[Samba] GPO issues - getting SYSVOL cleaned up again
Stefan G. Weichinger
lists at xunil.at
Thu Aug 1 10:30:07 UTC 2019
Am 01.08.19 um 09:13 schrieb L.P.H. van Belle via samba:
> Good morning Stefan.
>
> Your welkom. I see everything worked out now. Great !!
> Well done, you made it happen. :-)
thanks a lot.
The issues there were there for months at least ... glad with the progress.
Not fully done, see below ...
> What i suggest now, at least these are the steps i always do to make sure the DC's are having a exact same setup.
> First, i clear all my logs and reboot one server.
> Wait 15-30 min, then go through all you logs, fix every warning/error.
> Make it perfect.
> Reboot again, repeat this untill its 100% correct booting.
It ain't perfect yet, but I assume this is related to the computer
accounts and might be solved be rejoining these machines.
I see stuff like:
Aug 01 10:04:38 pre01svdeb02 samba[17958]: task[dcesrv][17958]: Failed
to modify SPNs on
CN=ROHRHOFER-PC,OU=Pilsbacher-Computer,DC=pilsbacher,DC=at: acl: spn
validation failed for spn[TERMSRV/ROHRHOFER-PC.mydomain.at] uac[0x1000]
account[ROHRHOFER-PC$] hostname[ROHRHOFER-PC.BUERO] nbname[BUERO]
ntds[(null)] forest[mydomain.at] domain[mydomain.at]
> I suggest one more thing and that is, you check the following.
> Check if you zones have both the NS records.
> Startup the DNS tool.
>
> Goto you primary dnszone ( and repeat for all other zones )
> Do you see all your DC's as NS record in the zone, then its ok, if not..
That's OK
What I don't like:
in the reverse lookup zone there is one A-record ... for the
pre01svdeb03 Name
I think there should be no A-record in the rev-lookup-zone ... and if
yes, there should be 2 then, one for each DC, right?
So I think that record should be removed, OK?
More information about the samba
mailing list