[Samba] AD DC with log errors when sysvol replication is run

L.P.H. van Belle belle at bazuin.nl
Fri Apr 9 13:49:42 UTC 2021 

Can you post the resolv.conf of both servers? 
and/or run this script, anonymize it and post it. 

https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh 

That will show me or Rowland almost all we need to know. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Peter Milesson
> via samba
> Verzonden: vrijdag 9 april 2021 15:23
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] AD DC with log errors when sysvol replication is run
> 
> Hi folks,
> 
> Continuing with AD DC problems. Everytime sysvol replication is run on
> the secondary DC, the following two error message pairs are written
> about 22 times in the log on the primary DC:
> 
> Apr 09 14:55:01 konadc samba[11890]: [2021/04/09 14:55:01.349626, 0]
> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Apr 09 14:55:01 konadc samba[11890]:   /usr/sbin/samba_dnsupdate: ; TSIG
> error with server: tsig verify failure
> 
> the whole sequence is terminated by the following error entries:
> 
> Apr 09 14:55:02 konadc samba[11890]: [2021/04/09 14:55:02.015226, 0]
> ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_
> Apr 09 14:55:02 konadc samba[11890]:
> ../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code
> 29
> 
> Kerberos works, DNS replication definitely works and it seems that
> sysvol replication also works. There are no errors in the log on the
> secondary DC. I have spent quite some time searching for this error,
> explanation, causes, and possible problems connected with the errors.
> 
> The primary DC is a self compiled Samba 4.9.1 under CentOS 7.9.2009, and
> elrepo kernel 5.11.7-1, the secondary DC is an up to date Debian Buster
> with the latest van Belle Samba packages (Samba 4.14.2).
> 
> If anybody got any ideas about this, I would be grateful?
> 
> Best regards,
> 
> Peter
> 
> 
> Primary DC smb.conf
> =================
> [global]
>          netbios name = KONADC
>          realm = KONSTRUKCE.LOCAL
>          server role = active directory domain controller
>          workgroup = KONSTRUKCE
>          idmap_ldb:use rfc2307 = yes
>          dns forwarder = 192.168.0.221
>          dns zone scavenging = yes
> 
> [netlogon]
>          path = /var/lib/samba/sysvol/konstrukce.local/scripts
>          read only = No
> 
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
> 
> 
> Secondary DC smb.conf
> ===================
> [global]
>          netbios name = KONADC2
>          realm = KONSTRUKCE.LOCAL
>          server role = active directory domain controller
>          workgroup = KONSTRUKCE
>          idmap_ldb:use rfc2307 = yes
>          dns forwarder = 192.168.0.221
> 
> [netlogon]
>          path = /var/lib/samba/sysvol/konstrukce.local/scripts
>          read only = No
> 
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list