Windows Users not able to Join Univention 4.4.1

bhagwat · August 21, 2019, 10:48am

Hi

I am not able to join my windows clients to UCS 4.4.1 . Facing this issue after a successful AD takeover from windows server 2008
Getting below error with running check_essential_samba4_dns_records.sh

root@ucs-dc:/usr/share/univention-samba4/scripts# /usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
Host gc._msdcs.tekz.com not found: 3(NXDOMAIN)
_gc._tcp.tekz.com has SRV record 0 100 3268 ucs-dc.tekz.com.
Host _ldap._tcp.gc._msdcs.tekz.com not found: 3(NXDOMAIN)
_ldap._tcp.tekz.com has SRV record 0 100 389 ucs-dc.tekz.com.
Host _ldap._tcp.dc._msdcs.tekz.com not found: 3(NXDOMAIN)
Host _ldap._tcp.pdc._msdcs.tekz.com not found: 3(NXDOMAIN)
Host _ldap._tcp.da244988-e47a-4a32-95e0-bfc0c35fa0b3.domains._msdcs.tekz.com not found: 3(NXDOMAIN)
Host _kerberos._tcp.dc._msdcs.tekz.com not found: 3(NXDOMAIN)
_kerberos._tcp.tekz.com has SRV record 0 100 88 ucs-dc.tekz.com.
_kerberos._udp.tekz.com has SRV record 0 100 88 ucs-dc.tekz.com.
_kpasswd._tcp.tekz.com has SRV record 0 100 464 ucs-dc.tekz.com.
_kpasswd._udp.tekz.com has SRV record 0 100 464 ucs-dc.tekz.com.
Located DC ‘ucs-dc’ in site ‘Default-First-Site-Name’
Host 27883525-dbdd-4d68-bc46-10d1ace1d760._msdcs.tekz.com not found: 3(NXDOMAIN)

Records for site Default-First-Site-Name:

_ldap._tcp.Default-First-Site-Name._sites.tekz.com has SRV record 0 100 389 ucs-dc.tekz.com.
Host _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tekz.com not found: 3(NXDOMAIN)
_kerberos._tcp.Default-First-Site-Name._sites.tekz.com has SRV record 0 100 88 ucs-dc.tekz.com.
Host _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tekz.com not found: 3(NXDOMAIN)

Optional GC Records for site Default-First-Site-Name:

_gc._tcp.Default-First-Site-Name._sites.tekz.com has SRV record 0 100 3268 ucs-dc.tekz.com.
Host _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tekz.com not found: 3(NXDOMAIN)
_kerberos.tekz.com descriptive text “tekz.com”

bhagwat · August 22, 2019, 3:52am

I have tried reprovising samba4 with help of url(Re-Provisioning Samba4 on a DC Master) & the issue related with dns records is resolved but I am getting new errors with s4-connector logs now.

LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/s4/1484053706.869078
LDAP (PROCESS): sync from ucs: [ user] [ modify] CN=testuser,CN=Users,DC=tekz,DC=com
LDAP (PROCESS): Unable to sync CN=testuser,CN=Uers,DC=tekz,DC=com (GUID: 487f3cb8-7cc0-4919-b132-771300a5bf91). The object is currently locked.

Tried to fix the above errors with url Resolving S4 Connector Message: "The object is currently locked" but no luck

Any suggestions ?

bhagwat · August 23, 2019, 5:30pm

Also error with univention-check-join-status

ERROR: dns-ucs-dc account not found in local samba

ERROR: Failed to create DNS spn account. *

   Please check the samba and the s4-connector logfile.*

bhagwat · September 9, 2019, 7:17am

Hi

I have found a fix for this issue. Marking as closed

SirTux · September 14, 2019, 9:34pm

And what is the fix?

bhagwat · September 17, 2019, 5:43am

Hi

This was resolved following Problem: Join Gives Error or Users Can Not Login Sometimes