[Samba] Samba 4.2.14 Group Policy (GPO) sync error

rme at bluemail.ch rme at bluemail.ch
Thu Aug 4 13:00:10 UTC 2016 

Perhaps I am on the wrong track but I would like to share some 
additional observations...

I quickly enabled DNS query logging:
     # rndc querylog


Then run another gpupdate on the client.

During the Update I see lots of queries:

04-Aug-2016 14:46:58.414 queries: info: client 10.0.1.186#59270 
(_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local): 
view internal: query: 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local 
IN SRV + (10.0.1.6)
04-Aug-2016 14:46:59.223 queries: info: client 10.0.1.186#50476 
(_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local): 
view internal: query: 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local 
IN SRV + (10.0.1.6)
04-Aug-2016 14:46:59.428 queries: info: client 10.0.1.186#58473 
(_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local): 
view internal: query: 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local 
IN SRV + (10.0.1.6)
... [message repeated 16 times in total]

or with IPv6 enabled:
04-Aug-2016 14:57:42.217 queries: info: client 
fdea:5b48:d4c1:1:68f2:fa7c:db26:ce22#53050 
(_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local): 
view internal: query: 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local 
IN SRV + (fdea:5b48:d4c1:1:1::6)
04-Aug-2016 14:57:42.401 queries: info: client 
fdea:5b48:d4c1:1:68f2:fa7c:db26:ce22#63158 
(_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local): 
view internal: query: 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local 
IN SRV + (fdea:5b48:d4c1:1:1::6)
04-Aug-2016 14:57:42.711 queries: info: client 
fdea:5b48:d4c1:1:68f2:fa7c:db26:ce22#64202 
(_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local): 
view internal: query: 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local 
IN SRV + (fdea:5b48:d4c1:1:1::6)
... [message repeated 16 times in total]


I did query this from the client:

C:\Temp>nslookup -type=SRV 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local
Server:  skynet.ad.cyberdyne.local
Address:  fdea:5b48:d4c1:1:1::6

_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local 
SRV service location:
           priority       = 0
           weight         = 100
           port           = 389
           svr hostname   = skynet.ad.cyberdyne.local
_msdcs.ad.cyberdyne.local       nameserver = skynet.ad.cyberdyne.local
skynet.ad.cyberdyne.local       internet address = 10.0.0.6
skynet.ad.cyberdyne.local       internet address = 10.0.2.6
skynet.ad.cyberdyne.local       internet address = 10.0.1.6
skynet.ad.cyberdyne.local       AAAA IPv6 address = fdea:5b48:d4c1:1:1::6
skynet.ad.cyberdyne.local       AAAA IPv6 address = 2a02:120b:2c38:2950::1
skynet.ad.cyberdyne.local       AAAA IPv6 address = 2a02:120b:2c38:2951::1


And from the server:

# dig -t SRV 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local

; <<>> DiG 9.10.3-P4 <<>> -t SRV 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33143
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local. 
        IN SRV

;; ANSWER SECTION:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.cyberdyne.local. 
900 IN SRV 0 100 389 skynet.ad.cyberdyne.local.

;; AUTHORITY SECTION:
_msdcs.ad.cyberdyne.local. 900  IN      NS      skynet.ad.cyberdyne.local.

;; ADDITIONAL SECTION:
skynet.ad.cyberdyne.local. 900  IN      A       10.0.1.6
skynet.ad.cyberdyne.local. 900  IN      A       10.0.0.6
skynet.ad.cyberdyne.local. 900  IN      A       10.0.2.6
skynet.ad.cyberdyne.local. 900  IN      AAAA    fdea:5b48:d4c1:1:1::6
skynet.ad.cyberdyne.local. 900  IN      AAAA    2a02:120b:2c38:2950::1
skynet.ad.cyberdyne.local. 900  IN      AAAA    2a02:120b:2c38:2951::1

;; Query time: 12 msec
;; SERVER: fdea:5b48:d4c1:1:1::6#53(fdea:5b48:d4c1:1:1::6)
;; WHEN: Thu Aug 04 14:53:22 CEST 2016
;; MSG SIZE  rcvd: 290



In fact to me it looks like all the adresses returned are valid.
I am not sure why gpupdate issues 16 queries on this

best regards,
Rainer

More information about the samba mailing list