[Samba] Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE

Andrew Bartlett abartlet at samba.org
Wed Mar 31 19:45:37 UTC 2021

On Wed, 2021-03-31 at 13:03 +0200, Stefan Bellon via samba wrote:
> On Wed, 31 Mar, Andrew Bartlett via samba wrote:
> > On Wed, 2021-03-31 at 09:06 +0200, Stefan Bellon via samba wrote:
> > > I have the feeling this is directly connected to sysvol
> > > permissions.  
> > 
> > That would be incredibly unlikely.  This is about failing to setup
> > the
> > Kerberos code that accepts incoming tickets, so it could fail if
> > the
> > DC things it is not a DC or can't find the secrets.ldb entry etc.
> I'm fully open to suggestions and ideas on how to debug this further.
> I can only tell you my observation, that after I do a "sysvolreset"
> and
> do not touch the sysvol at all, neither from GNU/Linux side nor from
> Windows side, then the log.smbd is completely free of those messages.
> As soon as I edit a group policy on the windows side, the messages
> appear in the log and also sysvolcheck reports issues.

Very strange.  The two are simply not connected, but perhaps having bad
sysvol permissions causes the client to connect to something different
on the server.  Turning up the log level would tell you what was

Andrew Bartlett
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list