Re: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for domain... after using engine-manage-domains edit

From: "Grzegorz Szypa" <grzegorz.szypa(a)gmail.com&gt; To: "Martin Perina" <mperina(a)redhat.com&gt;, users(a)ovirt.org Sent: Wednesday, September 24, 2014 11:19:27 AM Subject: Re: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for domain... after using engine-manage-domains edit Hi. It's a little strange, because I can easily attach clients (VMs) to the Microsoft AD domain. Only sometimes there are problems with connectivity, but I will solve this in two ways: add the DNS suffix or adds a static primary DNS, which indicates domain. /etc/resolv.conf nameserver 172.30.30.253 # DNS and AD server nameserver 172.30.30.1 # Router - DHCP search szypa.net By the way, is also one strange thing: Every time when I inserted record "nameserver 172.30.30.253" to file "resolv.conf" from time to time the file is overwritten / changed (I have no idea how) and record "nameserver 172.30.30.253" disappears (just as you would in general not been added).

*And in all this is the cause that generates the problem.* *So I think that the problem are solved, but i do not know how to resolve a problem with hidding configuration in /etc/resolv.conf* Regards, *Grzegorz Szypa* 2014-09-24 8:03 GMT+02:00 Martin Perina <mperina(a)redhat.com&gt;: > Hi, > > I looked at the logs and you have serious DNS problems: > > 2014-09-24 07:32:24,984 ERROR > [org.ovirt.engine.core.bll.adbroker.GetRootDSE] > (DefaultQuartzScheduler_Worker-15) Failed to query rootDSE for LDAP server > ldap://szypa.net:389 due to szypa.net:389 > 2014-09-24 07:32:24,984 ERROR > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] > (DefaultQuartzScheduler_Worker-15) Failed ldap search server ldap:// > szypa.net:389 using user ovirt(a)SZYPA.NET due to > javax.naming.CommunicationException: szypa.net:389 [Root exception is > java.net.UnknownHostException: szypa.net]. We should try the next server > > You cannot authenticate your users, because LDAP server ldap:// > szypa.net:389 > cannot be resolved. Are you able to resolve szypa.net on you engine host? > > > > ----- Original Message ----- > > From: "Grzegorz Szypa" <grzegorz.szypa(a)gmail.com&gt; > > To: "Martin Perina" <mperina(a)redhat.com&gt;, users(a)ovirt.org > > Sent: Wednesday, September 24, 2014 7:32:56 AM > > Subject: Re: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for > domain... after using engine-manage-domains edit > > > > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> SRV _kerberos._ > > tcp.szypa.net > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65248 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > > > ;; QUESTION SECTION: > > ;_kerberos._tcp.szypa.net. IN SRV > > > > ;; AUTHORITY SECTION: > > net. 890 IN SOA a.gtld-servers.net. > > nstld.verisign-grs.com. 1411536712 1800 900 604800 86400 > > > > ;; Query time: 28 msec > > ;; SERVER: 172.30.30.1#53(172.30.30.1) > > ;; WHEN: Wed Sep 24 07:32:23 2014 > > ;; MSG SIZE rcvd: 115 > > > This looks like that szypa.net domain doesn't exist at all. Do you really > have > correct DNS configuration on engine host? > > > > > > > 2014-09-24 7:06 GMT+02:00 Martin Perina <mperina(a)redhat.com&gt;: > > > > > Hi, > > > > > > the error message mean, that we cannot find any KDC servers > > > in DNS. Could you please post results of the following command: > > > > > > dig SRV _kerberos._tcp.szypa.net > > > > > > Regarding the errors after oVirt restart, could you please post > > > your engine.log? > > > > > > Thanks > > > > > > Martin Perina > > > > > > > > > ----- Original Message ----- > > > > From: "Grzegorz Szypa" <grzegorz.szypa(a)gmail.com&gt; > > > > To: fkobzik(a)redhat.com, users(a)ovirt.org > > > > Sent: Tuesday, September 23, 2014 3:41:02 PM > > > > Subject: [ovirt-users] [ovirt 3.4.3] No KDC can be obtained for > > > domain... after using engine-manage-domains edit > > > > > > > > Hi. > > > > > > > > I have a problem with losting connetction to Windows Active > Directory. > > > > > > > > Normaly I connect ovirt with AD like this: > > > > > > > > "engine-manage-domains add --domain= szypa.net --provider=ad > > > --user=ovirt > > > > --add-permissions" > > > > > > > > After period time, example when i restart ovirt, connection is lost > > > becouse i > > > > cannot add new user created in AD, so i thinking that i refresh conf. > > > > connection to ad: > > > > > > > > "engine-manage-domains edit --domain= szypa.net --provider=ad > > > --user=ovirt > > > > --add-permissions" > > > > > > > > and i get this error: > > > > > > > > No KDC can be obtained for domain szypa.net > > > > > > > > have any idea? > > > > > > > > I read that this problem is resolved in previous ovirt version > > > > > > > > -- > > > > G.Sz. > > > > > > > > _______________________________________________ > > > > Users mailing list > > > > Users(a)ovirt.org > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > > > > > > > -- > > G.Sz. > > > -- G.Sz.