No reachable KDCs were found

I have UCS that took over an AD from a windows server; it is running Samba AD. It has been working for several years now. However, since the take-over, the system diagnostic tool has always reported KDC issues. I tried to troubleshoot many times, the error message changes but the problem remains. At this stage the diagnostic message is: No reachable KDCs were found.

The weird thing is that the UCS does properly act as Kerberos server. The AD domain works perfectly. I can get tickets using kinit/klist either remotely from windows workstations or locally from the UCS Linux shell.

This all means that the error message is incorrect. I understand that Samba AD runs its own KDC and that the regular KDC shouldn’t be working (a registry variable disables the KDC).

One other issue that I have is that I am unable to add a backup UCS controller to the network. Every attempt failed, the new controller is unable to join as a controller (It joins as a machine but can’t become a controller). I am not happy to run without a backup.

My questions are the following:

  1. Any idea how to fix.
  2. If I can’t fix it, should I worry?
  3. Could this be be why I am unable to add a backup DC?

I just resolved the problem:
The registry value of nameserver1 was set to an external DNS address and not to the loop back address. So the UCS was not querying itself when looking for a KDC server! However the other machines in the domain were correctly querying the UCS, and the shell command was by default querying the loop back address.

nameserver1 = 127.0. 0.1 or to the address of another domain controller.

I tried 127.0.0.1 and it didn’t work for me. I had to use the static IP address to make it reachable.

I can confirm that 127.0.0.1 works. I copy/pasted the @CABrouwers response value and there was an extra space (. 0) that was causing the problem.

Mastodon