I have installed the UCS. Now I am adding the windows server in domain but it is throwing the error.
here is the error…
host (a) or (aaaa) records that map the names of the domain controllers to their ip addresses
Please help me to resolve this issue.
Thank You
-Arif
I guess you have used search functions, did you? First entry on Google:
But you tried to join as a member server, yes?
/KNEBB
Hello Knebb,
Thank You for the response.
The which you have referred that shows how to add the computer to windows active directory.
I am adding my computer TO UCS Domain. while adding the computer i am getting above error message.
Thank You
-Arif
What’s the output of
ipconfig /all
on the windows client (cmd)? Are the listed DNS servers only UCS servers?
Yes - DNS server is only the UCS server that I have configured on windows server 2012 client.
Well, for the client there is not really a difference if he joing MS-AD or UCS-AD which is the purpose of UCS!). The error message mentioned surely points to a misconfigured DNS.
And what about my second question: die you try to join as a member server or as a DC-controller?
If asked for output, please post the output here so we can verify- it is not helpful to tell us everything is fine. The error message points to an DNS error, so we would like to verify.
So, what is the output of the ipconfig /all on Windows? What is the output of ip a on UCS DC?
What is the output of nslookup _ldap._tcp.pdc._msdcs.your.domain on Win?
GReetings
/KNEBB
Please find the requested details…
C:\Users\marif>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : marif-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connecti
Physical Address. . . . . . . . . : 00-50-56-94-42-F0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b0c2:f530:df54:ca08%11(Preferre
IPv4 Address. . . . . . . . . . . : 172.16.17.156(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.17.1
DHCPv6 IAID . . . . . . . . . . . : 234901590
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-27-6A-8B-00-50-56-94-4
DNS Servers . . . . . . . . . . . : 172.16.17.163
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{57E03B62-8F18-4D29-AA74-F20F88C31ECD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\marif>nslookup _ldap._tcp.pdc._msdcs.mytech.intranet
Server: ucs-7370.mytech.intranet
Address: 172.16.17.163
Name: _ldap._tcp.pdc._msdcs.mytech.intranet
UCS server IP is 172.16.17.163
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:94:aa:c5 brd ff:ff:ff:ff:ff:ff
inet 172.16.17.163/24 brd 172.16.17.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe94:aac5/64 scope link
valid_lft forever preferred_lft forever
Ok, this looks good, indeed.
I am just wondering what domain name do you enter when trying to join? And, again, you join the Win machine as a member server, correct? Or are you trying to join as a backup or slave?
computer name : marif-PC
trying to join marif-PC to mytech.intranet Domin.
I am trying to add windows server as member server.
can i add attachment here?
-Arif
is there any way to make sure DNS service is running fine on UCS server? or i can get some debug logs regarding DNS service?
-Arif
You may run:
/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
rg
Christian
And you might want to have a look at:
Thank You for the link!!!
bind9 is runing fine.
root@ucs-7370:/etc/init.d# /etc/init.d/bind9 status
● bind9.service - LSB: bind9 Domain Name Server (DNS)
Loaded: loaded (/etc/init.d/bind9)
Drop-In: /run/systemd/generator/bind9.service.d
└─50-insserv.conf-$named.conf
Active: active (exited) since Mon 2018-02-26 07:45:28 EST; 1 day 22h ago
Process: 1190 ExecStart=/etc/init.d/bind9 start (code=exited, status=0/SUCCESS)
Feb 26 07:45:28 ucs-7370 systemd[1]: Started LSB: bind9 Domain Name Server (DNS).
Feb 26 07:45:28 ucs-7370 bind9[1190]: Starting bind9 Domain Name Server (DNS): samba4.
but samba-ad-dc is not providing any status.
root@ucs-7370:/etc/init.d# /etc/init.d/samba-ad-dc status
root@ucs-7370:/etc/init.d#
I had restarted the service still same status.
-Arif
What does the output say ?
rg
Christian
Please find the below output…
root@ucs-7370:/usr/share/univention-samba4/scripts# ./check_essential_samba4_dns_records.sh
gc._msdcs.mytech.intranet has address 172.16.17.163
_gc._tcp.mytech.intranet has SRV record 0 100 3268 ucs-7370.mytech.intranet.
_ldap._tcp.gc._msdcs.mytech.intranet has SRV record 0 100 3268 ucs-7370.mytech.intranet.
_ldap._tcp.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_ldap._tcp.dc._msdcs.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_ldap._tcp.pdc._msdcs.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_ldap._tcp.0a9c5f6e-6bfe-4301-a05b-4ccf587f55a2.domains._msdcs.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_kerberos._tcp.dc._msdcs.mytech.intranet has SRV record 0 100 88 ucs-7370.mytech.intranet.
_kerberos._tcp.mytech.intranet has SRV record 0 100 88 ucs-7370.mytech.intranet.
_kerberos._udp.mytech.intranet has SRV record 0 100 88 ucs-7370.mytech.intranet.
_kpasswd._tcp.mytech.intranet has SRV record 0 100 464 ucs-7370.mytech.intranet.
_kpasswd._udp.mytech.intranet has SRV record 0 100 464 ucs-7370.mytech.intranet.
Located DC ‘ucs-7370’ in site ‘Default-First-Site-Name’
5728fcd5-8fe0-496f-a11d-09b2e88e5ca7._msdcs.mytech.intranet is an alias for ucs-7370.mytech.intranet.
_ldap._tcp.Default-First-Site-Name._sites.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mytech.intranet has SRV record 0 100 389 ucs-7370.mytech.intranet.
_kerberos._tcp.Default-First-Site-Name._sites.mytech.intranet has SRV record 0 100 88 ucs-7370.mytech.intranet.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mytech.intranet has SRV record 0 100 88 ucs-7370.mytech.intranet.
_gc._tcp.Default-First-Site-Name._sites.mytech.intranet has SRV record 0 100 3268 ucs-7370.mytech.intranet.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mytech.intranet has SRV record 0 100 3268 ucs-7370.mytech.intranet.
_kerberos.mytech.intranet descriptive text “MYTECH.INTRANET”
I was trying to uninstall and install Active Directory-compatible Domain Controller…
Could not fulfill the request.
Server error message:
Name or service not known. This is probably due to the DNS settings of your server. You may find help at https://docs.software-univention.de/manual-4.2.html#networks:dns.
Does that lead to somewhere?
-Arif
Well, it points to exact the same reason we were pointing to all the time - DNS. We just have not found the root cause yet.
So please re-check your network settings again. Check if you have external nameservers configured and in your network settings your DC master ist set as DNS-Server, too.
/KNEBB
FYI:
I have started /etc/init.d/samba-ad-dc
root@ucs-7370:/etc/init.d# ./samba-ad-dc status
● samba-ad-dc.service - LSB: start Samba daemons for the AD DC
Loaded: loaded (/etc/init.d/samba-ad-dc)
Active: active (exited) since Wed 2018-02-28 10:54:12 EST; 23min ago
Process: 26670 ExecStop=/etc/init.d/samba-ad-dc stop (code=exited, status=0/SUCCESS)
Process: 27299 ExecStart=/etc/init.d/samba-ad-dc start (code=exited, status=0/SUCCESS)
Feb 28 10:54:12 ucs-7370 systemd[1]: Starting LSB: start Samba daemons for the AD DC…
Feb 28 10:54:12 ucs-7370 samba-ad-dc[27299]: samba-ad-dc disabled by ucr var samba4/autostart=false
Feb 28 10:54:12 ucs-7370 systemd[1]: Started LSB: start Samba daemons for the AD DC.
It looks like samba4 did not get installed in the UCS system…
root@ucs-7370:/etc/init.d# systemctl status samba4.service
● samba4.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
Same result i am getting when i am trying to start from GUI.
Thank You
-Arif
You do not have samba4 installed.
UMC --> Software --> Apps --> install samba4 (Samba AD-Domain Controller).
I had install it but it was not coming up automatically.
even though samba4 seems to be not required running in back end the service is required that is samba-ad-dc.
I checked samba-ad-dc was not coming up automatically because it was masked by other services.
root@ucs-7370:/var/log/samba# systemctl start samba4.service
samba-ad-dc Failed to start samba-ad-dc.service: Unit samba-ad-dc.service is masked.
I have unmasked this service and start it. Still it did not work.
so i installed UCS server again and now i am able to add my windows client in domain and able to login with Domain user.
Still we did not have root cause, why this issue comes but i had learnt many things regarding UCS server and clients.
Thank You for all the UCS help users that supported and answered my Queries.
-Arif