[Samba] AD RODC not being used because of missing DNS entries?

tomict samba at iucn.nl
Fri Oct 19 22:06:40 UTC 2018 

Thanks for the quick reply Rowland

>Never ran an RODC (yet), but this all sounds like the problems that
>used to occur when joining a second DC, try reading this:

>https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record


I Checked this, both the A record and the objectGUID CNAME records exist for DC1 and DC2 on bth servers.


>You could try restarting Samba, there is a script 'samba_dnsupdate',
>which uses a file 'dns_update list' to create missing dns entries. The
>script is run at start up.

> Rowland

I ran samba_dnsupdate manually on DC1 which runs fine. DC1 has all he records.

However, on DC2 there are errors. DC2 lacks the records which makes sense considering the errors. When I run samba_dnsupdate with log level = 3

GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Error setting DNS entry of type 22: SRV _ldap._tcp.Default-First-Site-Name._sites.ad.iucn.nl dc2.ad.iucn.nl 389: (3221225653, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.')
Error setting DNS entry of type 32: SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.iucn.nl dc2.ad.iucn.nl 389: (3221225653, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.')
Error setting DNS entry of type 34: SRV _kerberos._tcp.Default-First-Site-Name._sites.ad.iucn.nl dc2.ad.iucn.nl 88: (3221225653, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.')
Error setting DNS entry of type 30: SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.iucn.nl dc2.ad.iucn.nl 88: (3221225653, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.')
Failed update of 4 entries

Obviously there is something wrong with the dns updates on DC2. Any ideas?

Tom

More information about the samba mailing list