Hi,

after Takeover from SBS2008 i demoted the old dc and renamed the Machine from sbs to sbs2008 with new DHCP IP

NSLOOKUP to tld.local is working but is not possible to join

Hinweis: Diese Informationen sind für einen Netzwerkadministrator bestimmt. Wenden Sie sich an den Netzwerkadministrator, wenn Sie kein Netzwerkadministrator sind, und leiten Sie die Informationen in der Datei C:\Windows\debug\dcdiag.txt weiter.

Der folgende Fehler ist beim Abfragen von DNS über den Ressourceneintrag der Dienstidentifizierung (SRV) aufgetreten, der zur Suche eines Active Directory-Domänencontrollers für die Domäne “leister-schuhe.local” verwendet wird:

Fehler: “DNS-Serverfehler.”
(Fehlercode 0x0000232A RCODE_SERVER_FAILURE)

Es handelt sich um die Abfrage des Dienstidentifizierungseintrags (SRV) für _ldap._tcp.dc._msdcs.leister-schuhe.local

Die häufigsten Ursachen dieses Fehlers sind:

• Die von diesem Computer verwendeten DNS-Server enthalten falsche Stammhinweise. Dieser Computer wurde zur Verwendung der folgenden IP-Adressen konfiguriert:

10.0.0.4

• Mindestens eine der folgenden Zonen enthalten eine falsche Delegierung:

leister-schuhe.local
local
. (die Stammzone)

Klicken Sie auf “Hilfe”, um weitere Informationen über die Fehlerbehandlung zu erhalten.

NETBIOS Name for Join brings a login thats accepted

After a while the System shows up under Devices with a Computer account, but

Die angegebenen Netzwerkresource bzw. das angegebene Gerät ist nicht mehr verfügbar

even the Machine is already present in UCS

Help apreciated

Hi

try running this script
/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
it will show that recent dns records are missing in s4 dns - also they are available in ldap dns

i had this at all take-over scenarios and the only workaround was reprovisioning samba4 on ucs master

rg
christian

i just found an older topic from me.
please advice

root@ucs-Leister:/usr/share/univention-samba4/scripts# ./check_essential_samba4_dns_records.sh
Host gc._msdcs.leister-schuhe.local not found: 2(SERVFAIL)
_gc._tcp.leister-schuhe.local has SRV record 0 100 3268 sbs.leister-schuhe.local.
_gc._tcp.leister-schuhe.local has SRV record 0 100 3268 ucs-leister.leister-schuhe.local.
Host _ldap._tcp.gc._msdcs.leister-schuhe.local not found: 2(SERVFAIL)
_ldap._tcp.leister-schuhe.local has SRV record 0 100 389 sbs.leister-schuhe.local.
_ldap._tcp.leister-schuhe.local has SRV record 0 100 389 ucs-leister.leister-schuhe.local.
Host _ldap._tcp.dc._msdcs.leister-schuhe.local not found: 2(SERVFAIL)
Host _ldap._tcp.pdc._msdcs.leister-schuhe.local not found: 2(SERVFAIL)
Host _ldap._tcp.df242e69-6d7e-45d2-90d0-990bea885ab2.domains._msdcs.leister-schuhe.local not found: 2(SERVFAIL)
Host _kerberos._tcp.dc._msdcs.leister-schuhe.local not found: 2(SERVFAIL)
_kerberos._tcp.leister-schuhe.local has SRV record 0 100 88 sbs.leister-schuhe.local.
_kerberos._tcp.leister-schuhe.local has SRV record 0 100 88 ucs-leister.leister-schuhe.local.
_kerberos._udp.leister-schuhe.local has SRV record 0 100 88 ucs-leister.leister-schuhe.local.
_kerberos._udp.leister-schuhe.local has SRV record 0 100 88 sbs.leister-schuhe.local.
_kpasswd._tcp.leister-schuhe.local has SRV record 0 100 464 sbs.leister-schuhe.local.
_kpasswd._tcp.leister-schuhe.local has SRV record 0 100 464 ucs-leister.leister-schuhe.local.
_kpasswd._udp.leister-schuhe.local has SRV record 0 100 464 sbs.leister-schuhe.local.
_kpasswd._udp.leister-schuhe.local has SRV record 0 100 464 ucs-leister.leister-schuhe.local.
Located DC ‘ucs-Leister’ in site ‘Default-First-Site-Name’
Host 759df28d-4dfa-4b28-9e2f-94d3dc7d95fa._msdcs.leister-schuhe.local not found: 2(SERVFAIL)

Records for site Default-First-Site-Name:

_ldap._tcp.Default-First-Site-Name._sites.leister-schuhe.local has SRV record 0 100 389 ucs-leister.leister-schuhe.local.
_ldap._tcp.Default-First-Site-Name._sites.leister-schuhe.local has SRV record 0 100 389 sbs.leister-schuhe.local.
Host _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.leister-schuhe.local not found: 2(SERVFAIL)
_kerberos._tcp.Default-First-Site-Name._sites.leister-schuhe.local has SRV record 0 100 88 ucs-leister.leister-schuhe.local.
_kerberos._tcp.Default-First-Site-Name._sites.leister-schuhe.local has SRV record 0 100 88 sbs.leister-schuhe.local.
Host _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.leister-schuhe.local not found: 2(SERVFAIL)

Optional GC Records for site Default-First-Site-Name:

_gc._tcp.Default-First-Site-Name._sites.leister-schuhe.local has SRV record 0 100 3268 sbs.leister-schuhe.local.
_gc._tcp.Default-First-Site-Name._sites.leister-schuhe.local has SRV record 0 100 3268 ucs-leister.leister-schuhe.local.
Host _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.leister-schuhe.local not found: 2(SERVFAIL)
_kerberos.leister-schuhe.local descriptive text “LEISTER-SCHUHE.LOCAL”

how do i initiate that?

some commands failed
then i went back to a zfs snapshot
after reboot a join was possible with win 10 test machine

the old sbs also could be joined

the issue were non resolving dns entries i´ve seen in webfrontend, but not in nslookup

any idea?

Problem back again. Workstation can login, Terminalserver cant.
Please help

sometimes login on ts possible, sometimes not.
join not possible

Hi,

what you are posting here is the Samba DNS
https://help.univention.com/uploads/default/original/2X/f/f0aa58a902d6c7a3a2bf909f69d7ba608558756b.png

an here LDAP
https://help.univention.com/uploads/default/original/2X/4/44a0e77e68f8908cf2aac42f7e779f22b39da4e9.png

I think there should be a way provided by Univention to only recreate s4 dns from ldap dns !!

you can try to add the missing dns entries throut RSAT Tools and Windows DNS Management Tool - but i don’t know if this gets synced tp ldap as the records exists already there

rg
Christian

ucr set dns/backend=‘ldap’
/etc/init.d/bind9 restart

helped for the moment.
can i keep hat setting?

Yes you can use also openLDAP as backend. AFAIK it would only be a problem if you are using dynamic IPs / DNS.

To fix the problem you could try an resync, e.g.

/usr/share/univention-s4-connector/resync_object_from_ucs.py --filter relativeDomainName=_ldap._tcp

But this is without warranty. You should do a backup first.

Hi @cpzengel,

I would really appreciate to have a broad look into the /var/log/daemon.* Logfiles about bind9. At least I ask you to post the tail -f /var/log/daemon.log | grep 'named' when restarting the dns daemon systemctrl restart bind9.service.

Hi @cpzengel

as you can see in the ‘daemon.log’:

the Zone ‘_msdcs.domain.local’ is ignored because there is a ‘pre-W2k3 zone’ found - a so called ‘legacy zone’.

There is a Script to migrate_legacy_dns_zones.sh (10,5 KB), you might give it a try to automatically fix that issue.

e08003da2ee3b63dca0c9efffbaa630c555886b1.sh: 25: e08003da2ee3b63dca0c9efffbaa630c555886b1.sh: Syntax error: “(” unexpected (expecting “}”)

strange name came from wget

If you want to directly download the Script to your server, you need to specify the appropriate name:

wget -o '/tmp/migrate_legacy_dns_zones.sh' https://help.univention.com/uploads/default/original/2X/e/e08003da2ee3b63dca0c9efffbaa630c555886b1.sh

or you download and transfer the file via scp (WinSCP).

sh migrate_legacy_dns_zones.sh

migrate_legacy_dns_zones.sh: 1: migrate_legacy_dns_zones.sh: --2017-11-13: not found
migrate_legacy_dns_zones.sh: 2: migrate_legacy_dns_zones.sh: Syntax error: “(” unexpected

The command is wrong. It has to be

wget -O '/tmp/migrate_legacy_dns_zones.sh' https://help.univention.com/uploads/default/original/2X/e/e08003da2ee3b63dca0c9efffbaa630c555886b1.sh

“-o” means that the output of wget will be written to the given file.

download not the problem

migrate_legacy_dns_zones.sh: 25: migrate_legacy_dns_zones.sh: Syntax error: “(” unexpected (expecting “}”)

this seemed to be malformated due to Windows/Download copied to Linux. With the command dos2unix you can reformat the file to execute it properly.