>>>>> Louis
>>>>>>>>>>>>
>>>>>>>>>>> OK, so my situation is as follow:
>>>>>>>>>>>
>>>>>>>>>>> - NDS A and PTR are manually set on the Samba DNS for all 
>>>>>>>>>>> domain
>>>>>>>>> members
>>>>>>>>>>> - All clients have fixed IP addresses and are in the same 
>>>>>>>>>>> subnet as
>>>>>>>>>>> the Samba server
>>>>>>>>>>> - I disabled the Windows Firewall just to make sure there is 
>>>>>>>>>>> no block
>>>>>>>>>>> on the PC either
>>>>>>>>>>>
>>>>>>>>>>> ==> No change, I still get the same error message in the 
>>>>>>>>>>> windows
>>>>>>>>>>> event viewer.
>>>>>>>>>>>
>>>>>>>>>>> If I look at the error message, one line which seems wrong is
>>>>>>>>>>>
>>>>>>>>>>> ----> Sent update to server: <?>
>>>>>>>>>>>
>>>>>>>>>>> It does give the correct IP address in the following line 
>>>>>>>>>>> but is this
>>>>>>>>>>> how it should look?
>>>>>>>>>>>
>>>>>>>>>>> Viktor
>>>>>>>>>>>
>>>>>>>>>> OK, just had a thought, is the DC the *only* dns server in 
>>>>>>>>>> the Samba
>>>>>>>>>> domain ?
>>>>>>>>>>
>>>>>>>>>> Rowland
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> Yes, absolutely.
>>>>>>>>>
>>>>>>>>> On another topic, you saw my thread on sysvolreset. It's 
>>>>>>>>> driving me
>>>>>>>>> nuts. Everytime I run sysvolreset (which takes ages), and 
>>>>>>>>> subsequently
>>>>>>>>> run sysvolcheck, the error message names a different folder 
>>>>>>>>> than the
>>>>>>>>> sysvolcheck before. What's up with that? Is that normal? How 
>>>>>>>>> often am I
>>>>>>>>> supposed to run sysvolreset to make it work? Mind you, I only 
>>>>>>>>> have 8
>>>>>>>>> policies, no scripts or other files, and it's the only DC. And 
>>>>>>>>> the DB
>>>>>>>>> check command ran with 0 errors.
>>>>>>>>>
>>>>>>>>> Viktor
>>>>>>>>>
>>>>>>>>> -- 
>>>>>>>>> To unsubscribe from this list go to the following URL and read 
>>>>>>>>> the
>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>> Is this with Samba internal DNS? What version of Samba? Your 
>>>> original OP stated this to be the issue.
>>>>
>>>> "The system failed to register host (A or AAA) resource records 
>>>> (RRs) for network adapter with settings:"
>>>>
>>>> This doesn't necessarily mean something is wrong. Are you using 
>>>> secure or non-secure updates? Even though you are using static 
>>>> IP's, you will find these entries if one of the following was to 
>>>> happen and dns updates failed.
>>>>
>>>>  * A IP address was added or removed from the TCP/IP properties in 
>>>> Windows
>>>>  * Enforcing ipconfig /registerdns from a elevated command prompt
>>>>  * At startup
>>>>
>>>> Based on what you have said. It appears all A records belonging to 
>>>> the workstations are registered in DNS?
>>>>
>>>>
>>>
>>> You are probably right James, the OP initially gave the impression 
>>> that he didn't have the workstations records in DNS, this has been 
>>> proven to be incorrect, they are there. He also muddied the waters 
>>> with saying they are all fixed IPs, so it seems that everbody 
>>> focussed in on DNS problems, totally missing that it is a WINDOWS 
>>> problem, see here:
>>>
>>> http://support.simpledns.com/kb/a182/system-failed-to-register-host-resource-records-rrs-network-adapter___-warning-windows-event-log.aspx 
>>>
>>>
>>> So, to fix his problem, stop the windows machines from trying to 
>>> register their address in DNS.
>>>
>>> A quick google found this, first on the list.
>>>
>>> Rowland
>>>
>> Rowland, it might be that the linked page explains why the register 
>> fails but it doesn't say to solve the problem by stopping the 
>> machines to try to register their address. As you might have seen 
>> later in the discussion thread, there were differing opinions whether 
>> it is ok to uncheck that box or not. If dynamic registration is not 
>> needed/possible with Samba DNS and that box should be unchecked, then 
>> this might be something worth knowing, and maybe should be part of 
>> the wiki.
>>
>> Thanks for the help.
>>
>> Viktor
>>
>
> Dynamic updates are possible with Samba DNS but are not required if 
> you are using fixed IPs, if you do use DHCP, then you need to set up 
> Samba to allow dynamic updates.
>
> I did ask if there was anything in syslog on the DC, but you didn't 
> post anything.
>
> Rowland
>
>
I completely missed that. I was following journalctl all the time but 
there are no errors. It seems that I have to change some setting in 
order for Samba to log there too, but I checked those logs now and there 
isn't much, just a few of these:

dnsserver: Invalid zone operation IsSigned

That happened once, 8 hours ago, so probably not relevant. No other 
error logs.

OK, since I have static IP's, register DNS seems not relevant for me. I 
just wasn't aware that I have to register the clients manually.

Thanks,
Viktor





More information about the samba mailing list