Attaching CentOS to domain yields "DNS update failed: NT_STATUS_UNSUCCESSFUL"

domain-name-system windows-server-2008 samba centos7
6,812

If the member you are joining already has a record created in the Windows DNS server (because you did it when you first built the machine or whatever), and the DNS server is AD-integrated, you will usually see this message.

This is because Windows DNS by default requires secure dynamic updates when it is integrated to AD. This effectively applies some NTFS-style permissions to each DNS record. Normally when a machine is joined, it dynamically creates its DNS record with its own machine account as the owner and suitable permissions. These permissions allow updates from only that machine (and admins), so prevent other machines modifying the record via the dynamic update mechanism.

When you pre-create the record, you create a record where only the administrator/server has permission to change it and the machine-specific permission is missing (the machine account doesn't even exist at this point). When Samba completes the join, it goes to register the hostname in DNS and finds it can't as it has no permission.

Long story short, you can usually ignore the message if you have already created the A record.

Share:
6,812

Related videos on Youtube

Christopher Hostage
Author by

Christopher Hostage

Updated on September 18, 2022

Comments

  • Christopher Hostage
    Christopher Hostage over 1 year

    I'm getting the following error attaching a new CentOS 7 machine to a Windows domain.

    [root@centos samba]# net ads join -U administrator
Enter administrator's password:
Using short domain name -- SUBDOMAIN
Joined 'centos' to dns domain 'SUBDOMAIN.FULLDOMAIN.com'
DNS update failed: NT_STATUS_UNSUCCESSFUL

    In the link below it's suggested to "verify if dynamic DNS updates are working on your Samba domain controller". How do I do that on Windows Server 2008?

    https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED

    • Mintra
      Mintra over 6 years
      Does the CentOS server you are adding already have a record created for it in DNS (i.e. manually)?
    • Christopher Hostage
      Christopher Hostage over 6 years
      Thanks for the assist, but we went with another solution. It did have the DNS record, in any case.
    • Mintra
      Mintra over 6 years
      Thought so - that can cause this message. I'll post an answer for reference even though you already worked around.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Possible DNS issue when using yum: "Could not resolve host: (every mirror); Unknown error" Centos 7
MSDCS zone missing
What's wrong with my reverse lookup zone?
DcDiag: "Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration)" meaning?
Destination host unreachable - Windows Server 2008
Can't add client machine to windows server 2008 domain controller
Delete Corrupt AD Integrated DNS Zone
local domain DNS vs global DNS setup
Wrong IP address registering in DNS
Unable to register a client to domain