Probleme mit Gruppenrichtlinien für Win7 Clients

german

#1

Hallo zusammen,

habe derzeit ein Problem mit den Gruppenrichtlinien mit allen Windows7 Clients.
Die GPO´s werden leider von den Clients nicht übernommen. Im EventLog finden sich folgende Einträge
Es handelt sich hierbei um die Default Domain Policy.

Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LDAP://CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ad,DC=XXXXX,DC=de" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden.
- System 
  - Provider 
   [ Name]  Microsoft-Windows-GroupPolicy 
   [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9} 
   EventID 1096 
   Version 0 
   Level 2 
   Task 0 
   Opcode 1 
   Keywords 0x8000000000000000 
  - TimeCreated
   [ SystemTime]  2017-01-07T00:12:01.174576700Z 
   EventRecordID 372853 
  - Correlation 
   [ ActivityID]  {B52A992E-A5DD-44BD-BB04-9350EC87C89F} 
  - Execution 
   [ ProcessID]  1208 
   [ ThreadID]  4176 
   Channel System 
   Computer XXXXX.ad.XXXXX.de 
  - Security 
   [ UserID]  S-1-5-18 
- EventData 
  SupportInfo1 2 
  SupportInfo2 1254 
  ProcessingMode 0 
  ProcessingTimeInMilliseconds 6583 
  ErrorCode 1326 
  ErrorDescription Anmeldung fehlgeschlagen: unbekannter Benutzername oder falsches Kennwort.  
  DCName ucs.ad.XXXXX.de 
  GPOCNName LDAP://CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ad,DC=XXXXX,DC=de 
  FilePath ad.XXXXX.desysvolad.XXXXX.dePolicies{31B2F340-016D-11D2-945F-00C04FB984F9}Machineregistry.pol 

Kurz darauf erscheint folgender Fehler:

- System 
  - Provider
   [ Name]  SceCli 
  - EventID 1001
   [ Qualifiers]  49152 
   Level 2 
   Task 0 
   Keywords 0x80000000000000 
  - TimeCreated 
   [ SystemTime]  2017-01-07T00:12:33.000000000Z 
   EventRecordID 209289 
   Channel Application 
   Computer XXXXX.ad.XXXXX.de 
   Security 
- EventData 
   Auf die Vorlage kann nicht zugegriffen werden. Fehlercode = 3. ad.XXXXX.desysvolad.XXXXX.dePolicies{31B2F340-016D-11D2-945F-00C04FB984F9}MachineMicrosoftWindows NTSecEditGptTmpl.inf 

der Administrator Account bei dem die GPOs propagiert werden soll, kann auf das Sysvol Verzeichnis auf dem DC zugreifen und die GPO öffnen.
Bei dem Benutzer S-1-5-18 handelt es sich um den Windows Benutzer “Lokales System”, wie kann ich diesen Benutzer Zugriff auf Sysvol erteilen?

Zum System:
Neue Domain erstellt, Clients hinzugefügt, anschließend wurden erst aktuellen PolicyDefinitions von MS ins Sysvol Verzeichnis eingespielt und zum Test ein paar Einstellungen für die Clients gesetzt.

Kann jemand helfen?

Besten Dank und Gruß

Deckel


#2

Ich bin da bisher eigentlich nur im Windows Umfeld darauf gestoßen. Tritt die Fehlermeldung auf dem Client auf? Können Sie die Registry.pol in C:WindowsSystem32GroupPolicyMachine umbenennen, den Client neustarten und gpupdate /force noch einmal ausführen?


#3

Der Ordern ist leider leer.

Ein Rejoin in die Domain bzw gpupdate /force hat leider nicht geholfen.


#4

Hallo deckel,

ich hatte das gleiche Problem, als ich letzte Woche die UCS-Domaine neu aufgesetzt hatte. Bei mir lag es aber nicht an UCS bzw. den Berechtigungen zum sysvol-Verzeichnis (auch wenn die Einträge im EventLog das vermuten lassen), sondern es war ein Problem von Windows7. Mit den Updates MS16-072 am Patchday 14.06.2016 hat MS nämlich den Übernahmeprozess der GPO geändert.

Siehe http://www.gruppenrichtlinien.de/artikel/sicherheitsfilterung-neu-erfunden-ms16-072-patchday-14062016/

Ich habe dann im Reiter “Delegierung” der jew. Richtlinien die Gruppe “Domain Computers” mit Leserechten hinzugefügt und das wars.

HTH & Gruß,
Dirk Hermandung


#5

Hallo Dirk,

besten Dank für den Tip. Die Delegierung habe ich hinzugefügt. Leider auch ohne Erfolg.

Ein gpupdate /force erzeugt auf in der Samba Log folgende Einträge:

  dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 22:43:20 2017 CET

  ldb_wrap open of secrets.ldb
  ldb_wrap open of secrets.ldb
  ldb_wrap open of secrets.ldb
  ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:86: doing DsBind with system_session
  ldb_wrap open of secrets.ldb
  ldb_wrap open of secrets.ldb
  ldb_wrap open of secrets.ldb
  ldb_wrap open of secrets.ldb
  Kerberos: TGS-REQ WINDOWS7$@AD.XXXXX.DE from ipv4:192.168.XXX.120:53101 for WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE [canonicalize, renewable, forwardable]
  Kerberos: TGS-REQ authtime: 2017-01-18T22:24:03 starttime: 2017-01-18T22:43:17 endtime: 2017-01-19T08:24:03 renew till: 2017-01-25T22:24:03
  Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
  Kerberos: TGS-REQ WINDOWS7$@AD.XXXXX.DE from ipv4:192.168.XXX.120:53102 for WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE [canonicalize, request-anonymous, renewable, forwardable]
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
  Kerberos: Bad request for constrained delegation
  Kerberos: constrained delegation from WINDOWS7$@AD.XXXXX.DE (WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE) as WINDOWS7$@AD.XXXXX.DE to WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE not allowed
  Kerberos: Failed building TGS-REP to ipv4:192.168.XXX.120:53102
  Terminating connection - 'kdc_tcp_call_loop: proxying requested when not RODC'
  single_terminate: reason[kdc_tcp_call_loop: proxying requested when not RODC]
  added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
  added interface eth0 ip=192.168.XXX.10 bcast=192.168.XXX.255 netmask=255.255.255.0
  Kerberos: TGS-REQ WINDOWS7$@AD.XXXXX.DE from ipv4:192.168.XXX.120:53103 for WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE [canonicalize, request-anonymous, renewable, forwardable]
  Kerberos: Bad request for constrained delegation
  Kerberos: constrained delegation from WINDOWS7$@AD.XXXXX.DE (WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE) as WINDOWS7$@AD.XXXXX.DE to WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE not allowed
  Kerberos: Failed building TGS-REP to ipv4:192.168.XXX.120:53103
  Terminating connection - 'kdc_tcp_call_loop: proxying requested when not RODC'
  single_terminate: reason[kdc_tcp_call_loop: proxying requested when not RODC]
  added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
  added interface eth0 ip=192.168.XXX.10 bcast=192.168.XXX.255 netmask=255.255.255.0
  Kerberos: TGS-REQ WINDOWS7$@AD.XXXXX.DE from ipv4:192.168.XXX.120:53104 for WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE [canonicalize, request-anonymous, renewable, forwardable]
  Kerberos: Bad request for constrained delegation
  Kerberos: constrained delegation from WINDOWS7$@AD.XXXXX.DE (WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE) as WINDOWS7$@AD.XXXXX.DE to WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE not allowed
  Kerberos: Failed building TGS-REP to ipv4:192.168.XXX.120:53104
  Terminating connection - 'kdc_tcp_call_loop: proxying requested when not RODC'
  single_terminate: reason[kdc_tcp_call_loop: proxying requested when not RODC]
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
  dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 22:43:25 2017 CET
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
  dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 22:43:30 2017 CET
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
  ldb_wrap open of secrets.ldb
  ldb_wrap open of secrets.ldb
  Kerberos: AS-REQ WINDOWS7$@AD.XXXXX.DE from ipv4:192.168.XXX.120:53114 for krbtgt/AD.XXXXX.DE@AD.XXXXX.DE
  Kerberos: Client sent patypes: 128
  Kerberos: Looking for PKINIT pa-data -- WINDOWS7$@AD.XXXXX.DE
  Kerberos: Looking for ENC-TS pa-data -- WINDOWS7$@AD.XXXXX.DE
  Kerberos: No preauth found, returning PREAUTH-REQUIRED -- WINDOWS7$@AD.XXXXX.DE
  Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
  Kerberos: AS-REQ WINDOWS7$@AD.XXXXX.DE from ipv4:192.168.XXX.120:53115 for krbtgt/AD.XXXXX.DE@AD.XXXXX.DE
  Kerberos: Client sent patypes: encrypted-timestamp, 128
  Kerberos: Looking for PKINIT pa-data -- WINDOWS7$@AD.XXXXX.DE
  Kerberos: Looking for ENC-TS pa-data -- WINDOWS7$@AD.XXXXX.DE
  Kerberos: ENC-TS Pre-authentication succeeded -- WINDOWS7$@AD.XXXXX.DE using aes256-cts-hmac-sha1-96
  authsam_account_ok: Checking SMB password for user WINDOWS7$@AD.XXXXX.DE
  Kerberos: AS-REQ authtime: 2017-01-18T22:43:28 starttime: unset endtime: 2017-01-19T08:43:28 renew till: 2017-01-25T22:43:28
  Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, arcfour-hmac-md5, -133, -128, 24, -135, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
  Kerberos: Requested flags: renewable-ok, canonicalize, renewable, forwardable
  Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
  Kerberos: TGS-REQ WINDOWS7$@AD.XXXXX.DE from ipv4:192.168.XXX.120:53116 for WINDOWS7$@AD.XXXXX.DE [canonicalize, renewable, forwardable]
  Kerberos: TGS-REQ authtime: 2017-01-18T22:43:28 starttime: 2017-01-18T22:43:28 endtime: 2017-01-19T08:43:28 renew till: 2017-01-25T22:43:28
  Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
  Kerberos: TGS-REQ WINDOWS7$@AD.XXXXX.DE from ipv4:192.168.XXX.120:53117 for WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE [canonicalize, renewable, forwardable]
  Kerberos: TGS-REQ authtime: 2017-01-18T22:24:03 starttime: 2017-01-18T22:43:28 endtime: 2017-01-19T08:24:03 renew till: 2017-01-25T22:24:03
  Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
  Kerberos: TGS-REQ WINDOWS7$@AD.XXXXX.DE from ipv4:192.168.XXX.120:53118 for WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE [canonicalize, request-anonymous, renewable, forwardable]
  Kerberos: Bad request for constrained delegation
  Kerberos: constrained delegation from WINDOWS7$@AD.XXXXX.DE (WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE) as WINDOWS7$@AD.XXXXX.DE to WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE not allowed
  Kerberos: Failed building TGS-REP to ipv4:192.168.XXX.120:53118
  Terminating connection - 'kdc_tcp_call_loop: proxying requested when not RODC'
  single_terminate: reason[kdc_tcp_call_loop: proxying requested when not RODC]
  added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
  added interface eth0 ip=192.168.XXX.10 bcast=192.168.XXX.255 netmask=255.255.255.0
  Kerberos: TGS-REQ WINDOWS7$@AD.XXXXX.DE from ipv4:192.168.XXX.120:53119 for WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE [canonicalize, request-anonymous, renewable, forwardable]
  Kerberos: Bad request for constrained delegation
  Kerberos: constrained delegation from WINDOWS7$@AD.XXXXX.DE (WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE) as WINDOWS7$@AD.XXXXX.DE to WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE not allowed
  Kerberos: Failed building TGS-REP to ipv4:192.168.XXX.120:53119
  Terminating connection - 'kdc_tcp_call_loop: proxying requested when not RODC'
  single_terminate: reason[kdc_tcp_call_loop: proxying requested when not RODC]
  added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
  added interface eth0 ip=192.168.XXX.10 bcast=192.168.XXX.255 netmask=255.255.255.0
  Kerberos: TGS-REQ WINDOWS7$@AD.XXXXX.DE from ipv4:192.168.XXX.120:53120 for WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE [canonicalize, request-anonymous, renewable, forwardable]
  Kerberos: Bad request for constrained delegation
  Kerberos: constrained delegation from WINDOWS7$@AD.XXXXX.DE (WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE) as WINDOWS7$@AD.XXXXX.DE to WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE not allowed
  Kerberos: Failed building TGS-REP to ipv4:192.168.XXX.120:53120
  Terminating connection - 'kdc_tcp_call_loop: proxying requested when not RODC'
  single_terminate: reason[kdc_tcp_call_loop: proxying requested when not RODC]
  dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 22:43:35 2017 CET
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
  dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 22:43:40 2017 CET
  dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 22:43:45 2017 CET
  dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 22:43:50 2017 CET
  ldb_wrap open of secrets.ldb
  schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/WINDOWS7
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
  dreplsrv_periodic_run(): schedule pull replication
  dreplsrv_refresh_partition(DC=ForestDnsZones,DC=ad,DC=XXXXX,DC=de)
  dreplsrv_refresh_partition(DC=DomainDnsZones,DC=ad,DC=XXXXX,DC=de)
  dreplsrv_refresh_partition(DC=ad,DC=XXXXX,DC=de)
  dreplsrv_refresh_partition(CN=Schema,CN=Configuration,DC=ad,DC=XXXXX,DC=de)
  dreplsrv_refresh_partition(CN=Configuration,DC=ad,DC=XXXXX,DC=de)
  dreplsrv_periodic_run(): run pending_ops memory=130
  dreplsrv_periodic_schedule(300) scheduled for: Wed Jan 18 22:48:49 2017 CET
  dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 22:43:55 2017 CET
  dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 22:44:00 2017 CET
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
  single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
  dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 22:44:05 2017 CET
  dreplsrv_notify_schedule(5) scheduled for: Wed Jan 18 22:44:10 2017 CET

Interessant ist denke ich die Zeile:

  Kerberos: constrained delegation from WINDOWS7$@AD.XXXXX.DE ([b]WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE[/b]) as WINDOWS7$@AD.XXXXX.DE to WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE not allowed

Aus welchen Grund wird der Realm zweimal angegeben WINDOWS7$@AD.XXXXX.DE@AD.XXXXX.DE?

Zu dem Problem konnte ich folgendes finden:
https://lists.samba.org/archive/samba-technical/2011-December/080841.html

msdfs ist aber aktiviert:

[code]
root@xxxx~# testparm -v | grep “host msdfs”
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section “[netlogon]”
Processing section “[sysvol]”
Processing section “[homes]”
Processing section “[printers]”
Processing section “[print$]”
Loaded services file OK.
‘winbind separator = +’ might cause problems with group membership.

Server role: ROLE_ACTIVE_DIRECTORY_DC

Press enter to see a dump of your service definitions

    host msdfs = Yes[/code]

Die GPOs können aber weiterhin nicht abgerufen werden. :frowning:

Gruß

Deckel


#6

Sagt das Event Log eigentlich auch jetzt noch das Folgende?

ErrorCode 1326 ErrorDescription Anmeldung fehlgeschlagen: unbekannter Benutzername oder falsches Kennwort.


#7

Hallo,

die Meldungen tauchen auch weiterhin auf in den Logs auf.
Aus Frust habe ich mal die Gruppe “Everyone” und einzelne Computer auf volle Berechtigung delegiert.
Leider auch ohne Erfolg.


#8

Hm… zunächst: “lokales System” ist ein Microsoft Dienstkonto: “NT AUTHORITYSYSTEM” - ich bin mir im Moment noch unsicher, ob die Kerberos Meldung tatsächlich er Grund oder nur ein Symptom ist. Ich denke ich würde als Ansatz die Berechtigungen auf dem freigegebenen Ordner bis zur Wurzel prüfen und ggf. korrigieren.


#9

Hallo zusammen,

anscheinend hat die Synchronisierung zwischen UCS und Samba seit einiger Zeit auf dem System nicht mehr funktioniert…

[code]univention-s4connector-list-rejected

20090: UCS DN: cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de
S4 DN:
Filename: /var/lib/univention-connector/s4/1486049962.566532

20091: UCS DN: cn=CLIENT1,cn=Computers,dc=ad,dc=XXXXXX,dc=de
S4 DN:
Filename: /var/lib/univention-connector/s4/1486049963.149308

S4 rejected

15: S4 DN: CN=CLIENT1,CN=Computers,DC=ad,DC=XXXXXX,DC=de
UCS DN:

    last synced USN: 12607

[/code]

[code]16:43:13,867 LDAP (PROCESS): sync from ucs: [windowscomputer] [ add] CN=CLIENT1,CN=Computers,DC=ad,DC=XXXXXXX,DC=de
16:43:13,869 LDAP (PROCESS): Unable to sync CN=CLIENT1,CN=Computers,DC=ad,DC=XXXXXXX,DC=de (GUID: 1867c3db-236b-4fc3-b8bc-6dccf1084a99). The object is currently locked.
16:43:14,100 LDAP (PROCESS): sync from ucs: [windowscomputer] [ delete] CN=CLIENT1,CN=Computers,DC=ad,DC=XXXXXXX,DC=de
16:43:14,102 LDAP (PROCESS): Unable to sync CN=CLIENT1,CN=Computers,DC=ad,DC=XXXXXXX,DC=de (GUID: 1867c3db-236b-4fc3-b8bc-6dccf1084a99). The object is currently locked.
16:46:23,932 LDAP (PROCESS): sync to ucs: [windowscomputer] [ add] cn=CLIENT2,CN=Computers,dc=ad,dc=XXXXXXX,dc=de
16:46:26,515 LDAP (ERROR ): Unknown Exception during sync_to_ucs
16:46:26,515 LDAP (ERROR ): Traceback (most recent call last):
File “/usr/lib/pymodules/python2.7/univention/s4connector/init.py”, line 1475, in sync_to_ucs
result = self.add_in_ucs(property_type, object, module, position)
File “/usr/lib/pymodules/python2.7/univention/s4connector/init.py”, line 1262, in add_in_ucs
return ucs_object.create() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position)
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/init.py”, line 305, in create
return self._create()
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/init.py”, line 764, in _create
self._ldap_post_create()
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/computers/windows.py”, line 478, in _ldap_post_create
univention.admin.handlers.simpleComputer.update_groups(self)
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/init.py”, line 2454, in update_groups
groupObject.modify(ignore_license=1)
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/init.py”, line 316, in modify
return self._modify(modify_childs, ignore_license=ignore_license)
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/init.py”, line 810, in _modify
self.lo.modify(self.dn, ml, ignore_license=ignore_license)
File “/usr/lib/pymodules/python2.7/univention/admin/uldap.py”, line 403, in modify
raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
ldapError: Type or value exists: modify/add: memberUid: value #0 already exists

16:46:26,515 LDAP (WARNING): sync to ucs was not successfull, save rejected
16:46:26,516 LDAP (WARNING): object was: CN=CLIENT2,CN=Computers,DC=ad,DC=XXXXXXX,DC=de
16:46:26,734 LDAP (PROCESS): sync to ucs: [ dns] [ modify] relativedomainname=CLIENT2,zonename=ad.XXXXXXX.de,cn=dns,dc=ad,dc=XXXXXXX,dc=de
16:46:27,9 LDAP (PROCESS): sync to ucs: [ user] [ modify] uid=CLIENT2,cn=users,dc=ad,dc=XXXXXXX,dc=de
17:09:49,94 LDAP (PROCESS): sync to ucs: [ container] [ delete] CN=User,cn={2602FFE0-93CD-4183-9577-289801E6E6D0}\0ADEL:db2a3c23-6177-4fb2-a850-d18dfe2e534f,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de
17:09:49,95 LDAP (WARNING): Object to delete doesn’t exsist, ignore (CN=User,cn={2602FFE0-93CD-4183-9577-289801E6E6D0}\0ADEL:db2a3c23-6177-4fb2-a850-d18dfe2e534f,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de)
17:09:49,323 LDAP (PROCESS): sync to ucs: [ container] [ delete] CN=User,cn={25ED154E-9954-4C26-A7FD-CC1AEA43DB62}\0ADEL:44e1a68f-c308-4597-ac83-d5208eade199,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de
17:09:49,323 LDAP (WARNING): Object to delete doesn’t exsist, ignore (CN=User,cn={25ED154E-9954-4C26-A7FD-CC1AEA43DB62}\0ADEL:44e1a68f-c308-4597-ac83-d5208eade199,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de)
17:09:49,511 LDAP (PROCESS): sync to ucs: [ container] [ delete] CN=Machine,cn={8301C981-D0DD-4540-8EE3-406FC31B3611}\0ADEL:827932e2-3b97-4594-a3b9-9c956117b33c,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de
17:09:49,512 LDAP (WARNING): Object to delete doesn’t exsist, ignore (CN=Machine,cn={8301C981-D0DD-4540-8EE3-406FC31B3611}\0ADEL:827932e2-3b97-4594-a3b9-9c956117b33c,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de)
17:09:49,692 LDAP (PROCESS): sync to ucs: [ container] [ delete] CN=User,cn={8301C981-D0DD-4540-8EE3-406FC31B3611}\0ADEL:827932e2-3b97-4594-a3b9-9c956117b33c,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de
17:09:49,692 LDAP (WARNING): Object to delete doesn’t exsist, ignore (CN=User,cn={8301C981-D0DD-4540-8EE3-406FC31B3611}\0ADEL:827932e2-3b97-4594-a3b9-9c956117b33c,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de)
17:09:50,572 LDAP (PROCESS): sync to ucs: [ container] [ delete] CN=Machine,cn={25ED154E-9954-4C26-A7FD-CC1AEA43DB62}\0ADEL:44e1a68f-c308-4597-ac83-d5208eade199,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de
17:09:50,572 LDAP (WARNING): Object to delete doesn’t exsist, ignore (CN=Machine,cn={25ED154E-9954-4C26-A7FD-CC1AEA43DB62}\0ADEL:44e1a68f-c308-4597-ac83-d5208eade199,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de)
17:09:50,789 LDAP (PROCESS): sync to ucs: [ container] [ delete] CN=Machine,cn={CE17AF61-6C8B-4B44-AFFB-B8B1A6F66269}\0ADEL:3c5c4e3e-2e20-478d-8a17-6106df706472,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de
17:09:50,789 LDAP (WARNING): Object to delete doesn’t exsist, ignore (CN=Machine,cn={CE17AF61-6C8B-4B44-AFFB-B8B1A6F66269}\0ADEL:3c5c4e3e-2e20-478d-8a17-6106df706472,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de)
17:09:50,973 LDAP (PROCESS): sync to ucs: [ container] [ delete] CN=Machine,cn={8ADEBC14-7961-4924-9DD1-6898537CFBB4}\0ADEL:7cfeb467-ab46-4275-85fd-4c3bccbd49b9,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de
17:09:50,973 LDAP (WARNING): Object to delete doesn’t exsist, ignore (CN=Machine,cn={8ADEBC14-7961-4924-9DD1-6898537CFBB4}\0ADEL:7cfeb467-ab46-4275-85fd-4c3bccbd49b9,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de)
17:09:51,182 LDAP (PROCESS): sync to ucs: [ container] [ delete] CN=User,cn={CE17AF61-6C8B-4B44-AFFB-B8B1A6F66269}\0ADEL:3c5c4e3e-2e20-478d-8a17-6106df706472,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de
17:09:51,182 LDAP (WARNING): Object to delete doesn’t exsist, ignore (CN=User,cn={CE17AF61-6C8B-4B44-AFFB-B8B1A6F66269}\0ADEL:3c5c4e3e-2e20-478d-8a17-6106df706472,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de)
17:09:51,371 LDAP (PROCESS): sync to ucs: [ container] [ delete] CN=Machine,cn={2602FFE0-93CD-4183-9577-289801E6E6D0}\0ADEL:db2a3c23-6177-4fb2-a850-d18dfe2e534f,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de
17:09:51,371 LDAP (WARNING): Object to delete doesn’t exsist, ignore (CN=Machine,cn={2602FFE0-93CD-4183-9577-289801E6E6D0}\0ADEL:db2a3c23-6177-4fb2-a850-d18dfe2e534f,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de)
17:09:51,550 LDAP (PROCESS): sync to ucs: [ container] [ delete] CN=User,cn={8ADEBC14-7961-4924-9DD1-6898537CFBB4}\0ADEL:7cfeb467-ab46-4275-85fd-4c3bccbd49b9,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de
17:09:51,550 LDAP (WARNING): Object to delete doesn’t exsist, ignore (CN=User,cn={8ADEBC14-7961-4924-9DD1-6898537CFBB4}\0ADEL:7cfeb467-ab46-4275-85fd-4c3bccbd49b9,CN=Deleted Objects,dc=ad,dc=XXXXXXX,dc=de)
17:12:30,900 MAIN (------ ): DEBUG_INIT
17:22:41,154 LDAP (PROCESS): sync to ucs: [ dns] [ modify] relativedomainname=produktion-pc,zonename=ad.XXXXXXX.de,cn=dns,dc=ad,dc=XXXXXXX,dc=de
17:22:41,376 LDAP (PROCESS): sync to ucs: [ dns] [ modify] zonename=ad.XXXXXXX.de,cn=dns,dc=ad,dc=XXXXXXX,dc=de
[/code]


#10

basierte auf einem Problem das mittlerweile repariert sein müsste. Ist das System up-to-date?


#11

Hallo,

das hört sich zumindest erfolgsversprechend an.

Die momentan installierte Version ist 4.1-4 errata366.

Werde das System gleich mal Updaten und Feedback geben.

Besten Dank & Gruß

Deckel


#12

Zu früh gefreut…

Im Logfile tauchen immer noch permanent der Fehler:

LDAP        (PROCESS): Unable to sync.....
 The object is currently locked.

#13

das system scheint so langsam die ganzen rejecten Files abzuarbeiten.

22:29:53,561 LDAP        (INFO   ): update_deleted_cache_after_removal: Save entryUUID d2dcabbc-6547-1036-8c4c-971c8480e31b as deleted to UCS deleted cache. ObjectGUUID: 1c2c612c-840e-4442-8c94-659e8aed2441
22:29:53,676 LDAP        (INFO   ): sync_from_ucs: unlock UCS entryUUID: d2dcabbc-6547-1036-8c4c-971c8480e31b
22:29:53,676 LDAP        (INFO   ): LockingDB: Execute SQL command: 'DELETE FROM UCS_LOCK WHERE uuid = ?;', '('d2dcabbc-6547-1036-8c4c-971c8480e31b',)'
22:29:53,676 LDAP        (ALL    ): sync from ucs return True
22:29:53,772 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1483369180.337510
22:29:53,774 LDAP        (INFO   ): _ignore_object: Do not ignore cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de
22:29:53,774 LDAP        (INFO   ): __sync_file_from_ucs: object was added: cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de
22:29:53,774 LDAP        (INFO   ): _ignore_object: Do not ignore cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de
22:29:53,774 LDAP        (INFO   ): _object_mapping: map with key windowscomputer and type ucs
22:29:53,774 LDAP        (INFO   ): _dn_type ucs
22:29:53,775 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key dn:
22:29:53,776 LDAP        (INFO   ): samaccount_dn_mapping: premapped S4 object not found
22:29:53,776 LDAP        (INFO   ): samaccount_dn_mapping: got an UCS-Object
22:29:53,776 LDAP        (INFO   ): samaccount_dn_mapping: search in s4 for (&(objectclass=computer)(samaccountname=CLIENT1$)(cn=CLIENT1))
22:29:53,779 LDAP        (INFO   ): samaccount_dn_mapping: newdn: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:53,780 LDAP        (INFO   ): samaccount_dn_mapping: newdn for key dn:
22:29:53,780 LDAP        (INFO   ): samaccount_dn_mapping: olddn: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:53,780 LDAP        (INFO   ): samaccount_dn_mapping: newdn: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:53,780 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key olddn:
22:29:53,781 LDAP        (INFO   ): _ignore_object: Do not ignore cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:53,781 LDAP        (INFO   ): __sync_file_from_ucs: finished mapping
22:29:53,781 LDAP        (INFO   ): sync_from_ucs: sync object: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:53,781 LDAP        (PROCESS): sync from ucs: [windowscomputer] [       add] cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:53,781 LDAP        (INFO   ): sync_from_ucs: add object: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:53,782 LDAP        (INFO   ): sync_from_ucs: lock UCS entryUUID: d46d2bbe-6547-1036-8c50-971c8480e31b
22:29:53,782 LDAP        (INFO   ): LockingDB: Execute SQL command: 'INSERT INTO UCS_LOCK(uuid) VALUES(?);', '('d46d2bbe-6547-1036-8c50-971c8480e31b',)'
22:29:53,915 LDAP        (INFO   ): to add: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:53,915 LDAP        (ALL    ): sync_from_ucs: addlist: [('objectClass', ['top', 'computer']), ('userAccountControl', ['4096']), (u'cn', [u'CLIENT1']), ('operatingSystemVersion', [u'6.1 (7601)']), ('sAMAccountName', [u'CLIENT1$']), ('operatingSystem', [u'Windows 7 Professional'])]
22:29:54,433 LDAP        (INFO   ): and modify: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:54,433 LDAP        (INFO   ): Call post_con_modify_functions: <function password_sync_ucs_to_s4 at 0x2f50c80>
22:29:54,433 LDAP        (INFO   ): password_sync_ucs_to_s4 called
22:29:54,433 LDAP        (INFO   ): Object DN=cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:54,433 LDAP        (INFO   ): _object_mapping: map with key windowscomputer and type con
22:29:54,433 LDAP        (INFO   ): _dn_type con
22:29:54,434 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key dn:
22:29:54,434 LDAP        (INFO   ): samaccount_dn_mapping: premapped UCS object found
22:29:54,435 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key olddn:
22:29:54,435 LDAP        (INFO   ):    UCS DN = cn=client1,cn=computers,dc=ad,dc=XXXXXX,dc=de
22:29:54,435 LDAP        (INFO   ): password_sync_ucs_to_s4: sambaPwdLastSet: 1485840824
22:29:54,435 LDAP        (INFO   ): password_sync_ucs_to_s4: sambaPwdMustChange: -1
22:29:54,436 LDAP        (INFO   ): password_sync_ucs_to_s4: pwdLastSet from S4 : 0
22:29:54,436 LDAP        (INFO   ): password_sync_ucs_to_s4: Failed to get NT Password-Hash from S4
22:29:54,436 LDAP        (INFO   ): password_sync_ucs_to_s4: Failed to get LM Password-Hash from S4
22:29:54,436 LDAP        (INFO   ): password_sync_ucs_to_s4: NT Hash S4: None NT Hash UCS: C99AEBDC0497EDFE072F631C1BDCAE67
22:29:54,436 LDAP        (INFO   ): calculate_supplementalCredentials: krb5_keytype: arcfour-hmac-md5 (23)
22:29:54,437 LDAP        (INFO   ): calculate_supplementalCredentials: krb5_keytype: aes256-cts-hmac-sha1-96 (18)
22:29:54,437 LDAP        (INFO   ): calculate_supplementalCredentials: krb5_keytype: aes128-cts-hmac-sha1-96 (17)
22:29:54,437 LDAP        (INFO   ): calculate_supplementalCredentials: krb5_keytype: des-cbc-md5 (3)
22:29:54,437 LDAP        (INFO   ): calculate_supplementalCredentials: krb5_keytype: des-cbc-crc (1)
22:29:54,437 LDAP        (INFO   ): calculate_supplementalCredentials: building Primary:Kerberos-Newer-Keys blob
22:29:54,437 LDAP        (INFO   ): calculate_supplementalCredentials: building Primary:Kerberos blob
22:29:54,437 LDAP        (INFO   ): password_sync_ucs_to_s4: pwdlastset in modlist: 131303144240000000
22:29:54,437 LDAP        (INFO   ): password_sync_ucs_to_s4: modlist: [(0, 'userPrincipalName', 'host/CLIENT1.ad.XXXXXX.de@AD.XXXXXX.DE'), (0, 'unicodePwd', 'xc9x9axebxdcx04x97xedxfex07/cx1cx1bxdcxaeg'), (0, 'supplementalCredentials', 'x00x00x00x00x8cx04x00x00x00x00x00x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00Px00x03x006x00xfcx01x01x00Px00rx00ix00mx00ax00rx00yx00:x00Kx00ex00rx00bx00ex00rx00ox00sx00-x00Nx00ex00wx00ex00rx00-x00Kx00ex00yx00sx000400000004000000000000004600460078000000000000000000000000000000000000001200000020000000be0000000000000000000000000000001100000010000000de0000000000000000000000000000000300000008000000ee0000000000000000000000000000000100000008000000f6000000410044002e00470045004e00490041004c0035002e004400450068006f007300740061006e006e0065002e00610064002e00670065006e00690061006c0035002e0064006500f188eabd8a2679771db17294ca5c91035e7aadbfbda2588f1863c49d14cf67657f5a7b04e2582bc0dfed0ff5259a81224c8ae0d9f149cbce4c8ae0d9f149cbcex10x00px00x02x00Px00ax00cx00kx00ax00gx00ex00sx004B00650072006200650072006F0073002D004E0065007700650072002D004B0065007900730000004B00650072006200650072006F007300 x00Dx01x01x00Px00rx00ix00mx00ax00rx00yx00:x00Kx00ex00rx00bx00ex00rx00ox00sx000300000002000000460046004c0000000000000000000000030000000800000092000000000000000000000001000000080000009a0000000000000000000000000000000000000000000000410044002e00470045004e00490041004c0035002e004400450068006f007300740061006e006e0065002e00610064002e00670065006e00690061006c0035002e00640065004c8ae0d9f149cbce4c8ae0d9f149cbcex00'), (2, 'pwdlastset', '131303144240000000'), (2, 'badPwdCount', '0'), (2, 'badPasswordTime', '0'), (2, 'lockoutTime', '0')]
22:29:54,603 LDAP        (INFO   ): Call post_con_modify_functions: <function password_sync_ucs_to_s4 at 0x2f50c80> (done)
22:29:54,603 LDAP        (INFO   ): sync_from_ucs: unlock UCS entryUUID: d46d2bbe-6547-1036-8c50-971c8480e31b
22:29:54,603 LDAP        (INFO   ): LockingDB: Execute SQL command: 'DELETE FROM UCS_LOCK WHERE uuid = ?;', '('d46d2bbe-6547-1036-8c50-971c8480e31b',)'
22:29:54,716 LDAP        (ALL    ): sync from ucs return True
22:29:54,841 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1483369180.738681
22:29:54,842 LDAP        (INFO   ): __sync_file_from_ucs: object was modified
22:29:54,842 LDAP        (INFO   ): _ignore_object: Do not ignore cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de
22:29:54,843 LDAP        (INFO   ): _object_mapping: map with key windowscomputer and type ucs
22:29:54,843 LDAP        (INFO   ): _dn_type ucs
22:29:54,843 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key dn:
22:29:54,844 LDAP        (INFO   ): get_object: got object: CN=client1,CN=Computers,DC=ad,DC=XXXXXX,DC=de
22:29:54,844 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
22:29:54,844 LDAP        (INFO   ): samaccount_dn_mapping: premapped S4 object found
22:29:54,844 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key olddn:
22:29:54,845 LDAP        (INFO   ): _ignore_object: Do not ignore cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:54,845 LDAP        (INFO   ): __sync_file_from_ucs: finished mapping
22:29:54,845 LDAP        (INFO   ): sync_from_ucs: sync object: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:54,845 LDAP        (PROCESS): sync from ucs: [windowscomputer] [    modify] cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:54,846 LDAP        (INFO   ): get_object: got object: CN=client1,CN=Computers,DC=ad,DC=XXXXXX,DC=de
22:29:54,846 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
22:29:54,846 LDAP        (INFO   ): LockingDB: Execute SQL command: 'SELECT id FROM S4_LOCK WHERE guid=?;', '('ac932b44-fd69-4454-9cc6-46a23ba22a3d',)'
22:29:54,846 LDAP        (INFO   ): LockingDB: Return SQL result: '[]'
22:29:54,846 LDAP        (INFO   ): sync_from_ucs: modify object: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:54,846 LDAP        (INFO   ): sync_from_ucs: old_object: {u'cn': [u'CLIENT1'], u'krb5PrincipalName': [u'host/CLIENT1.ad.XXXXXX.de@AD.XXXXXX.DE'], u'objectClass': [u'krb5KDCEntry', u'top', u'univentionHost', u'univentionObject', u'sambaSamAccount', u'person', u'shadowAccount', u'univentionWindows', u'krb5Principal', u'posixAccount'], u'uidNumber': [u'9780'], u'sambaAcctFlags': [u'[W          ]'], u'entryCSN': [u'20170102145939.838319Z#000000#000#000000'], u'structuralObjectClass': [u'person'], u'krb5MaxLife': [u'86400'], u'uid': [u'CLIENT1$'], u'hasSubordinates': [u'FALSE'], u'creatorsName': [u'cn=admin,dc=ad,dc=XXXXXX,dc=de'], u'univentionServerRole': [u'windows_client'], u'krb5MaxRenew': [u'604800'], u'loginShell': [u'/bin/false'], u'univentionOperatingSystemVersion': [u'6.1 (7601)'], u'entryUUID': [u'd46d2bbe-6547-1036-8c50-971c8480e31b'], u'univentionObjectType': [u'computers/windows'], u'krb5KDCFlags': [u'126'], u'gidNumber': [u'1005'], u'subschemaSubentry': [u'cn=Subschema'], u'entryDN': [u'cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de'], u'modifyTimestamp': [u'20170102145939Z'], u'displayName': [u'CLIENT1'], u'univentionOperatingSystem': [u'Windows 7 Professional'], u'modifiersName': [u'cn=admin,dc=ad,dc=XXXXXX,dc=de'], u'sambaSID': [u'S-1-4-9780'], u'createTimestamp': [u'20170102145939Z'], u'krb5KeyVersionNumber': [u'1'], u'sn': [u'CLIENT1'], u'homeDirectory': [u'/dev/null']}
22:29:54,847 LDAP        (INFO   ): sync_from_ucs: new_object: {u'cn': [u'CLIENT1'], u'krb5PrincipalName': [u'host/CLIENT1.ad.XXXXXX.de@AD.XXXXXX.DE'], u'objectClass': [u'krb5KDCEntry', u'top', u'univentionHost', u'univentionObject', u'sambaSamAccount', u'person', u'shadowAccount', u'univentionWindows', u'krb5Principal', u'posixAccount'], u'entryUUID': [u'd46d2bbe-6547-1036-8c50-971c8480e31b'], u'sambaAcctFlags': [u'[W          ]'], u'sambaPrimaryGroupSID': [u'S-1-5-21-2531875262-3403481124-1452167080-11011'], u'entryCSN': [u'20170102145940.324438Z#000000#000#000000'], u'structuralObjectClass': [u'person'], u'krb5MaxLife': [u'86400'], u'uid': [u'CLIENT1$'], u'hasSubordinates': [u'FALSE'], u'creatorsName': [u'cn=admin,dc=ad,dc=XXXXXX,dc=de'], u'univentionServerRole': [u'windows_client'], u'krb5MaxRenew': [u'604800'], u'loginShell': [u'/bin/false'], u'univentionOperatingSystemVersion': [u'6.1 (7601)'], u'uidNumber': [u'9780'], u'univentionObjectType': [u'computers/windows'], u'krb5KDCFlags': [u'126'], u'gidNumber': [u'1005'], u'subschemaSubentry': [u'cn=Subschema'], u'entryDN': [u'cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de'], u'modifyTimestamp': [u'20170102145940Z'], u'displayName': [u'CLIENT1'], u'univentionOperatingSystem': [u'Windows 7 Professional'], u'modifiersName': [u'cn=admin,dc=ad,dc=XXXXXX,dc=de'], u'sambaSID': [u'S-1-4-9780'], u'createTimestamp': [u'20170102145939Z'], u'krb5KeyVersionNumber': [u'1'], u'sn': [u'CLIENT1'], u'homeDirectory': [u'/dev/null']}
22:29:54,847 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: sambaPrimaryGroupSID
22:29:54,847 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: modifyTimestamp
22:29:54,847 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: entryCSN
22:29:54,847 LDAP        (ALL    ): nothing to modify: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:54,847 LDAP        (INFO   ): Call post_con_modify_functions: <function password_sync_ucs_to_s4 at 0x2f50c80>
22:29:54,847 LDAP        (INFO   ): password_sync_ucs_to_s4 called
22:29:54,847 LDAP        (INFO   ): password_sync_ucs_to_s4: the password for cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de has not been changed. Skipping password sync.
22:29:54,847 LDAP        (INFO   ): Call post_con_modify_functions: <function password_sync_ucs_to_s4 at 0x2f50c80> (done)
22:29:54,848 LDAP        (INFO   ): sync_from_ucs: unlock UCS entryUUID: d46d2bbe-6547-1036-8c50-971c8480e31b
22:29:54,848 LDAP        (INFO   ): LockingDB: Execute SQL command: 'DELETE FROM UCS_LOCK WHERE uuid = ?;', '('d46d2bbe-6547-1036-8c50-971c8480e31b',)'
22:29:54,848 LDAP        (ALL    ): sync from ucs return True
22:29:55,36 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1483369180.978978
22:29:55,36 LDAP        (INFO   ): __sync_file_from_ucs: object was deleted
22:29:55,37 LDAP        (INFO   ): _ignore_object: Do not ignore cn=CLIENT1,cn=Computers,dc=ad,dc=XXXXXX,dc=de
22:29:55,37 LDAP        (INFO   ): _object_mapping: map with key windowscomputer and type ucs
22:29:55,37 LDAP        (INFO   ): _dn_type ucs
22:29:55,38 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key dn:
22:29:55,38 LDAP        (INFO   ): get_object: got object: CN=client1,CN=Computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,38 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
22:29:55,39 LDAP        (INFO   ): samaccount_dn_mapping: premapped S4 object found
22:29:55,39 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key olddn:
22:29:55,39 LDAP        (INFO   ): _ignore_object: Do not ignore cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,40 LDAP        (INFO   ): __sync_file_from_ucs: finished mapping
22:29:55,40 LDAP        (INFO   ): sync_from_ucs: sync object: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,40 LDAP        (PROCESS): sync from ucs: [windowscomputer] [    delete] cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,40 LDAP        (INFO   ): get_object: got object: CN=client1,CN=Computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,40 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
22:29:55,40 LDAP        (INFO   ): LockingDB: Execute SQL command: 'SELECT id FROM S4_LOCK WHERE guid=?;', '('ac932b44-fd69-4454-9cc6-46a23ba22a3d',)'
22:29:55,41 LDAP        (INFO   ): LockingDB: Return SQL result: '[]'
22:29:55,41 LDAP        (ALL    ): delete: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,41 LDAP        (ALL    ): delete_in_s4: {'dn': u'cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de', 'attributes': {u'cn': [u'CLIENT1'], u'krb5PrincipalName': [u'host/CLIENT1.ad.XXXXXX.de@AD.XXXXXX.DE'], u'objectClass': [u'krb5KDCEntry', u'top', u'univentionHost', u'univentionObject', u'sambaSamAccount', u'person', u'shadowAccount', u'univentionWindows', u'krb5Principal', u'posixAccount'], u'uidNumber': [u'9780'], u'sambaAcctFlags': [u'[W          ]'], u'sambaPrimaryGroupSID': [u'S-1-5-21-2531875262-3403481124-1452167080-11011'], 'operatingSystemVersion': [u'6.1 (7601)'], u'entryCSN': [u'20170102145940.324438Z#000000#000#000000'], u'structuralObjectClass': [u'person'], u'krb5MaxLife': [u'86400'], u'uid': [u'CLIENT1$'], u'hasSubordinates': [u'FALSE'], u'creatorsName': [u'cn=admin,dc=ad,dc=XXXXXX,dc=de'], u'univentionServerRole': [u'windows_client'], u'krb5MaxRenew': [u'604800'], u'loginShell': [u'/bin/false'], u'univentionOperatingSystemVersion': [u'6.1 (7601)'], 'sAMAccountName': [u'CLIENT1$'], u'entryUUID': [u'd46d2bbe-6547-1036-8c50-971c8480e31b'], u'univentionObjectType': [u'computers/windows'], u'krb5KDCFlags': [u'126'], u'gidNumber': [u'1005'], u'subschemaSubentry': [u'cn=Subschema'], u'entryDN': [u'cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de'], u'modifyTimestamp': [u'20170102145940Z'], u'displayName': [u'CLIENT1'], u'univentionOperatingSystem': [u'Windows 7 Professional'], u'modifiersName': [u'cn=admin,dc=ad,dc=XXXXXX,dc=de'], u'sambaSID': [u'S-1-4-9780'], u'createTimestamp': [u'20170102145939Z'], u'krb5KeyVersionNumber': [u'1'], u'sn': [u'CLIENT1'], u'homeDirectory': [u'/dev/null'], 'operatingSystem': [u'Windows 7 Professional']}, 'modtype': 'delete'}
22:29:55,41 LDAP        (INFO   ): get_object: got object: CN=client1,CN=Computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,42 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
22:29:55,636 LDAP        (INFO   ): update_deleted_cache_after_removal: Save entryUUID d46d2bbe-6547-1036-8c50-971c8480e31b as deleted to UCS deleted cache. ObjectGUUID: ac932b44-fd69-4454-9cc6-46a23ba22a3d
22:29:55,762 LDAP        (INFO   ): sync_from_ucs: unlock UCS entryUUID: d46d2bbe-6547-1036-8c50-971c8480e31b
22:29:55,762 LDAP        (INFO   ): LockingDB: Execute SQL command: 'DELETE FROM UCS_LOCK WHERE uuid = ?;', '('d46d2bbe-6547-1036-8c50-971c8480e31b',)'
22:29:55,762 LDAP        (ALL    ): sync from ucs return True
22:29:55,871 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1483369767.202494
22:29:55,872 LDAP        (INFO   ): _ignore_object: Do not ignore cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de
22:29:55,872 LDAP        (INFO   ): __sync_file_from_ucs: object was added: cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de
22:29:55,872 LDAP        (INFO   ): _ignore_object: Do not ignore cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de
22:29:55,873 LDAP        (INFO   ): _object_mapping: map with key windowscomputer and type ucs
22:29:55,873 LDAP        (INFO   ): _dn_type ucs
22:29:55,873 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key dn:
22:29:55,874 LDAP        (INFO   ): samaccount_dn_mapping: premapped S4 object not found
22:29:55,874 LDAP        (INFO   ): samaccount_dn_mapping: got an UCS-Object
22:29:55,874 LDAP        (INFO   ): samaccount_dn_mapping: search in s4 for (&(objectclass=computer)(samaccountname=CLIENT1$)(cn=CLIENT1))
22:29:55,876 LDAP        (INFO   ): samaccount_dn_mapping: newdn: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,876 LDAP        (INFO   ): samaccount_dn_mapping: newdn for key dn:
22:29:55,876 LDAP        (INFO   ): samaccount_dn_mapping: olddn: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,876 LDAP        (INFO   ): samaccount_dn_mapping: newdn: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,876 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key olddn:
22:29:55,877 LDAP        (INFO   ): _ignore_object: Do not ignore cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,877 LDAP        (INFO   ): __sync_file_from_ucs: finished mapping
22:29:55,877 LDAP        (INFO   ): sync_from_ucs: sync object: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,877 LDAP        (PROCESS): sync from ucs: [windowscomputer] [       add] cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,878 LDAP        (INFO   ): sync_from_ucs: add object: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:55,878 LDAP        (INFO   ): sync_from_ucs: lock UCS entryUUID: 31ef491a-6549-1036-8c7c-971c8480e31b
22:29:55,878 LDAP        (INFO   ): LockingDB: Execute SQL command: 'INSERT INTO UCS_LOCK(uuid) VALUES(?);', '('31ef491a-6549-1036-8c7c-971c8480e31b',)'
22:29:56,39 LDAP        (INFO   ): to add: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:56,39 LDAP        (ALL    ): sync_from_ucs: addlist: [('objectClass', ['top', 'computer']), ('userAccountControl', ['4096']), (u'cn', [u'CLIENT1']), ('operatingSystemVersion', [u'6.1 (7601)']), ('sAMAccountName', [u'CLIENT1$']), ('operatingSystem', [u'Windows 7 Professional'])]
22:29:56,566 LDAP        (INFO   ): and modify: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:56,566 LDAP        (INFO   ): Call post_con_modify_functions: <function password_sync_ucs_to_s4 at 0x2f50c80>
22:29:56,566 LDAP        (INFO   ): password_sync_ucs_to_s4 called
22:29:56,566 LDAP        (INFO   ): Object DN=cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:56,566 LDAP        (INFO   ): _object_mapping: map with key windowscomputer and type con
22:29:56,566 LDAP        (INFO   ): _dn_type con
22:29:56,567 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key dn:
22:29:56,567 LDAP        (INFO   ): samaccount_dn_mapping: premapped UCS object found
22:29:56,567 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key olddn:
22:29:56,568 LDAP        (INFO   ):    UCS DN = cn=client1,cn=computers,dc=ad,dc=XXXXXX,dc=de
22:29:56,568 LDAP        (INFO   ): password_sync_ucs_to_s4: sambaPwdLastSet: 1485840824
22:29:56,568 LDAP        (INFO   ): password_sync_ucs_to_s4: sambaPwdMustChange: -1
22:29:56,569 LDAP        (INFO   ): password_sync_ucs_to_s4: pwdLastSet from S4 : 0
22:29:56,569 LDAP        (INFO   ): password_sync_ucs_to_s4: Failed to get NT Password-Hash from S4
22:29:56,569 LDAP        (INFO   ): password_sync_ucs_to_s4: Failed to get LM Password-Hash from S4
22:29:56,569 LDAP        (INFO   ): password_sync_ucs_to_s4: NT Hash S4: None NT Hash UCS: C99AEBDC0497EDFE072F631C1BDCAE67
22:29:56,569 LDAP        (INFO   ): calculate_supplementalCredentials: krb5_keytype: arcfour-hmac-md5 (23)
22:29:56,569 LDAP        (INFO   ): calculate_supplementalCredentials: krb5_keytype: aes256-cts-hmac-sha1-96 (18)
22:29:56,570 LDAP        (INFO   ): calculate_supplementalCredentials: krb5_keytype: aes128-cts-hmac-sha1-96 (17)
22:29:56,570 LDAP        (INFO   ): calculate_supplementalCredentials: krb5_keytype: des-cbc-md5 (3)
22:29:56,570 LDAP        (INFO   ): calculate_supplementalCredentials: krb5_keytype: des-cbc-crc (1)
22:29:56,570 LDAP        (INFO   ): calculate_supplementalCredentials: building Primary:Kerberos-Newer-Keys blob
22:29:56,570 LDAP        (INFO   ): calculate_supplementalCredentials: building Primary:Kerberos blob
22:29:56,570 LDAP        (INFO   ): password_sync_ucs_to_s4: pwdlastset in modlist: 131303144240000000
22:29:56,570 LDAP        (INFO   ): password_sync_ucs_to_s4: modlist: [(0, 'userPrincipalName', 'host/CLIENT1.ad.XXXXXX.de@AD.XXXXXX.DE'), (0, 'unicodePwd', 'xc9x9axebxdcx04x97xedxfex07/cx1cx1bxdcxaeg'), (0, 'supplementalCredentials', 'x00x00x00x00x8cx04x00x00x00x00x00x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00Px00x03x006x00xfcx01x01x00Px00rx00ix00mx00ax00rx00yx00:x00Kx00ex00rx00bx00ex00rx00ox00sx00-x00Nx00ex00wx00ex00rx00-x00Kx00ex00yx00sx000400000004000000000000004600460078000000000000000000000000000000000000001200000020000000be0000000000000000000000000000001100000010000000de0000000000000000000000000000000300000008000000ee0000000000000000000000000000000100000008000000f6000000410044002e00470045004e00490041004c0035002e004400450068006f007300740061006e006e0065002e00610064002e00670065006e00690061006c0035002e0064006500f188eabd8a2679771db17294ca5c91035e7aadbfbda2588f1863c49d14cf67657f5a7b04e2582bc0dfed0ff5259a81224c8ae0d9f149cbce4c8ae0d9f149cbcex10x00px00x02x00Px00ax00cx00kx00ax00gx00ex00sx004B00650072006200650072006F0073002D004E0065007700650072002D004B0065007900730000004B00650072006200650072006F007300 x00Dx01x01x00Px00rx00ix00mx00ax00rx00yx00:x00Kx00ex00rx00bx00ex00rx00ox00sx000300000002000000460046004c0000000000000000000000030000000800000092000000000000000000000001000000080000009a0000000000000000000000000000000000000000000000410044002e00470045004e00490041004c0035002e004400450068006f007300740061006e006e0065002e00610064002e00670065006e00690061006c0035002e00640065004c8ae0d9f149cbce4c8ae0d9f149cbcex00'), (2, 'pwdlastset', '131303144240000000'), (2, 'badPwdCount', '0'), (2, 'badPasswordTime', '0'), (2, 'lockoutTime', '0')]
22:29:56,694 LDAP        (INFO   ): Call post_con_modify_functions: <function password_sync_ucs_to_s4 at 0x2f50c80> (done)
22:29:56,694 LDAP        (INFO   ): sync_from_ucs: unlock UCS entryUUID: 31ef491a-6549-1036-8c7c-971c8480e31b
22:29:56,695 LDAP        (INFO   ): LockingDB: Execute SQL command: 'DELETE FROM UCS_LOCK WHERE uuid = ?;', '('31ef491a-6549-1036-8c7c-971c8480e31b',)'
22:29:56,781 LDAP        (ALL    ): sync from ucs return True
22:29:56,877 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1483369767.780572
22:29:56,878 LDAP        (INFO   ): __sync_file_from_ucs: object was deleted
22:29:56,878 LDAP        (INFO   ): _ignore_object: Do not ignore cn=CLIENT1,cn=Computers,dc=ad,dc=XXXXXX,dc=de
22:29:56,879 LDAP        (INFO   ): _object_mapping: map with key windowscomputer and type ucs
22:29:56,879 LDAP        (INFO   ): _dn_type ucs
22:29:56,879 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key dn:
22:29:56,880 LDAP        (INFO   ): get_object: got object: CN=client1,CN=Computers,DC=ad,DC=XXXXXX,DC=de
22:29:56,880 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
22:29:56,880 LDAP        (INFO   ): samaccount_dn_mapping: premapped S4 object found
22:29:56,880 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key olddn:
22:29:56,881 LDAP        (INFO   ): _ignore_object: Do not ignore cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:56,881 LDAP        (INFO   ): __sync_file_from_ucs: finished mapping
22:29:56,881 LDAP        (INFO   ): sync_from_ucs: sync object: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:56,881 LDAP        (PROCESS): sync from ucs: [windowscomputer] [    delete] cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:56,882 LDAP        (INFO   ): get_object: got object: CN=client1,CN=Computers,DC=ad,DC=XXXXXX,DC=de
22:29:56,882 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
22:29:56,882 LDAP        (INFO   ): LockingDB: Execute SQL command: 'SELECT id FROM S4_LOCK WHERE guid=?;', '('553975f6-a499-41e6-a8d6-785b5036e127',)'
22:29:56,882 LDAP        (INFO   ): LockingDB: Return SQL result: '[]'
22:29:56,882 LDAP        (ALL    ): delete: cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de
22:29:56,882 LDAP        (ALL    ): delete_in_s4: {'dn': u'cn=client1,cn=computers,DC=ad,DC=XXXXXX,DC=de', 'attributes': {u'cn': [u'CLIENT1'], u'krb5PrincipalName': [u'host/CLIENT1.ad.XXXXXX.de@AD.XXXXXX.DE'], u'objectClass': [u'krb5KDCEntry', u'top', u'univentionHost', u'univentionObject', u'sambaSamAccount', u'person', u'shadowAccount', u'univentionWindows', u'krb5Principal', u'posixAccount'], u'uidNumber': [u'9791'], u'sambaAcctFlags': [u'[W          ]'], u'sambaPrimaryGroupSID': [u'S-1-5-21-2531875262-3403481124-1452167080-11011'], 'operatingSystemVersion': [u'6.1 (7601)'], u'entryCSN': [u'20170102150926.772132Z#000000#000#000000'], u'structuralObjectClass': [u'person'], u'krb5MaxLife': [u'86400'], u'uid': [u'CLIENT1$'], u'hasSubordinates': [u'FALSE'], u'creatorsName': [u'cn=admin,dc=ad,dc=XXXXXX,dc=de'], u'univentionServerRole': [u'windows_client'], u'krb5MaxRenew': [u'604800'], u'loginShell': [u'/bin/false'], u'univentionOperatingSystemVersion': [u'6.1 (7601)'], 'sAMAccountName': [u'CLIENT1$'], u'entryUUID': [u'31ef491a-6549-1036-8c7c-971c8480e31b'], u'univentionObjectType': [u'computers/windows'], u'krb5KDCFlags': [u'126'], u'gidNumber': [u'1005'], u'subschemaSubentry': [u'cn=Subschema'], u'entryDN': [u'cn=CLIENT1,cn=computers,dc=ad,dc=XXXXXX,dc=de'], u'modifyTimestamp': [u'20170102150926Z'], u'displayName': [u'CLIENT1'], u'univentionOperatingSystem': [u'Windows 7 Professional'], u'modifiersName': [u'cn=admin,dc=ad,dc=XXXXXX,dc=de'], u'sambaSID': [u'S-1-4-9791'], u'createTimestamp': [u'20170102150926Z'], u'krb5KeyVersionNumber': [u'1'], u'sn': [u'CLIENT1'], u'homeDirectory': [u'/dev/null'], 'operatingSystem': [u'Windows 7 Professional']}, 'modtype': 'delete'}
22:29:56,883 LDAP        (INFO   ): get_object: got object: CN=client1,CN=Computers,DC=ad,DC=XXXXXX,DC=de
22:29:56,883 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
22:29:57,515 LDAP        (INFO   ): update_deleted_cache_after_removal: Save entryUUID 31ef491a-6549-1036-8c7c-971c8480e31b as deleted to UCS deleted cache. ObjectGUUID: 553975f6-a499-41e6-a8d6-785b5036e127
22:29:57,624 LDAP        (INFO   ): sync_from_ucs: unlock UCS entryUUID: 31ef491a-6549-1036-8c7c-971c8480e31b
22:29:57,624 LDAP        (INFO   ): LockingDB: Execute SQL command: 'DELETE FROM UCS_LOCK WHERE uuid = ?;', '('31ef491a-6549-1036-8c7c-971c8480e31b',)'
22:29:57,624 LDAP        (ALL    ): sync from ucs return True

#14

Guten Morgen,

nachdem alles Files abgearbeitet waren musste ich alle Rechner in die Domain rejoinen.
Die Gruppenrichtlininen funktionieren nun aber auch!
Lag also daran das die Computer nicht im Samba zu finden waren.

Besten Dank Thorp-Hansen für die Unterstützung!

Gruß

Deckel