<div dir="ltr">Hi.<div><br></div><div>It's a little strange, because I can easily attach clients (VMs) to the Microsoft AD domain. Only sometimes there are problems with connectivity, but I will solve this in two ways: add the DNS suffix or adds a static primary DNS, which indicates domain.<br></div><div><br></div><div>/etc/resolv.conf</div><div><div>nameserver 172.30.30.253 # DNS and AD server</div><div>nameserver 172.30.30.1 # Router - DHCP</div><div>search <a href="http://szypa.net">szypa.net</a></div></div><div><br></div><div><div>By the way, is also one strange thing: </div><div><br></div><div>Every time when I inserted record "nameserver 172.30.30.253" to file "resolv.conf" from time to time the file is overwritten / changed (I have no idea how) and record "nameserver 172.30.30.253" disappears (just as you would in general not been added).</div></div><div><br></div><div><b>And in all this is the cause that generates the problem.</b><br></div><div><b><br></b></div><div><b>So I think that the problem are solved, but i do not know how to resolve a problem with hidding configuration in /etc/resolv.conf</b></div><div><br></div><div>Regards,</div><div><br></div><div><b>Grzegorz Szypa</b></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2014-09-24 8:03 GMT+02:00 Martin Perina <span dir="ltr"><<a href="mailto:mperina@redhat.com" target="_blank">mperina@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I looked at the logs and you have serious DNS problems:<br>
<br>
2014-09-24 07:32:24,984 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSE] (DefaultQuartzScheduler_Worker-15) Failed to query rootDSE for LDAP server ldap://<a href="http://szypa.net:389" target="_blank">szypa.net:389</a> due to <a href="http://szypa.net:389" target="_blank">szypa.net:389</a><br>
2014-09-24 07:32:24,984 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (DefaultQuartzScheduler_Worker-15) Failed ldap search server ldap://<a href="http://szypa.net:389" target="_blank">szypa.net:389</a> using user <a href="mailto:ovirt@SZYPA.NET">ovirt@SZYPA.NET</a> due to javax.naming.CommunicationException: <a href="http://szypa.net:389" target="_blank">szypa.net:389</a> [Root exception is java.net.UnknownHostException: <a href="http://szypa.net" target="_blank">szypa.net</a>]. We should try the next server<br>
<br>
You cannot authenticate your users, because LDAP server ldap://<a href="http://szypa.net:389" target="_blank">szypa.net:389</a><br>
cannot be resolved. Are you able to resolve <a href="http://szypa.net" target="_blank">szypa.net</a> on you engine host?<br>
<span class=""><br>
<br>
<br>
----- Original Message -----<br>
> From: "Grzegorz Szypa" <<a href="mailto:grzegorz.szypa@gmail.com">grzegorz.szypa@gmail.com</a>><br>
</span>> To: "Martin Perina" <<a href="mailto:mperina@redhat.com">mperina@redhat.com</a>>, <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>
> Sent: Wednesday, September 24, 2014 7:32:56 AM<br>
> Subject: Re: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for domain... after using engine-manage-domains edit<br>
><br>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> SRV _kerberos._<br>
<span class="">> <a href="http://tcp.szypa.net" target="_blank">tcp.szypa.net</a><br>
> ;; global options: +cmd<br>
> ;; Got answer:<br>
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65248<br>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0<br>
><br>
> ;; QUESTION SECTION:<br>
> ;_kerberos._<a href="http://tcp.szypa.net" target="_blank">tcp.szypa.net</a>. IN SRV<br>
><br>
> ;; AUTHORITY SECTION:<br>
> net. 890 IN SOA <a href="http://a.gtld-servers.net" target="_blank">a.gtld-servers.net</a>.<br>
> <a href="http://nstld.verisign-grs.com" target="_blank">nstld.verisign-grs.com</a>. 1411536712 1800 900 604800 86400<br>
><br>
> ;; Query time: 28 msec<br>
> ;; SERVER: 172.30.30.1#53(172.30.30.1)<br>
> ;; WHEN: Wed Sep 24 07:32:23 2014<br>
> ;; MSG SIZE rcvd: 115<br>
<br>
<br>
</span>This looks like that <a href="http://szypa.net" target="_blank">szypa.net</a> domain doesn't exist at all. Do you really have<br>
correct DNS configuration on engine host?<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
><br>
> 2014-09-24 7:06 GMT+02:00 Martin Perina <<a href="mailto:mperina@redhat.com">mperina@redhat.com</a>>:<br>
><br>
> > Hi,<br>
> ><br>
> > the error message mean, that we cannot find any KDC servers<br>
> > in DNS. Could you please post results of the following command:<br>
> ><br>
> > dig SRV _kerberos._<a href="http://tcp.szypa.net" target="_blank">tcp.szypa.net</a><br>
> ><br>
> > Regarding the errors after oVirt restart, could you please post<br>
> > your engine.log?<br>
> ><br>
> > Thanks<br>
> ><br>
> > Martin Perina<br>
> ><br>
> ><br>
> > ----- Original Message -----<br>
> > > From: "Grzegorz Szypa" <<a href="mailto:grzegorz.szypa@gmail.com">grzegorz.szypa@gmail.com</a>><br>
> > > To: <a href="mailto:fkobzik@redhat.com">fkobzik@redhat.com</a>, <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>
> > > Sent: Tuesday, September 23, 2014 3:41:02 PM<br>
> > > Subject: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for<br>
> > domain... after using engine-manage-domains edit<br>
> > ><br>
> > > Hi.<br>
> > ><br>
> > > I have a problem with losting connetction to Windows Active Directory.<br>
> > ><br>
> > > Normaly I connect ovirt with AD like this:<br>
> > ><br>
> > > "engine-manage-domains add --domain= <a href="http://szypa.net" target="_blank">szypa.net</a> --provider=ad<br>
> > --user=ovirt<br>
> > > --add-permissions"<br>
> > ><br>
> > > After period time, example when i restart ovirt, connection is lost<br>
> > becouse i<br>
> > > cannot add new user created in AD, so i thinking that i refresh conf.<br>
> > > connection to ad:<br>
> > ><br>
> > > "engine-manage-domains edit --domain= <a href="http://szypa.net" target="_blank">szypa.net</a> --provider=ad<br>
> > --user=ovirt<br>
> > > --add-permissions"<br>
> > ><br>
> > > and i get this error:<br>
> > ><br>
> > > No KDC can be obtained for domain <a href="http://szypa.net" target="_blank">szypa.net</a><br>
> > ><br>
> > > have any idea?<br>
> > ><br>
> > > I read that this problem is resolved in previous ovirt version<br>
> > ><br>
> > > --<br>
> > > G.Sz.<br>
> > ><br>
> > > _______________________________________________<br>
> > > Users mailing list<br>
> > > <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
> > > <a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
> > ><br>
> ><br>
><br>
><br>
><br>
> --<br>
> G.Sz.<br>
><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div>G.Sz.</div></div>
</div>