UCS 4.1.4: DNS system does not update the client's IP address and PTR record

Moritz_Bunkus · January 31, 2018, 11:02am

Hey,

oh duh, I actually wanted to paste different search queries. But never mind.

The output looks sane so far.

I’m somewhat at a loss at the moment, but let’s try to dig deeper. Please have a look at the file /etc/univention/connector/s4/mapping.py on your DC Master. It should contain a section about synchronizing DNS entries that starts like this:

        'dns': univention.s4connector.property (

Please paste that whole section (the next one is the one with msGPO). Thanks.

Kind regards,
mosu

Moritz_Bunkus · January 31, 2018, 11:06am

Additionally: please have a look at the log file /var/log/univention/connector-s4.log. Whenever a Windows computer updates its IP address (via the aforementioned samba_dlz module), lines similar to this should occur:

31.01.2018 08:23:22,114 LDAP        (PROCESS): sync to ucs:   [windowscomputer] [    modify] cn=kheldar,cn=computers,dc=int,dc=mbu-test,dc=intranet
31.01.2018 08:23:22,163 LDAP        (PROCESS): sync to ucs:   [           dns] [    modify] relativedomainname=kheldar,zonename=mbu-test.intranet,cn=dns,dc=int,dc=mbu-test,dc=intranet
31.01.2018 08:23:22,168 LDAP        (PROCESS): sync to ucs:   [           dns] [    modify] zonename=mbu-test.intranet,cn=dns,dc=int,dc=mbu-test,dc=intranet
31.01.2018 08:23:28,222 LDAP        (PROCESS): sync from ucs: [           dns] [    modify] dc=@,dc=mbu-test.intranet,cn=microsoftdns,dc=domaindnszones,DC=int,dc=mbu-test,dc=intranet
31.01.2018 08:23:29,327 LDAP        (PROCESS): sync to ucs:   [           dns] [    modify] zonename=mbu-test.intranet,cn=dns,dc=int,dc=mbu-test,dc=intranet
31.01.2018 08:23:29,333 LDAP        (PROCESS): sync to ucs:   [           dns] [       add] relativeDomainName=@._msdcs,zoneName=mbu-test.intranet,cn=dns,dc=int,dc=mbu-test,dc=intranet

Can you please look for similar entries and paste them here? Maybe there are some kind of error messages.

Last but not least: does the command univention-s4connector-list-rejected list any rejects?

Kind regards,
mosu

nasexp · February 2, 2018, 8:32am

Hi @Moritz_Bunkus
Below is the content of section dns as your request:

        'dns': univention.s4connector.property (
                        ucs_default_dn='cn=dns,dc=mycompany,dc=xxx',
                        con_default_dn='CN=MicrosoftDNS,DC=DomainDnsZones,DC=MYCOMPANY,DC=XXX',
                        ucs_module='dns/dns',

                        identify=univention.s4connector.s4.dns.identify,
                        sync_mode='sync',

                        scope='sub',

                        con_search_filter='(|(objectClass=dnsNode)(objectClass=dnsZone))',

                        dn_mapping_function=[ univention.s4connector.s4.dns.dns_dn_mapping ],

                        ignore_filter='(|(DC=_ldap._tcp.Default-First-Site-Name._site))',
                        ignore_subtree = global_ignore_subtree,

                        con_sync_function = univention.s4connector.s4.dns.ucs2con,
                        ucs_sync_function = univention.s4connector.s4.dns.con2ucs,

                ),

        'msGPO': univention.s4connector.property (
                        ucs_module='container/msgpo',

nasexp · February 2, 2018, 8:41am

One more thing, I’ve changed the Default First Site name when configuring via RSAT on Windows computer, below is the result of check dns record command:

root@hq-dc1:~# samba-tool drs showrepl | more
HeadOffice\HQ-DC1
DSA Options: 0x00000001
DSA object GUID: 4d041a2c-6e12-43ba-a29b-bfddc18a4d9d
DSA invocationId: ac32b280-d8a3-48ff-975d-9964e018a352

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=mycompany,DC=xxx
        HeadOffice\HQ-DC2 via RPC
                DSA object GUID: a9187536-0d63-465b-9866-54a37bfbc494
                Last attempt @ Fri Feb  2 15:31:07 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:07 2018 ICT

DC=ForestDnsZones,DC=mycompany,DC=xxx
        CNMB\CNMB-DC1 via RPC
                DSA object GUID: 7d886dc9-7df1-44a1-886a-3967de5867f0
                Last attempt @ Fri Feb  2 15:31:07 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:07 2018 ICT

DC=ForestDnsZones,DC=mycompany,DC=xxx
        CNMN\CNMN-DC02 via RPC
                DSA object GUID: 9cf7cf92-83ad-431e-8177-41d7f88e409d
                Last attempt @ Fri Feb  2 15:31:07 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:07 2018 ICT

DC=ForestDnsZones,DC=mycompany,DC=xxx
        CNMT\CNMT-DC02 via RPC
                DSA object GUID: 8e7f7bc5-8c7f-460b-a1b9-3075c9dd3e12
                Last attempt @ Fri Feb  2 15:31:07 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:07 2018 ICT

DC=DomainDnsZones,DC=mycompany,DC=xxx
        HeadOffice\HQ-DC2 via RPC
                DSA object GUID: a9187536-0d63-465b-9866-54a37bfbc494
                Last attempt @ Fri Feb  2 15:35:21 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:35:21 2018 ICT

DC=DomainDnsZones,DC=mycompany,DC=xxx
        CNMB\CNMB-DC1 via RPC
                DSA object GUID: 7d886dc9-7df1-44a1-886a-3967de5867f0
                Last attempt @ Fri Feb  2 15:35:11 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:35:11 2018 ICT

DC=DomainDnsZones,DC=mycompany,DC=xxx
        CNMN\CNMN-DC02 via RPC
                DSA object GUID: 9cf7cf92-83ad-431e-8177-41d7f88e409d
                Last attempt @ Fri Feb  2 15:35:12 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:35:12 2018 ICT

DC=DomainDnsZones,DC=mycompany,DC=xxx
        CNMT\CNMT-DC02 via RPC
                DSA object GUID: 8e7f7bc5-8c7f-460b-a1b9-3075c9dd3e12
                Last attempt @ Fri Feb  2 15:35:12 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:35:12 2018 ICT

DC=mycompany,DC=xxx
        HeadOffice\HQ-DC2 via RPC
                DSA object GUID: a9187536-0d63-465b-9866-54a37bfbc494
                Last attempt @ Fri Feb  2 15:31:08 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:08 2018 ICT

DC=mycompany,DC=xxx
        CNMB\CNMB-DC1 via RPC
                DSA object GUID: 7d886dc9-7df1-44a1-886a-3967de5867f0
                Last attempt @ Fri Feb  2 15:31:08 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:08 2018 ICT

DC=mycompany,DC=xxx
        CNMN\CNMN-DC02 via RPC
                DSA object GUID: 9cf7cf92-83ad-431e-8177-41d7f88e409d
                Last attempt @ Fri Feb  2 15:31:08 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:08 2018 ICT

DC=mycompany,DC=xxx
        CNMT\CNMT-DC02 via RPC
                DSA object GUID: 8e7f7bc5-8c7f-460b-a1b9-3075c9dd3e12
                Last attempt @ Fri Feb  2 15:31:08 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:08 2018 ICT

CN=Schema,CN=Configuration,DC=mycompany,DC=xxx
        HeadOffice\HQ-DC2 via RPC
                DSA object GUID: a9187536-0d63-465b-9866-54a37bfbc494
                Last attempt @ Fri Feb  2 15:31:08 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:08 2018 ICT

CN=Schema,CN=Configuration,DC=mycompany,DC=xxx
        CNMB\CNMB-DC1 via RPC
                DSA object GUID: 7d886dc9-7df1-44a1-886a-3967de5867f0
                Last attempt @ Fri Feb  2 15:31:08 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:08 2018 ICT

CN=Schema,CN=Configuration,DC=mycompany,DC=xxx
        CNMN\CNMN-DC02 via RPC
                DSA object GUID: 9cf7cf92-83ad-431e-8177-41d7f88e409d
                Last attempt @ Fri Feb  2 15:31:09 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:09 2018 ICT

CN=Schema,CN=Configuration,DC=mycompany,DC=xxx
        CNMT\CNMT-DC02 via RPC
                DSA object GUID: 8e7f7bc5-8c7f-460b-a1b9-3075c9dd3e12
                Last attempt @ Fri Feb  2 15:31:09 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:09 2018 ICT

CN=Configuration,DC=mycompany,DC=xxx
        HeadOffice\HQ-DC2 via RPC
                DSA object GUID: a9187536-0d63-465b-9866-54a37bfbc494
                Last attempt @ Fri Feb  2 15:31:09 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:09 2018 ICT

CN=Configuration,DC=mycompany,DC=xxx
        CNMB\CNMB-DC1 via RPC
                DSA object GUID: 7d886dc9-7df1-44a1-886a-3967de5867f0
                Last attempt @ Fri Feb  2 15:31:09 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:09 2018 ICT

CN=Configuration,DC=mycompany,DC=xxx
        CNMN\CNMN-DC02 via RPC
                DSA object GUID: 9cf7cf92-83ad-431e-8177-41d7f88e409d
                Last attempt @ Fri Feb  2 15:31:09 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:09 2018 ICT

CN=Configuration,DC=mycompany,DC=xxx
        CNMT\CNMT-DC02 via RPC
                DSA object GUID: 8e7f7bc5-8c7f-460b-a1b9-3075c9dd3e12
                Last attempt @ Fri Feb  2 15:31:09 2018 ICT was successful
                0 consecutive failure(s).
                Last success @ Fri Feb  2 15:31:09 2018 ICT

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=mycompany,DC=xxx
        CNMB\CNMB-DC1 via RPC
                DSA object GUID: 7d886dc9-7df1-44a1-886a-3967de5867f0
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=mycompany,DC=xxx
        CNMN\CNMN-DC02 via RPC
                DSA object GUID: 9cf7cf92-83ad-431e-8177-41d7f88e409d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=mycompany,DC=xxx
        HeadOffice\HQ-DC2 via RPC
                DSA object GUID: a9187536-0d63-465b-9866-54a37bfbc494
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=mycompany,DC=xxx
        CNMT\CNMT-DC02 via RPC
                DSA object GUID: 8e7f7bc5-8c7f-460b-a1b9-3075c9dd3e12
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=mycompany,DC=xxx
        HeadOffice\HQ-DC2 via RPC
                DSA object GUID: a9187536-0d63-465b-9866-54a37bfbc494
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=mycompany,DC=xxx
        CNMB\CNMB-DC1 via RPC
                DSA object GUID: 7d886dc9-7df1-44a1-886a-3967de5867f0
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=mycompany,DC=xxx
        CNMT\CNMT-DC02 via RPC
                DSA object GUID: 8e7f7bc5-8c7f-460b-a1b9-3075c9dd3e12
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=mycompany,DC=xxx
        CNMN\CNMN-DC02 via RPC
                DSA object GUID: 9cf7cf92-83ad-431e-8177-41d7f88e409d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=mycompany,DC=xxx
        CNMB\CNMB-DC1 via RPC
                DSA object GUID: 7d886dc9-7df1-44a1-886a-3967de5867f0
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=mycompany,DC=xxx
        CNMN\CNMN-DC02 via RPC
                DSA object GUID: 9cf7cf92-83ad-431e-8177-41d7f88e409d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=mycompany,DC=xxx
        HeadOffice\HQ-DC2 via RPC
                DSA object GUID: a9187536-0d63-465b-9866-54a37bfbc494
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=mycompany,DC=xxx
        CNMT\CNMT-DC02 via RPC
                DSA object GUID: 8e7f7bc5-8c7f-460b-a1b9-3075c9dd3e12
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=mycompany,DC=xxx
        CNMB\CNMB-DC1 via RPC
                DSA object GUID: 7d886dc9-7df1-44a1-886a-3967de5867f0
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=mycompany,DC=xxx
        CNMN\CNMN-DC02 via RPC
                DSA object GUID: 9cf7cf92-83ad-431e-8177-41d7f88e409d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=mycompany,DC=xxx
        HeadOffice\HQ-DC2 via RPC
                DSA object GUID: a9187536-0d63-465b-9866-54a37bfbc494
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=mycompany,DC=xxx
        CNMT\CNMT-DC02 via RPC
                DSA object GUID: 8e7f7bc5-8c7f-460b-a1b9-3075c9dd3e12
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=mycompany,DC=xxx
        CNMB\CNMB-DC1 via RPC
                DSA object GUID: 7d886dc9-7df1-44a1-886a-3967de5867f0
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=mycompany,DC=xxx
        CNMN\CNMN-DC02 via RPC
                DSA object GUID: 9cf7cf92-83ad-431e-8177-41d7f88e409d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=mycompany,DC=xxx
        HeadOffice\HQ-DC2 via RPC
                DSA object GUID: a9187536-0d63-465b-9866-54a37bfbc494
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=mycompany,DC=xxx
        CNMT\CNMT-DC02 via RPC
                DSA object GUID: 8e7f7bc5-8c7f-460b-a1b9-3075c9dd3e12
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 02e5eb0e-9601-4fd9-a55c-b7c9aaadd5b7
        Enabled        : TRUE
        Server DNS name : cnmb-dc1.mycompany.xxx
        Server DN name  : CN=NTDS Settings,CN=CNMB-DC1,CN=Servers,CN=CNMB,CN=Sites,CN=Configuration,DC=mycompany,DC=xxx
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
        Connection name: 6f6927bc-5887-450f-96ef-fa6274a9784e
        Enabled        : TRUE
        Server DNS name : cnmt-dc02.mycompany.xxx
        Server DN name  : CN=NTDS Settings,CN=CNMT-DC02,CN=Servers,CN=CNMT,CN=Sites,CN=Configuration,DC=mycompany,DC=xxx
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
        Connection name: a999e0cf-5e24-4c3a-ac25-dda773c85a8e
        Enabled        : TRUE
        Server DNS name : cnmn-dc02.mycompany.xxx
        Server DN name  : CN=NTDS Settings,CN=CNMN-DC02,CN=Servers,CN=CNMN,CN=Sites,CN=Configuration,DC=mycompany,DC=xxx
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
        Connection name: ec882737-8ecd-4192-928a-17286234c298
        Enabled        : TRUE
        Server DNS name : hq-dc2.mycompany.xxx
        Server DN name  : CN=NTDS Settings,CN=HQ-DC2,CN=Servers,CN=HeadOffice,CN=Sites,CN=Configuration,DC=mycompany,DC=xxx
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!

richie1985 · February 2, 2018, 8:51am

i have the same problem:

root@ucs:/var/cache/bind# univention-s4connector-list-rejected

UCS rejected


S4 rejected

    1:    S4 DN: DC=@,DC=gr.gc,CN=MicrosoftDNS,DC=DomainDnsZones,DC=gr,DC=gc
         UCS DN: zonename=gr.gc,cn=dns,dc=gr,dc=gc

        last synced USN: 402017

Moritz_Bunkus · February 2, 2018, 4:22pm

Does this article help? Windows 7 reverse lookup dns registration

nasexp · February 4, 2018, 7:54am

OMG it did the trick
Thank you so much @Moritz_Bunkus

Moritz_Bunkus · February 4, 2018, 11:36am

Great!

I don’t deserve the praise in this case, though; I would never have thought of that myself if Stefan Gohmann hadn’t posted that link in a related topic a couple of days ago.