did not work, i checked it already. its a mess
Die DNS-Abfrage über den Ressourceneintrag der Dienstidentifizierung (SRV), der zur Suche eines Domänencontrollers für die Domäne “AD.domain.DE” verwendet wird, wurde erfolgreich abgeschlossen:
Es handelt sich um die Abfrage des SRV-Eintrags für _ldap._tcp.dc._msdcs.AD.domain.DE.
Die folgenden Domänencontroller wurden von der Abfrage identifiziert:
nsdc-sbs.ad.domain.de
Es konnte jedoch keine Verbindung mit Domänencontrollern hergestellt werden.
Die häufigsten Ursachen dieses Fehlers sind:
-
Hosteinträge (A oder AAAA), die die Namen der Domänencontroller deren IP-Adressen zuordnen, fehlen oder enthalten nicht die richtigen Adressen.
-
Die in DNS registrierten Domänencontroller verfügen nicht über eine Netzwerkverbindung oder werden nicht ausgeführt.
this es the error by tryin to rejoin
I translated the text, so everybody can understand it:
The DNS query using the Service Location (SRV) resource record used to locate a domain controller for the domain “AD.domain.DE” completed successfully:
This query is for the SRV record for _ldap._tcp.dc._msdcs.AD.domain.DE.
The following domain controllers were identified by the query:
nsdc-sbs.ad.domain.de
However, no contact could be made to any domain controllers.
The most common causes of this error are:
Host records (A or AAAA) that map domain controller names to their IP addresses are missing or do not contain the correct addresses.
The domain controllers registered in DNS do not have a network connection or are not running.
From the error it seems nsdc-sbs.ad.domain.de is not reachable.
Is the samba-dc running?
runagent -m samba1 podman ps
Does the following work from the client?
nslookup nsdc-sbs.ad.domain.de.
If not, add a DNS entry for it pointing to your NS8.
C:\Users\nslookup nsdc-sbs.ad.domain.de
Server: UnKnown
Address: 192.168.100.206
Name: nsdc-sbs.ad.domain.de
Addresses: fde7:6081:def4:0:582b:44ff:fef3:419e
192.168.100.206
client is just pointed to the sama ns8 server as dns entry
Let’s check the configured DNS servers on the Win client:
ipconfig /all | findstr "DNS"
Maybe it helps to disable IPv6 on the Windows client, see also IPv6: How To Disable - GROK Knowledge Base
\Users\ipconfig /all | findstr “DNS”
Primäres DNS-Suffix . . . . . . . :
DNS-Suffixsuchliste . . . . . . . : domain.de
Verbindungsspezifisches DNS-Suffix:
Verbindungsspezifisches DNS-Suffix: domain.de
DNS-Server . . . . . . . . . . . : 192.168.100.206
Verbindungsspezifisches DNS-Suffix:
Verbindungsspezifisches DNS-Suffix:
i deaktivated ip 6
C:\Users\Rainer>nslookup
Standardserver: UnKnown
Address: 192.168.100.206
set type=all
_ldap._tcp.dc._msdcs.ad.domain.de
Server: UnKnown
Address: 192.168.100.206
_ldap._tcp.dc._msdcs.ad.domain.de SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = nsdc-sbs.ad.domain.de
_msdcs.ad.domain.de
primary name server = nsdc-sbs.ad.domain.de
responsible mail addr = hostmaster.ad.domain.de
serial = 1
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
Please also check if you changed the DNS-Suffix manually as you have some empty DNS suffix entries.
Are there more network interfaces on the client? Maybe it helps to just enable the one that’s used to connect to NS8 samba…
one is a wifi the other one the tap entry vor vpn, i really dont understand that it is soooooo fu… hard to join a domain, really… it should work out of the box. the wifi is never been connected somewhere and the vpn is not reacheable the server with this dns entry just pointing to the NS8
i realley dont want to understand it right now, i just need my profile from the domain account back to work some important things and THIS domain controller stuff in NS8 is really a problem
ldapservice] [S-1-5-21-3128899315-2223916357-1725501622-1103]. local host [ipv4:192.168.100.206:636]
2025-04-22T12:15:29+02:00 [1:samba1:samba-dc] TLS source4/lib/tls/tls_tstream.c:1449 - Decryption has failed.
2025-04-22T12:15:29+02:00 [1:samba1:samba-dc] TLS source4/lib/tls/tls_tstream.c:1449 - Decryption has failed.
2025-04-22T12:15:29+02:00 [1:samba1:samba-dc] TLS source4/lib/tls/tls_tstream.c:1449 - Decryption has failed. found this in the logs, is this maybe helpful?
The decrypt error can be ignored.
Which Windows version is used on the client?
it is absoluteley a real mess with this domain controller… i have no words. and i know how helpful u are mrmarkus but i realy lost my trust in this all. so many problems
at the Moment i lost my hope to get it work again… it is a very bad situation for me and also as it was in the beginning with the domain controller, only problems and no possibility how to fix it… desperated right now
Sorry to read that. NS8 uses plain vanilla samba and it seems to work generally as there were no other join issues in the forum: Search results for 'join order:latest' - NethServer Community
So I’m convinced the issue can be fixed.
I’m going to test it using Win 24H2 and report…
Do you still use the NS8 itself as DNS server in /etc/resolv.conf on the NS8? Please correct it to just use 1 DNS server that’s not the NS8 itself.
1 Like
Suggestion from me. If you are using a Proxmox server, then install a virgin WIN11 24H2 on it and try to join the domain.
1 Like
got it run again, i switched off the Windows Firewall then the connection was possible.
2 Likes