Hi all, have had a few stubborn s4 rejects showing in the log and system diagnostics for a while and would like to take care of them.
Have read through How to deal with s4-connector rejects and tried the delete and resync suggestions. However after deleting the reject entry and trying a re-sync I get the same result again.
Current Reject List:
root@dcm1:/usr/share/univention-s4-connector# univention-s4connector-list-rejected
UCS rejected
S4 rejected
1: S4 DN: DC=@,DC=30.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au
UCS DN: zonename=30.10.in-addr.arpa,cn=dns,dc=<removedrealdomain>,dc=com,dc=au
2: S4 DN: DC=@,DC=40.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au
UCS DN: zonename=40.10.in-addr.arpa,cn=dns,dc=<removedrealdomain>,dc=com,dc=au
3: S4 DN: DC=@,DC=testing.<removedrealdomain>.com.au,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au
UCS DN: zonename=testing.<removedrealdomain>.com.au,cn=dns,dc=<removedrealdomain>,dc=com,dc=au
last synced USN: 772637
Error Logs:
18.06.2018 21:23:43,641 LDAP (PROCESS): sync to ucs: Resync rejected dn: DC=@,DC=30.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au
18.06.2018 21:23:43,644 LDAP (PROCESS): sync to ucs: [ dns] [ modify] zonename=30.10.in-addr.arpa,cn=dns,dc=<removedrealdomain>,dc=com,dc=au
18.06.2018 21:23:43,647 LDAP (ERROR ): Unknown Exception during sync_to_ucs
18.06.2018 21:23:43,647 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1574, in sync_to_ucs
result = self.property[property_type].ucs_sync_function(self, property_type, object)
File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1751, in con2ucs
ucs_zone_create(s4connector, object, dns_type)
File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1505, in ucs_zone_create
zone.modify()
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 582, in modify
dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1221, in _modify
self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response)
File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 828, in modify
raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
ldapError: Type or value exists: nSRecord: value #0 provided more than once
18.06.2018 21:23:43,647 LDAP (PROCESS): sync to ucs: Resync rejected dn: DC=@,DC=40.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au
18.06.2018 21:23:43,651 LDAP (PROCESS): sync to ucs: [ dns] [ modify] zonename=40.10.in-addr.arpa,cn=dns,dc=<removedrealdomain>,dc=com,dc=au
18.06.2018 21:23:43,655 LDAP (ERROR ): Unknown Exception during sync_to_ucs
18.06.2018 21:23:43,655 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1574, in sync_to_ucs
result = self.property[property_type].ucs_sync_function(self, property_type, object)
File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1751, in con2ucs
ucs_zone_create(s4connector, object, dns_type)
File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1505, in ucs_zone_create
zone.modify()
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 582, in modify
dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1221, in _modify
self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response)
File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 828, in modify
raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
ldapError: Type or value exists: nSRecord: value #0 provided more than once
18.06.2018 21:23:43,655 LDAP (PROCESS): sync to ucs: Resync rejected dn: DC=@,DC=testing.<removedrealdomain>.com.au,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au
18.06.2018 21:23:43,658 LDAP (PROCESS): sync to ucs: [ dns] [ modify] zonename=testing.<removedrealdomain>.com.au,cn=dns,dc=<removedrealdomain>This text will be hidden,dc=com,dc=au
18.06.2018 21:23:43,661 LDAP (ERROR ): Unknown Exception during sync_to_ucs
18.06.2018 21:23:43,662 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1574, in sync_to_ucs
result = self.property[property_type].ucs_sync_function(self, property_type, object)
File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1751, in con2ucs
ucs_zone_create(s4connector, object, dns_type)
File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1505, in ucs_zone_create
zone.modify()
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 582, in modify
dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1221, in _modify
self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response)
File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 828, in modify
raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
ldapError: Type or value exists: nSRecord: value #0 provided more than once
search results:
root@dcm1:/var/log/univention# univention-s4search -b "DC=@,DC=testing.<removedrealdomain>.com.au,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au"|s4search-decode
# record 1
dn: DC=@,DC=testing.<removedrealdomain>.com.au,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20160106055240.0Z
uSNCreated: 3906
showInAdvancedViewOnly: TRUE
name: @
objectGUID: 4ac08798-b373-47af-8ff0-ce284e5f130a
objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=<removedrealdomain>,DC=com,DC=au
dc: @
whenChanged: 20170707143636.0Z
uSNChanged: 290719
dnsRecord:: IAACA<snipped>QJhdQA=
# decoded:
# dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord
# wDataLength : 0x0020 (32)
# wType : DNS_TYPE_NS (2)
# version : 0x05 (5)
# rank : DNS_RANK_ZONE (240)
# flags : 0x0000 (0)
# dwSerial : 0x00000001 (1)
# dwTtlSeconds : 0x00000384 (900)
# dwReserved : 0x00000000 (0)
# dwTimeStamp : 0x00000000 (0)
# data : union dnsRecordData(case 2)
# ns : dcm1.<removedrealdomain>.com.au
dnsRecord:: VAAG<snipped>Njb20CYXUA
# decoded:
# dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord
# wDataLength : 0x0054 (84)
# wType : DNS_TYPE_SOA (6)
# version : 0x05 (5)
# rank : DNS_RANK_ZONE (240)
# flags : 0x0000 (0)
# dwSerial : 0x00000001 (1)
# dwTtlSeconds : 0x00002a30 (10800)
# dwReserved : 0x00000000 (0)
# dwTimeStamp : 0x00000000 (0)
# data : union dnsRecordData(case 6)
# soa: struct dnsp_soa
# serial : 0x00000001 (1)
# refresh : 0x00007080 (28800)
# retry : 0x00001c20 (7200)
# expire : 0x00093a80 (604800)
# minimum : 0x00000e10 (3600)
# mname : dcm1.<removedrealdomain>.com.au
# rname : root.<removedrealdomain>.com.au
distinguishedName: DC=@,DC=testing.<removedrealdomain>.com.au,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au
# returned 1 records
# 1 entries
# 0 referrals
root@dcm1:/var/log/univention# univention-ldapsearch -b "zonename=30.10.in-addr.arpa,cn=dns,dc=<removedrealdomain>,dc=com,dc=au"
# extended LDIF
#
# LDAPv3
# base <zonename=30.10.in-addr.arpa,cn=dns,dc=<removedrealdomain>,dc=com,dc=au> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# 30.10.in-addr.arpa, dns, <removedrealdomain>.com.au
dn: zoneName=30.10.in-addr.arpa,cn=dns,dc=<removedrealdomain>,dc=com,dc=au
nSRecord: dcb.<removedrealdomain>.com.au.
nSRecord: dcm1.<removedrealdomain>.com.au.
objectClass: dNSZone
objectClass: top
objectClass: univentionObject
univentionObjectType: dns/reverse_zone
dNSTTL: 10800
relativeDomainName: @
zoneName: 30.10.in-addr.arpa
sOARecord: dcb.<removedrealdomain>.com.au. root.<removedrealdomain>.com.au. 7 28800
7200 604800 86400
# 5.20, 30.10.in-addr.arpa, dns, <removedrealdomain>.com.au
dn: relativeDomainName=5.20,zoneName=30.10.in-addr.arpa,cn=dns,dc=<removedrealdomain>,dc=com,dc=au
objectClass: dNSZone
objectClass: top
objectClass: univentionObject
univentionObjectType: dns/ptr_record
relativeDomainName: 5.20
pTRRecord: cnscopier.<removedrealdomain>.com.au.
zoneName: 30.10.in-addr.arpa
# 7.20, 30.10.in-addr.arpa, dns, <removedrealdomain>.com.au
dn: relativeDomainName=7.20,zoneName=30.10.in-addr.arpa,cn=dns,dc=<removedrealdomain>,dc=com,dc=au
objectClass: dNSZone
objectClass: top
objectClass: univentionObject
univentionObjectType: dns/ptr_record
relativeDomainName: 7.20
pTRRecord: cnswarehouse-340.<removedrealdomain>.com.au.
zoneName: 30.10.in-addr.arpa
# 10.20, 30.10.in-addr.arpa, dns, <removedrealdomain>.com.au
dn: relativeDomainName=10.20,zoneName=30.10.in-addr.arpa,cn=dns,dc=<removedrealdomain>,dc=com,dc=au
objectClass: dNSZone
objectClass: top
objectClass: univentionObject
univentionObjectType: dns/ptr_record
relativeDomainName: 10.20
pTRRecord: cns-copier-c5240.<removedrealdomain>.com.au.
zoneName: 30.10.in-addr.arpa
# 11.20, 30.10.in-addr.arpa, dns, <removedrealdomain>.com.au
dn: relativeDomainName=11.20,zoneName=30.10.in-addr.arpa,cn=dns,dc=<removedrealdomain>,dc=com,dc=au
objectClass: dNSZone
objectClass: top
objectClass: univentionObject
univentionObjectType: dns/ptr_record
relativeDomainName: 11.20
pTRRecord: cns-invoice-lbp251dw.<removedrealdomain>.com.au.
zoneName: 30.10.in-addr.arpa
# search result
search: 3
result: 0 Success
# numResponses: 6
# numEntries: 5
Action tried:
root@dcm1:/usr/share/univention-s4-connector# /usr/share/univention-s4-connector/remove_s4_rejected.py DC=@,DC=testing.<removedrealdomain>.com.au,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au
The rejected S4 object DC=@,DC=testing.<removedrealdomain>.com.au,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au has been removed.
root@dcm1:/usr/share/univention-s4-connector# /usr/share/univention-s4-connector/resync_object_from_s4.py DC=@,DC=testing.<removedrealdomain>.com.au,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au
resync triggered for DC=@,DC=testing.<removedrealdomain>.com.au,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<removedrealdomain>,DC=com,DC=au
Estimated sync in 50 seconds.
The re-sync creates the same log messages regarding “ldapError: Type or value exists: nSRecord: value #0 provided more than once”
Is it because there is two nsRecord entries (dcm1 and dcb) in UCS ldap and only one ns record in samba (dcm1)?
Any ideas on what to try next?