[Samba] DC2: TKEY is unacceptable, Failed DNS update?

Jo j.o.l at live.com
Thu May 26 15:32:52 UTC 2016

Hi Marc,
I appreciate that you reply, but I got it resolved by following the advice of Mathias. I was aware of the links below, however the first is about using the BIND9_DLZ backend, and at the time I experienced the issue I was using the internal one. 
Marc & Mathias,
The 2nd link that Marc references is about a DC should not use itself for DNS queries is exactly the opposite of your recommendation to use localhost. In fact I am not really decided yet, given the fact that using the other DC is long term via a VPN connection, albeit at least slow if not unreliable, and also relying on both DCs up at the same time, whereas using the local instance for sure requires some extra monitoring in order to prevent stuck replications. 
Any idea?
Thanks & Best regards, Joachim

-----Urspr√ľngliche Nachricht-----
Von: Marc Muehlfeld [mailto:mmuehlfeld at samba.org] 
Gesendet: Donnerstag, 26. Mai 2016 17:16
An: Jo L <j.o.l at live.com>
Betreff: Re: [Samba] DC2: TKEY is unacceptable, Failed DNS update?


Am 15.05.2016 um 22:36 schrieb Jo L:
>   /usr/sbin/samba_dnsupdate:
> dns_tkey_negotiategss: TKEY is unacceptable

Have you checked

> When DC2 joined DC1, resolv.conf was pointing to DC1.
> I changed that later on as I want to be able to continue to operate 
> DC2 while DC1 is down.

It's better if you use the local IP only as _secondary_ nameserver entry in your resolv.conf.


More information about the samba mailing list