Not able to add computer in Domain

Hello Knebb,

Thank You for the response.
The which you have referred that shows how to add the computer to windows active directory.
I am adding my computer TO UCS Domain. while adding the computer i am getting above error message.

Thank You
-Arif

What’s the output of

ipconfig /all

on the windows client (cmd)? Are the listed DNS servers only UCS servers?

Yes - DNS server is only the UCS server that I have configured on windows server 2012 client.

Well, for the client there is not really a difference if he joing MS-AD or UCS-AD which is the purpose of UCS!). The error message mentioned surely points to a misconfigured DNS.

And what about my second question: die you try to join as a member server or as a DC-controller?

If asked for output, please post the output here so we can verify- it is not helpful to tell us everything is fine. The error message points to an DNS error, so we would like to verify.
So, what is the output of the ipconfig /all on Windows? What is the output of ip a on UCS DC?
What is the output of nslookup _ldap._tcp.pdc._msdcs.your.domain on Win?

GReetings

/KNEBB

Please find the requested details…

C:\Users\marif>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : marif-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connecti
Physical Address. . . . . . . . . : 00-50-56-94-42-F0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b0c2:f530:df54:ca08%11(Preferre
IPv4 Address. . . . . . . . . . . : 172.16.17.156(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.17.1
DHCPv6 IAID . . . . . . . . . . . : 234901590
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-27-6A-8B-00-50-56-94-4

DNS Servers . . . . . . . . . . . : 172.16.17.163
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{57E03B62-8F18-4D29-AA74-F20F88C31ECD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\Users\marif>nslookup _ldap._tcp.pdc._msdcs.mytech.intranet
Server: ucs-7370.mytech.intranet
Address: 172.16.17.163

Name: _ldap._tcp.pdc._msdcs.mytech.intranet

UCS server IP is 172.16.17.163

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:94:aa:c5 brd ff:ff:ff:ff:ff:ff
inet 172.16.17.163/24 brd 172.16.17.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe94:aac5/64 scope link
valid_lft forever preferred_lft forever

Ok, this looks good, indeed.

I am just wondering what domain name do you enter when trying to join? And, again, you join the Win machine as a member server, correct? Or are you trying to join as a backup or slave?

computer name : marif-PC
trying to join marif-PC to mytech.intranet Domin.
I am trying to add windows server as member server.

can i add attachment here?

-Arif

is there any way to make sure DNS service is running fine on UCS server? or i can get some debug logs regarding DNS service?

-Arif

You may run:

/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh

rg
Christian

And you might want to have a look at:

Thank You for the link!!!
bind9 is runing fine.

root@ucs-7370:/etc/init.d# /etc/init.d/bind9 status
● bind9.service - LSB: bind9 Domain Name Server (DNS)
Loaded: loaded (/etc/init.d/bind9)
Drop-In: /run/systemd/generator/bind9.service.d
└─50-insserv.conf-$named.conf
Active: active (exited) since Mon 2018-02-26 07:45:28 EST; 1 day 22h ago
Process: 1190 ExecStart=/etc/init.d/bind9 start (code=exited, status=0/SUCCESS)

Feb 26 07:45:28 ucs-7370 systemd[1]: Started LSB: bind9 Domain Name Server (DNS).
Feb 26 07:45:28 ucs-7370 bind9[1190]: Starting bind9 Domain Name Server (DNS): samba4.

but samba-ad-dc is not providing any status.

root@ucs-7370:/etc/init.d# /etc/init.d/samba-ad-dc status
root@ucs-7370:/etc/init.d#

I had restarted the service still same status.

-Arif

What does the output say ?

rg

Christian

Please find the below output…

root@ucs-7370:/usr/share/univention-samba4/scripts# ./check_essential_samba4_dns_records.sh
gc._msdcs.mytech.intranet has address 172.16.17.163
_gc._tcp.mytech.intranet has SRV record 0 100 3268 ucs-7370.mytech.intranet.
_ldap._tcp.gc._msdcs.mytech.intranet has SRV record 0 100 3268 ucs-7370.mytech.intranet.
_ldap._tcp.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_ldap._tcp.dc._msdcs.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_ldap._tcp.pdc._msdcs.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_ldap._tcp.0a9c5f6e-6bfe-4301-a05b-4ccf587f55a2.domains._msdcs.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_kerberos._tcp.dc._msdcs.mytech.intranet has SRV record 0 100 88 ucs-7370.mytech.intranet.
_kerberos._tcp.mytech.intranet has SRV record 0 100 88 ucs-7370.mytech.intranet.
_kerberos._udp.mytech.intranet has SRV record 0 100 88 ucs-7370.mytech.intranet.
_kpasswd._tcp.mytech.intranet has SRV record 0 100 464 ucs-7370.mytech.intranet.
_kpasswd._udp.mytech.intranet has SRV record 0 100 464 ucs-7370.mytech.intranet.
Located DC ‘ucs-7370’ in site ‘Default-First-Site-Name’
5728fcd5-8fe0-496f-a11d-09b2e88e5ca7._msdcs.mytech.intranet is an alias for ucs-7370.mytech.intranet.

Records for site Default-First-Site-Name:

_ldap._tcp.Default-First-Site-Name._sites.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_kerberos._tcp.Default-First-Site-Name._sites.mytech.intranet has SRV record 0 100 88 ucs-7370.mytech.intranet.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mytech.intranet has SRV record 0 100 88 ucs-7370.mytech.intranet.

Optional GC Records for site Default-First-Site-Name:

_gc._tcp.Default-First-Site-Name._sites.mytech.intranet has SRV record 0 100 3268 ucs-7370.mytech.intranet.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mytech.intranet has SRV record 0 100 3268 ucs-7370.mytech.intranet.
_kerberos.mytech.intranet descriptive text “MYTECH.INTRANET”

I was trying to uninstall and install Active Directory-compatible Domain Controller…

Could not fulfill the request.

Server error message:

Name or service not known. This is probably due to the DNS settings of your server. You may find help at https://docs.software-univention.de/manual-4.2.html#networks:dns.

Does that lead to somewhere?

-Arif

Well, it points to exact the same reason we were pointing to all the time - DNS. We just have not found the root cause yet.

So please re-check your network settings again. Check if you have external nameservers configured and in your network settings your DC master ist set as DNS-Server, too.

/KNEBB

FYI:

I have started /etc/init.d/samba-ad-dc

root@ucs-7370:/etc/init.d# ./samba-ad-dc status
● samba-ad-dc.service - LSB: start Samba daemons for the AD DC
Loaded: loaded (/etc/init.d/samba-ad-dc)
Active: active (exited) since Wed 2018-02-28 10:54:12 EST; 23min ago
Process: 26670 ExecStop=/etc/init.d/samba-ad-dc stop (code=exited, status=0/SUCCESS)
Process: 27299 ExecStart=/etc/init.d/samba-ad-dc start (code=exited, status=0/SUCCESS)

Feb 28 10:54:12 ucs-7370 systemd[1]: Starting LSB: start Samba daemons for the AD DC…
Feb 28 10:54:12 ucs-7370 samba-ad-dc[27299]: samba-ad-dc disabled by ucr var samba4/autostart=false
Feb 28 10:54:12 ucs-7370 systemd[1]: Started LSB: start Samba daemons for the AD DC.

It looks like samba4 did not get installed in the UCS system…

root@ucs-7370:/etc/init.d# systemctl status samba4.service
● samba4.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)

Same result i am getting when i am trying to start from GUI.

Thank You
-Arif

You do not have samba4 installed.

UMC --> Software --> Apps --> install samba4 (Samba AD-Domain Controller).

I had install it but it was not coming up automatically.
even though samba4 seems to be not required running in back end the service is required that is samba-ad-dc.

I checked samba-ad-dc was not coming up automatically because it was masked by other services.

root@ucs-7370:/var/log/samba# systemctl start samba4.service
samba-ad-dc Failed to start samba-ad-dc.service: Unit samba-ad-dc.service is masked.

I have unmasked this service and start it. Still it did not work.

so i installed UCS server again and now i am able to add my windows client in domain and able to login with Domain user.

Still we did not have root cause, why this issue comes but i had learnt many things regarding UCS server and clients.

Thank You for all the UCS help users that supported and answered my Queries.

-Arif

I had the same issue yesterday
I couldnt’ get a win10 to join the domain. no dns issues, no dns record issues. all was good.
my samba4 service was down and I couldn’t get the service up due to the known bug when trying to do it manually. the samba ac-dc service was up but has status active (exited) so something was up with that too.
My resolution:
I uninstalled the samba4 and the samba connector and then reinstall in the same order, those got those 2 services running as expected, then I was able to get my client to join the domain.
hope it helps someone.

Hi,

with current releases of UCS (4.2, 4.3) you should ONLY use
/etc/init.d/samba restart

/CV

Mastodon