Hey,
the error message does not fit to the article you’ve linked to. It’s a different issue.
Luckily, problems with the Kerberos principal dns-… can often be recovered. There are several ways to do this. Let’s try the easiest one first. Please run the following steps on your DC Master:
# Create a backup of the file we're about to modify:
cp /var/lib/samba/private/dns.keytab /var/lib/samba/private/dns.keytab.$(date '+%Y%m%d%H%M%S')
# Re-export the Kerberos principal from the KDC into a new keytab file:
samba-tool domain exportkeytab dns.keytab.new --principal DNS/$(hostname).$(ucr get domainname)
samba-tool domain exportkeytab dns.keytab.new --principal dns-$(hostname)@$(ucr get kerberos/realm)
# Copy the new keytab over the existing one:
cp dns.keytab.new /var/lib/samba/private/dns.keytab
Afterwards run the system diagnostics again.
Kind regards,
mosu