[Samba] several dns issues after switching fsmo roles to samba-dc
Alex
samba at abisoft.biz
Tue Jun 2 15:08:48 UTC 2020
Hello Rowland,
>> 3. I see the errors in the System log on the former DC (vm-dc1), like:
>> The dynamic registration of the DNS record '_ldap._tcp.DomainDnsZones.domain.com. 600 IN SRV 0 100 389 vm-dc1.domain.com.' failed on the following DNS server:
>>
>> DNS server IP address: 172.26.1.83
>> Returned Response Code (RCODE): 0
>> Returned Status Code: 9016
>> ...
>> ADDITIONAL DATA
>> Error Value: DNS signature failed to verify.
>>
>> (172.26.1.83 is the new PDC - vm-dc3)
> Interesting, if it is in a log on a windows PC, then it is likely that
> it is the windows DC trying to update the record, which it shouldn't and
> will fail if vm-dc3 already has updated it.
Indeed, the Windows DC tried to update the record.. The other day, I've found
that the record is just missing (expired?). So, I've started to dig in and was
able to resolve the issue in this way:
1. I could reproduce the issue by restarting NETLOGON service on the Windows DC.
Also the following commands failed with "Connection Status = 1311 0x51f
ERROR_NO_LOGON_SERVERS":
nltest.exe /dsregdn
nltest /query
2. After some googling, I've found the fixing command:
nltest /sc_reset:domain.com
After that, all vm-dc1 records were registered in the AD w/o issues
using "nltest.exe /dsregdn" command.
Unfortunately, it's failing again after restarting NETLOGON service.
--
Best regards,
Alex
More information about the samba
mailing list