Mac can't bind to UCS AD server. SRV records error, KDC not found

samba-ad
kerberos
dns
ucs-4-2

#1

I’m getting SRV DNS record errors when looking at debug code from trying to join an AD domain setup by UNS. I’m on the latest 4.2-1 eratta52 release. I’ve noticed the LDAP domain says it’s DC=skaggscatholiccenter,DC=org but when the mac tries to bind it’s using the computer OU of CN=Computers,DC=ad,DC=skaggscatholiccenter,DC=org which seems off to me compared to the LDAP domain with the added DC=ad which is a computer itself.

It also says the KDC can’t be found. This was a brand new install as of yesterday. All I’ve done is add the rest of my DNS records for my organization (I never touched any of the UCS generated records).

Below is the full debug log output from the Mac OS client (10.2.5) client when issuing the command “dsconfigad -f -domain ad.skaggscatholiccenter.org -u Administrator”.

2017-06-27 11:41:10.530518 MDT - AID: 0x0000000000000000 - Trigger - new node trigger watching for 'opendirectoryd:nodes;(register|unregister);.*'
2017-06-27 11:41:10.530633 MDT - AID: 0x0000000000000000 - 609.3275 - Client: dsconfigad, UID: 0, EUID: 0, GID: 0, EGID: 0
2017-06-27 11:41:10.530655 MDT - AID: 0x0000000000000000 - 609.3275 - RPC: getpwuid, Module: SystemCache, rpc_version: 2, uid: 0
2017-06-27 11:41:10.530732 MDT - AID: 0x0000000000000000 - 609.3275, Module: SystemCache - getpwuid completed, delivered 1 result
2017-06-27 11:41:10.533963 MDT - AID: 0x0000000000000000 - 609.3276 - Client: dsconfigad, UID: 0, EUID: 0, GID: 0, EGID: 0
2017-06-27 11:41:10.533989 MDT - AID: 0x0000000000000000 - 609.3276 - ODNodeCreateWithNameAndOptions request, SessionID: 00000000-0000-0000-0000-000000000000, Name: /Active Directory, Options: 0x0
2017-06-27 11:41:10.534034 MDT - AID: 0x0000000000000000 - Disconnecting /Configure:configure:1A1ED5CA-ADF6-4E7C-B926-0BE74EC12D33
2017-06-27 11:41:10.534043 MDT - AID: 0x0000000000000000 - 609.3276, Node: /Active Directory - found an existing shared connection '/Active Directory:ActiveDirectory:BFBA5A6C-AF20-4115-865D-EEB864A6CF94' in pool
2017-06-27 11:41:10.534048 MDT - AID: 0x0000000000000000 - 609.3276, Node: /Active Directory - node assigned UUID - 36DFCD05-023E-4131-88B8-12CFD4C7BFB6
2017-06-27 11:41:10.534076 MDT - AID: 0x0000000000000000 - reaping connection '/Configure:configure:1A1ED5CA-ADF6-4E7C-B926-0BE74EC12D33'
2017-06-27 11:41:10.534150 MDT - AID: 0x0000000000000000 - 609.3276, Node: /Active Directory - ODNodeCreateWithNameAndOptions completed
2017-06-27 11:41:10.534492 MDT - AID: 0x0000000000000000 - 609.3277 - Client: dsconfigad, UID: 0, EUID: 0, GID: 0, EGID: 0
2017-06-27 11:41:10.534522 MDT - AID: 0x0000000000000000 - 609.3277 - ODNodeCreateWithNameAndOptions request, SessionID: 00000000-0000-0000-0000-000000000000, Name: /Configure, Options: 0x0
2017-06-27 11:41:10.534595 MDT - AID: 0x0000000000000000 - 609.3277, Node: /Configure, Module: configure - tracking connection '/Configure:configure:4A1A2AC5-154D-4427-B127-DE2C97DE78DF'
2017-06-27 11:41:10.534623 MDT - AID: 0x0000000000000000 - 609.3277, Node: /Configure, Module: configure - initiating reconnect for '/Configure:configure:4A1A2AC5-154D-4427-B127-DE2C97DE78DF'
2017-06-27 11:41:10.534655 MDT - AID: 0x0000000000000000 - 609.3277, Node: /Configure - node assigned UUID - 69F0D55A-CFA5-4D69-87F3-7196E455E352
2017-06-27 11:41:10.534761 MDT - AID: 0x0000000000000000 - 609.3277, Node: /Configure - ODNodeCreateWithNameAndOptions completed
2017-06-27 11:41:10.535031 MDT - AID: 0x0000000000000000 - 609.3278 - Client: dsconfigad, UID: 0, EUID: 0, GID: 0, EGID: 0
2017-06-27 11:41:10.535051 MDT - AID: 0x0000000000000000 - 609.3278 - ODNodeCopyDetails request, NodeID: 69F0D55A-CFA5-4D69-87F3-7196E455E352, Keys: dsAttrTypeStandard:OperatingSystemVersion
2017-06-27 11:41:10.535686 MDT - AID: 0x0000000000000000 - 609.3278, Node: /Configure, Module: configure - ODNodeCopyDetails completed, delivered 1 result
2017-06-27 11:41:10.535984 MDT - AID: 0x0000000000000000 - 609.3279 - Client: dsconfigad, UID: 0, EUID: 0, GID: 0, EGID: 0
2017-06-27 11:41:10.536005 MDT - AID: 0x0000000000000000 - 609.3279 - ODNodeCopySubnodeNames request, NodeID: 36DFCD05-023E-4131-88B8-12CFD4C7BFB6
2017-06-27 11:41:10.536040 MDT - AID: 0x0000000000000000 - 609.3279, Node: /Active Directory - queuing request to connection - '/Active Directory:ActiveDirectory:BFBA5A6C-AF20-4115-865D-EEB864A6CF94'
2017-06-27 11:41:10.536043 MDT - AID: 0x0000000000000000 - 609.3279, Node: /Active Directory - no handler available for type of request
2017-06-27 11:41:10.536050 MDT - AID: 0x0000000000000000 - 609.3279, Node: /Active Directory - searching for next connection to handle request
2017-06-27 11:41:10.536052 MDT - AID: 0x0000000000000000 - 609.3279, Node: /Active Directory - no other connections to handle request
2017-06-27 11:41:10.536136 MDT - AID: 0x0000000000000000 - 609.3279, Node: /Active Directory - ODNodeCopySubnodeNames failed with error 'Operation not supported' (10000)
2017-06-27 11:41:16.341200 MDT - AID: 0x0000000000000000 - 309.3280, Module: SystemCache - Client: cfprefsd
2017-06-27 11:41:16.341295 MDT - AID: 0x0000000000000000 - 309.3280, Module: SystemCache - RPC: kauth_map_identifier, Module: SystemCache, Provided: [ User (UID: 501) ], SeqNo: 31433, Requesting: [ User (UID, UUID, SID), Group (GID, UUID, SID) ]
2017-06-27 11:41:16.341404 MDT - AID: 0x0000000000000000 - 309.3280, Module: SystemCache - returning UUID 71FA6375-653B-4B54-B44A-07BCF941FB9F from user admin@/Local/Default (0x7fca060030f0) - TTL 120
2017-06-27 11:41:16.341419 MDT - AID: 0x0000000000000000 - 309.3280, Module: SystemCache - returning SID S-1-5-21-2402439926-2174774854-402327279-2002 from user admin@/Local/Default (0x7fca060030f0) - TTL 120
2017-06-27 11:41:16.341501 MDT - AID: 0x0000000000000000 - 309.3280, Module: SystemCache - kauth_map_identifier completed, delivered 2 results
2017-06-27 11:41:20.418753 MDT - AID: 0x0000000000000000 - 609.3281 - Client: dsconfigad, UID: 0, EUID: 0, GID: 0, EGID: 0
2017-06-27 11:41:20.418800 MDT - AID: 0x0000000000000000 - 609.3281 - ODNodeCopyDetails request, NodeID: 69F0D55A-CFA5-4D69-87F3-7196E455E352, Keys: dsAttrTypeStandard:OperatingSystemVersion
2017-06-27 11:41:20.420163 MDT - AID: 0x0000000000000000 - 609.3281, Node: /Configure, Module: configure - ODNodeCopyDetails completed, delivered 1 result
2017-06-27 11:41:20.426696 MDT - AID: 0x0000000000000000 - 609.3282 - Client: dsconfigad, UID: 0, EUID: 0, GID: 0, EGID: 0
2017-06-27 11:41:20.426724 MDT - AID: 0x0000000000000000 - 609.3282 - ODNodeCopyDetails request, NodeID: 69F0D55A-CFA5-4D69-87F3-7196E455E352, Keys: dsAttrTypeStandard:OperatingSystemVersion
2017-06-27 11:41:20.427356 MDT - AID: 0x0000000000000000 - 609.3282, Node: /Configure, Module: configure - ODNodeCopyDetails completed, delivered 1 result
2017-06-27 11:41:20.433664 MDT - AID: 0x0000000000000000 - 609.3283 - Client: dsconfigad, UID: 0, EUID: 0, GID: 0, EGID: 0
2017-06-27 11:41:20.433689 MDT - AID: 0x0000000000000000 - 609.3283 - ODNodeCustomCall request, NodeID: 36DFCD05-023E-4131-88B8-12CFD4C7BFB6, Code: 82
2017-06-27 11:41:20.433784 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - Bind Step 1 - Searching for Forest/Domain information - 'ad.skaggscatholiccenter.org'
2017-06-27 11:41:20.433965 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - Removing Kerberos reachability info 'Kerberos:AD.SKAGGSCATHOLICCENTER.ORG'
2017-06-27 11:41:20.434049 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - Binding using 'Administrator@AD.SKAGGSCATHOLICCENTER.ORG' for kerberos ID
2017-06-27 11:41:20.434196 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - new kerberos credential cache 'MEMORY:0x7fca044897c0' for 'Administrator@AD.SKAGGSCATHOLICCENTER.ORG'
2017-06-27 11:41:20.434227 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - Adding PA mech: SRP
2017-06-27 11:41:20.434233 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - Adding PA mech: ENCRYPTED_CHALLENGE
2017-06-27 11:41:20.434237 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - Adding PA mech: ENCRYPTED_TIMESTAMP
2017-06-27 11:41:20.434241 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - krb5_get_init_creds: loop 1
2017-06-27 11:41:20.434245 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - KDC sent 0 patypes
2017-06-27 11:41:20.434269 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - fast disabled, not doing any fast wrapping
2017-06-27 11:41:20.434309 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - Trying to find service kdc for realm AD.SKAGGSCATHOLICCENTER.ORG flags 0
2017-06-27 11:41:20.434590 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - configuration file for realm AD.SKAGGSCATHOLICCENTER.ORG not found
2017-06-27 11:41:20.434836 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - host_create(ad.skaggscatholiccenter.org): no interface
2017-06-27 11:41:20.435233 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback: error: -65554
2017-06-27 11:41:20.435242 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback end: _kerberos._udp.AD.SKAGGSCATHOLICCENTER.ORG.
2017-06-27 11:41:20.435246 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback no more coming
2017-06-27 11:41:20.435250 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV order after sorting
2017-06-27 11:41:20.435353 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - host_create(ad.skaggscatholiccenter.org): no interface
2017-06-27 11:41:20.435703 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback: error: -65554
2017-06-27 11:41:20.435713 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback end: _kerberos._tcp.AD.SKAGGSCATHOLICCENTER.ORG.
2017-06-27 11:41:20.435720 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback no more coming
2017-06-27 11:41:20.435724 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV order after sorting
2017-06-27 11:41:20.435831 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - host_create(ad.skaggscatholiccenter.org): no interface
2017-06-27 11:41:20.436161 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback: error: -65554
2017-06-27 11:41:20.436177 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback end: _kerberos._http.AD.SKAGGSCATHOLICCENTER.ORG.
2017-06-27 11:41:20.436187 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback no more coming
2017-06-27 11:41:20.436203 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV order after sorting
2017-06-27 11:41:20.436303 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - host_create(ad.skaggscatholiccenter.org): no interface
2017-06-27 11:41:20.436561 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback: error: -65554
2017-06-27 11:41:20.436568 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback end: _kerberos._kkdcp.AD.SKAGGSCATHOLICCENTER.ORG.
2017-06-27 11:41:20.436572 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV callback no more coming
2017-06-27 11:41:20.436575 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - SRV order after sorting
2017-06-27 11:41:20.436651 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - No KDC entries found for AD.SKAGGSCATHOLICCENTER.ORG
2017-06-27 11:41:20.436665 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - out of hosts, waiting for replies
2017-06-27 11:41:20.436674 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - no more hosts to send/recv packets to/from trying to pulling more hosts
2017-06-27 11:41:20.436686 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - krb5_sendto_context AD.SKAGGSCATHOLICCENTER.ORG done: -1765328228 hosts 0 packets 0 wc: 0.002388 nr: 0.000000 kh: 0.002343 tid: 00000000
2017-06-27 11:41:20.436725 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - KDC is unreachable - 'unable to reach any KDC in realm AD.SKAGGSCATHOLICCENTER.ORG, tried 0 KDCs'
2017-06-27 11:41:20.436901 MDT - AID: 0x0000000000000000 - 609.3283, Node: /Active Directory, Module: ActiveDirectory - ODNodeCustomCall failed with error 'Credential server unreachable' (5200)
2017-06-27 11:41:20.439411 MDT - AID: 0x0000000000000000 - 609 - Client: 'dsconfigad', exited with 0 session(s), 2 node(s) and 0 active request(s)
2017-06-27 11:41:20.439497 MDT - AID: 0x0000000000000000 - 609.3284 - Internal request
2017-06-27 11:41:20.439520 MDT - AID: 0x0000000000000000 - 609.3284 - ODNodeRelease request, NodeID: 36DFCD05-023E-4131-88B8-12CFD4C7BFB6
2017-06-27 11:41:20.439534 MDT - AID: 0x0000000000000000 - 609.3285 - Internal request
2017-06-27 11:41:20.439549 MDT - AID: 0x0000000000000000 - 609.3285 - ODNodeRelease request, NodeID: 69F0D55A-CFA5-4D69-87F3-7196E455E352
2017-06-27 11:41:20.439597 MDT - AID: 0x0000000000000000 - 609.3284, Node: /Active Directory - ODNodeRelease completed
2017-06-27 11:41:20.439601 MDT - AID: 0x0000000000000000 - 609.3284, Node: /Active Directory - closed nodeID 36DFCD05-023E-4131-88B8-12CFD4C7BFB6
2017-06-27 11:41:20.439611 MDT - AID: 0x0000000000000000 - 609.3285, Node: /Configure - ODNodeRelease completed
2017-06-27 11:41:20.439614 MDT - AID: 0x0000000000000000 - 609.3285, Node: /Configure - closed nodeID 69F0D55A-CFA5-4D69-87F3-7196E455E352
2017-06-27 11:41:20.439691 MDT - AID: 0x0000000000000000 - clearing all node authentication connections
2017-06-27 11:41:20.439749 MDT - AID: 0x0000000000000000 - clearing all node authentication connections
2017-06-27 11:41:20.439760 MDT - AID: 0x0000000000000000 - Trigger - cancelled
2017-06-27 11:41:47.305979 MDT - AID: 0x0000000000000000 - 60.3286, Module: SystemCache - Client: fseventsd
2017-06-27 11:41:47.306079 MDT - AID: 0x0000000000000000 - 60.3286, Module: SystemCache - RPC: kauth_membership_check, Module: SystemCache, Provided: [ User (UID: 501), Group (GID: 0) ], SeqNo: 31434, Requesting: [ Membership Confirmation ]
2017-06-27 11:41:47.306197 MDT - AID: 0x0000000000000000 - 60.3286, Module: SystemCache - is user admin@/Local/Default (0x7fca060030f0) a member of group with UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000 == false - TTL 120
2017-06-27 11:41:47.306275 MDT - AID: 0x0000000000000000 - 60.3286, Module: SystemCache - kauth_membership_check completed, delivered 1 result

#2

Yes, the client’s DNS is set to use the UCS server for DNS and NTP time.


#3

Nevermind. I mistook the server asking for the domain as the domain of the server not the just he AD domain. YOu guys can close or delete this thread. Problem solved.