Force acs v.5 to join domain with a certain Domain Controller

    Hi everybody,
I try to join an ACS v. 5.3 to the domain.  For my acs in Location A, I can join without problems using my account. When I try to join the ACS in location B to the same domain with the same account, it doesnt work.
I looked at the debug log files for the ad client, and noticed, that the ACS in location B goes to a certain Domain Controller. However, I would have expected the ACS to contact another DC, which is located on  the same location as the ACS ... this doesnt happen.
My question:  How does the ACS determine what DC to contact ? Is it possible to force the AC to join by connecting a certain DC ?
Thanks for any help or ideas ?!?
Ida              

Hi,
Please check your sites and services in your DNS configuration to see if the right Domain controllers are being sent to the ACS when it attempts to connect to the domain. This feature is critical and will optimize the connections that the ACS chooses in order to join the domain.
The way this works is that ACS attempts to resolve some dns records for global catalog servers and domain controllers to the dns server configured in the initial installation script. Then the dns makes a decision based on the source ip address of the dns query and thinks that the ACS is at a specific site and returns the result of which DCs and GCs are configured in that specific site.
let me know if that helps.
Tarik Admani
*Please rate helpful posts*

Similar Messages

  • Windows Domain Controller certificate for non domain clients

    Hi,
    Is it possible that we can export windows domain certificate and use it for non domain computers without joining domain, so that they can communicate each others without joining domain controller?
    Regards

    Hi,
    Is it possible that we can export windows domain certificate and use it for non domain computers without joining domain, so that they can communicate each others without joining domain controller?
    Not sure that what you want to achieve here.
    However, yes, it is possible to export certificates (with private keys) from domain machines then import them to non-domain machines, and some certificates can even function well based on key usages. Please note that Domain Controller certificates are only
    meaningful to Domain Controllers. Possession of domain certificates doesn’t indicate machines are part of domain.
    Without joining a machine to a domain (or without a trust), the machine is always treated as untrusted by the domain members no matter what kind of certificates it holds.
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Join acs express to active directory domain

    i have a problem joining acs express active directory domain , both are reachable to each other in the same subnet & no firewalls between them , but when i test the connectivity it gives this error:
    " required service unavailable. DNS is setup correctly , and the domain controller is reachable , however , one of the required services, such as ldap,kerberos, or global catalog service is not available. This issue may arise if there is a firewall between AD domain controller, and the ACS Express appliance"

    It is sounds like a bug CSCsw29387 Join AD domain, with one DC down fails. If the ACS Express is trying to join an AD domain in a multi domain controller environment and one of the domain controllers is down, the ACS Express will fail to join the domain.

  • What does acs 4.1 appliance join a domain????

    Hi all!
    I'm first do acs 4.1, i have a problem as What does acs 4.1 appliance join a domain????
    I lab with acs 4.1 on window server 2003 is ok, but when work with acs 4.1 appliance, i don't know join domain for this appliance so not use window database
    I want setup window database but not successful
    Please help me !!!!!!!
    thanks very much

    Hi,
    Use ACS appliance remote agent:
    ACS SE remote agent installation guide:
    http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp41/rase41/index.htm
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/installation/guide/remote_agent/ra.html
    ACS SE RA:
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/LgsRpts.html#wp638135

  • 802.1x and Windows Domain Controller with ACS

    Wow, I am having a tough time getting my ACS and the Domain controller to work with 802.1x PEAP. Can somebody explane to me how to set up the domain controller (Active directry) to get a PEAP cert? Some other questions. If I am using PEAP and 802.1x how does my computer get a cert. from the CA if the port is disabled by 802.1x? And How do I set up my domain controller to work with ACS to authenticate users. I have been beating my self to death to figure this out. Any help would be ausome. I am really stuck on trying to make this work.
    Thanks a ton in advance
    Justin

    I as a Cisco customer would like to see answers to our questions based on some real world experience or something you've noticed in a lab environment.
    By simply posting links is not very helpful. The reason most of us come to this site and post our questions, is because we already went to the Cisco website and found the explanation to be vague. In the future, please post answers to our question, intead of referring us to a link.
    Thank you,
    John...

  • ACS 4.0 to NT Domain with NTLMv2 problem.

    I am trying to authenticate users from a VPN Concentrator (3030) to our NT Domain. We are not running AD yet but we are required to use NTLMv2 authentication on the Domain.
    I want to use ACS4.0 to authenticate Radius w/Expiry from the VPN concentrator and let ACS handle the NTLMv2 part.
    In ACS I have defined my Domain in the External Users Database, I have defined the Unknown User Policy to use the Windows Database, and I have defined the Group Mapping to point to the default group.
    When I run the Authentication test from the VPN setup screen I get a failed request.
    In the CSAuth log I am getting:
    AUTH 02/16/2006 15:13:42 E 0376 1572 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)
    AUTH 02/16/2006 15:13:42 E 0376 1572 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)
    With NTLMv2 turned off and running ACS 3.2 this setup is working (My production network) My only reason for upgrading to ACS4.0 was the NTLMv2 portion.
    Does anyone have any advise? thanks!

    Please make sure you read this Field Notice:
    http://www-tac.cisco.com/Support_Library/field_alerts/fn62167.html
    Note that, despite the Windows URL mentioning only 2003 server, the 2000 server also supports NTLMv2. Therefore, the following scenarios apply:
    - DC on Win 2003 SP1 - don't require any hotfix since it's included in SP1
    - DC on Win 2000 SP4 - don't require any hotfix since it's included in SP4
    - DC on Win 2003 - require hotfix KB893318

  • ACS 4.1 support with Windows Server 2012 Domain controller

    I am upgrading my Domain Controller / Active Directory from Windows Server 2003 to Windows Server 2012.
    In my environment, I am using Cisco ACS 4.1 which is integrated with Windows Server 2003 Active Directory.
    Will ACS4.1 will work fine with my new domain controller (Windows server 2012) or I need to upgrade my ACS too?
    Regards,
    Junaid

    Junaid,
    ACS 4.x code doesn't even support Windows 2008 R2. Your best bet is to migrate the ACS from 4.x to ACS 5.4 Patch 2 or stay with windows 2003 or 2008 (Non-R2).
    ACS 5.4 patch 2 supports Windows 2012 AD.
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/release/notes/acs_54_rn.html
    Regards,
    Jatin
    **Do rate helpful posts**

  • ACS 5.4 AD Join strange Issue

    Hi,
    We have two ACS boxes with the same software version (5.4.0.46.0a), we were able to join domain one ACS only and other ACS is given the attached error.
    When we checked "main-acs-01/admin# acs troubleshoot adcheck <domain-name>, it gave the same error for both ACS, however one ACS successfully joined to the domain and still other one failed.
    main-acs-01/admin# acs troubleshoot adcheck <domain-name
    This command is only for advanced troubleshooting and may incur a lot of network traffic
    Do you want to continue?  (yes/no) yes
    OSCHK    : Verify that this is a supported OS                          : Pass
    PATCH    : Linux patch check                                           : Pass
    PERL     : Verify perl is present and is a good version                : Pass
    SAMBA    : Inspecting Samba installation                               : Pass
    SPACECHK : Check if there is enough disk space in /var /usr /tmp       : Pass
    HOSTNAME : Verify hostname setting                                     : Pass
    NSHOSTS  : Check hosts line in /etc/nsswitch.conf                      : Pass
    DNSPROBE : Probe DNS server 172.24.1.1                                 : Pass
    DNSPROBE : Probe DNS server 172.24.1.2                                 : Pass
    DNSCHECK : Analyze basic health of DNS servers                         : Pass
    WHATSSH  : Is this an SSH that DirectControl works well with           : Pass
    SSH      : SSHD version and configuration                              : Note
             : You are running OpenSSH_5.3p1, CiscoSSL 0.9.8r.1.3.
    DOMNAME  : Check that the domain name is reasonable                    : Pass
    ADDC     : Find domain controllers in DNS                              : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                     : Pass
    ADPORT   : Port scan of DC xxxx.<domain-name>                      : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                    : Pass
    ADPORT   : Port scan of DC xxxx.<domain-name>                     : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                     : Failed
             : Cannot resolve the IP address for xxxx.hmc.org.qa.
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                     : Pass
    ADPORT   : Port scan of DC xxxx.<domain-name>                      : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                  : Pass
    ADPORT   : Port scan of DC xxxx.<domain-name>                   : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                    : Pass
    ADPORT   : Port scan of DC xxxx.<domain-name>                     : Warning
             : One or more ports failed to respond correctly. Either:
             :   a) the DC is offline
             :   b) a firewall is preventing access to a port
             : The following is a list of failed ports:
             :    ldap(389)/udp - timeout
             :    smb(445)/tcp - refused
             :    ldap(389)/tcp - refused
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                       : Pass
    ADPORT   : Port scan of DC xxxx.<domain-name>                        : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                       : Pass
    ADPORT   : Port scan of DC xxxx.<domain-name>                        : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                          : Pass
    ADPORT   : Port scan of DC xxxx.<domain-name>                           : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                   : Pass
    ADPORT   : Port scan of DC xxxx.<domain-name>                    : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                     : Pass
    GCPORT   : Port scan of GC xxxx.<domain-name>                      : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                    : Pass
    GCPORT   : Port scan of GC xxxx.<domain-name>                     : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                     : Failed
             : Cannot resolve the IP address for airportdc1.<domain-name>.
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                     : Pass
    GCPORT   : Port scan of GC xxxx.<domain-name>                      : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                  : Pass
    GCPORT   : Port scan of GC xxxx.<domain-name>                   : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                    : Pass
    GCPORT   : Port scan of GC xxxx.<domain-name>                     : Warning
             : One or more ports failed to respond correctly. Either:
             :   a) the GC is offline
             :   b) a firewall is preventing access to a port
             : The following is a list of failed ports:
             :    gc(3268)/tcp - refused
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                       : Pass
    GCPORT   : Port scan of GC xxxx.<domain-name>                        : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                       : Pass
    GCPORT   : Port scan of GC xxxx.<domain-name>                        : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                          : Pass
    GCPORT   : Port scan of GC xxxx<domain-name>                           : Pass
    ADDNS    : DNS lookup of DC xxxx.<domain-name>                   : Pass
    GCPORT   : Port scan of GC xxxx.<domain-name>                    : Pass
    ADGC     : Check Global Catalog servers                                : Pass
    DCUP     : Check for operational DCs in <domain-name>                    : Pass
    SITEUP   : Check DCs for <domain-name>in our site                        : Pass
    DNSSYM   : Check DNS server symmetry                                   : Pass
    ADSITE   : Check that this machine's subnet is in a site known by AD   : Pass
    GSITE    : See if we think this is the correct site                    : Pass
    TIME     : Check clock synchronization                                 : Pass
    2 serious issues were encountered during check. These must be fixed before proceeding
    2 warnings were encountered during check. We recommend checking these before proceeding
    main-acs-01/admin#
    Has any one face this issue before and appreciate if someone can advise how to fix this.

    This was a known issue with ACS 5.3 however, we got this fixed in ACS 5.3 patch 7 and ACS 5.4
    Since you're running ACS 5.4, it should not trigger.
    CSCtx53223    After upgrade ACS 5.3 fail to join AD domain - missing Centrify license
    Symptom:
    After upgrading from 5.2 to 5.3, ACS fails to join the domain. AD connection worked for a few days, until the services were restarted. After that ACS fails to join AD with the following error message in ACSADAgent.log:
    Jan 20 02:36:32 CBR1BACS01 adjoin[6814]: DEBUG cli.adjoin Join to zone is only permitted with a licensed copy of DirectControl. Get a license or learn more about Centrify Suite at http://www.centrify.com/express
    Jan 20 02:36:32 CBR1BACS01 adjoin[6814]: DEBUG cli.adjoin Without a license, you may connect to a domain through Auto Zone by specifying adjoin -w Test.Test
    Conditions:
    Upgrade from 5.2 to 5.3. Restart the services later on.
    Workaround:
    Backup the ACS db and re-image the box to 5.3
    How did you upgrade to ACS 5.4
    1.] Upgraded from 5.3 to 5.4 using upgrade package.
    2.] reianged it with ACS 5.4 ISO and restored the ACS 5.3 database.
    I would suggest you to open a TAC case on this. Most likely you need reimage the server and restore the database if you had gone through with option 1.]
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • Script for synchronizing the clock with Domain Controller

    Hi Everyone,
    In our environment, we have Mac machines which are joined to window's domain. Once in while machine will not log on to domain because the OS clock had a different time than the domain controller and sooner you fix the clock, machine will start communicating with domain controller.
    I was wondering if there is an easier way to do this using script which can run every few hours to force the OS clock to synchronize with the domain controller.
    Thanks,

    You don't need an Applescript to do that.
    Enable the NTP server on the Windows Domain Controller (perhaps start here: http://technet.microsoft.com/en-us/library/cc773013.aspx).
    Then setup the Macs to use NTP (Network Time) to sync to the domain controller.

  • WDS Join Domain Error

    I have WDS setup and working fine as long as the person logging into the computer to be imaged is a "Domain Admin", but if not the automatic joining of the domain fails.  The user can then join the computer manually, so they do have rights.  There
    is something that is forcing the user to be a full Domain Admin.
    I have tried putting a different security group in the registry setting but it did not make a difference:
    HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSPXE\Providers\BINLSVC\AutoApprove\<arch>\User
    The computer is pre-staged and works fine for a domain admin.  It all seems fine for other users, but does not join the domain.
    Does anybody know how to change this?
    Ryan

    Hi Mr Yuan Wang,
    I am having the same issue auto join domain. I am using answer file which was created through using WSIM in Win 2008 r2.
    Every thing went correct except up to the point joining the domain with domain user account(salim) i got the (The username or password is incorrect) error, here is the answer file:
    <?xml version="1.0" encoding="UTF-8"?>
    -<unattend xmlns="urn:schemas-microsoft-com:unattend">
    -<settings pass="specialize">
    -<component language="neutral" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" versionScope="nonSxS" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" name="Microsoft-Windows-Shell-Setup">
    <ComputerName>PC</ComputerName>
    <ProductKey>2Y4WT-DHTBF-Q6MMK-KYK6X-VKM6G</ProductKey>
    <TimeZone>arab standard time</TimeZone>
    <RegisteredOwner>Salin</RegisteredOwner>
    <RegisteredOrganization/>
    </component>
    -<component language="neutral" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" versionScope="nonSxS" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" name="Microsoft-Windows-UnattendedJoin">
    -<Identification>
    -<Credentials>
    <Domain>bintawfik,local</Domain>
    <Password>P@ssw8rd</Password>
    <Username>amjad</Username>
    </Credentials>
    <JoinDomain>bintawfik.local</JoinDomain>
    </Identification>
    </component>
    </settings>
    -<settings pass="oobeSystem">
    -<component language="neutral" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" versionScope="nonSxS" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" name="Microsoft-Windows-International-Core">
    <InputLocale>en-us</InputLocale>
    <SystemLocale>en-us</SystemLocale>
    <UILanguage>en-us</UILanguage>
    <UILanguageFallback>en-us</UILanguageFallback>
    <UserLocale>en-us</UserLocale>
    </component>
    -<component language="neutral" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" versionScope="nonSxS" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" name="Microsoft-Windows-Shell-Setup">
    -<AutoLogon>
    -<Password>
    <Value>UABAAHMAcwB3ADgAcgBkAFAAYQBzAHMAdwBvAHIAZAA=</Value>
    <PlainText>false</PlainText>
    </Password>
    <Domain>bintawfik.local</Domain>
    <Enabled>true</Enabled>
    <LogonCount>99</LogonCount>
    <Username>Salim</Username>
    </AutoLogon>
    -<OOBE>
    <HideEULAPage>true</HideEULAPage>
    <NetworkLocation>Work</NetworkLocation>
    <ProtectYourPC>1</ProtectYourPC>
    <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
    </OOBE>
    -<UserAccounts>
    -<AdministratorPassword>
    <Value>UABAAHMAcwB3ADgAcgBkAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAUABhAHMAcwB3AG8AcgBkAA==</Value>
    <PlainText>false</PlainText>
    </AdministratorPassword>
    -<LocalAccounts>
    -<LocalAccount wcm:action="add">
    -<Password>
    <Value>UABAAHMAcwB3ADgAcgBkAFAAYQBzAHMAdwBvAHIAZAA=</Value>
    <PlainText>false</PlainText>
    </Password>
    <Description>Built-in Account</Description>
    <DisplayName>Admin/Power User Account</DisplayName>
    <Group>Administrators</Group>
    <Name>Test</Name>
    </LocalAccount>
    </LocalAccounts>
    -<DomainAccounts>
    -<DomainAccountList wcm:action="add">
    <Domain>bintawfik.local</Domain>
    -<DomainAccount wcm:action="add">
    <Group>Domain Users</Group>
    <Name>Salim</Name>
    </DomainAccount>
    </DomainAccountList>
    </DomainAccounts>
    </UserAccounts>
    <TimeZone>arab standard time</TimeZone>
    <RegisteredOwner>Salim</RegisteredOwner>
    </component>
    </settings>
    <cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="wim://dc1/reminst/win7custom.wim#Win7_64_Ulti"/>
    </unattend>

  • Cisco ACS 5.3 multiple AD domains

    Hello everyone
    I do have a quick question about Cisco ACS 5.3 and multi domain authentication. How is it exactly handled?
    Can I join more than one domain with the ACS server? Or do I still need to configure that bidirectional trust relationship between those AD forests (even with the ACS 5.3)?
    Thanks,
    Markus

    Markus,
    If you are using peap mschapv2 then you can not use LDAP.
    Here is the link when it comes authentication protocol and database support -
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/eap_pap_phase.html#wp1014889
    thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Cisco ACS 5.1 cannot join Windows AD

    For about a week now I am setting up our new ACS 5.1. I have experienced no problems so far up until now when trying to join the ACS with the Windows AD (configuring LDAP was also no problem). I configure it using the domain name, a user and password with the appropriate rights.
    When I hit the "Test Conection" button I get the message "Connection test to 'mydomain.com' succeeded".
    However, when I want to save the configuration, I get the message "Invalid credentials to join this machine to Active Directory Domain". Tests with different users made no difference at all. Now for the interesting part. According to the log files, the ACS contacted the following servers to join the AD:
    Jul 26 15:00:45 mbssp087 adjoin[4848]: INFO  cli.adjoin Version: CentrifyDC 4.3.0-184
    Jul 26 15:01:34 mbssp087 adjoin[4848]: INFO  base.bind.ad ConnectToServer: fetch("") from p10174.mydomain.ch:389 failed (Reason: fetch  : Can't contact LDAP server)
    Jul 26 15:01:39 mbssp087 adjoin[4848]: INFO  base.bind.ad ConnectToServer: fetch("") from p10589.mydomain.ch:389 failed (Reason: fetch  : Can't contact LDAP server)
    Jul 26 15:01:44 mbssp087 adjoin[4848]: INFO  base.bind.ad ConnectToServer: fetch("") from p10504.mydomain.ch:389 failed (Reason: fetch  : Can't contact LDAP server)
    Jul 26 15:01:54 mbssp087 adjoin[4848]: INFO  base.bind.ad ConnectToServer: fetch("") from p10853.mydomain.ch:389 failed (Reason: fetch  : Can't contact LDAP server)
    Jul 26 15:02:04 mbssp087 adjoin[4848]: INFO  base.bind.ad ConnectToServer: fetch("") from p4831.mydomain.ch:389 failed (Reason: fetch  : Can't contact LDAP server)
    Jul 26 15:02:14 mbssp087 adjoin[4848]: INFO  base.bind.ad ConnectToServer: fetch("") from p10159.mydomain.ch:389 failed (Reason: fetch  : Can't contact LDAP server)
    Jul 26 15:02:19 mbssp087 adjoin[4848]: INFO  base.bind.ad Reached adclient.server.try.max before finding a valid server
    Jul 26 15:02:19 mbssp087 adjoin[4848]: INFO  cli.adjoin Join to domain 'mydomain.ch', zone 'null' failed.
    The pxxxx.mydomain.ch entries one can see in the log files are not DC's at all. Those are ordinary workstations all across our branch network. According to our windows administrator, all is set up correctly on the DNS or DC servers.
    Browsing through the support forums I made sure that I set the ntp, timezone and dns servers correctly. The ACS is patched to version 5.1.0.44-3, all DC's are Windows 2000 machines.
    Any ideas what I am overlooking? I am sure it's just a little detail I am not seeing...

    I had simmilar problem with login/joining to AD.
    I need know how to setup uniq IP for domain.name to /etc/hosts
    Or how to setup default domain controller fo domain.
    All setup options for AD and users are OK as user privilegue level on AD, ntp ...
    We have on infrastructure more domain controllers and DNS servers with different architecture.
    Few with 32bit few with 64bit, few as unix controllers, few as win controllers .....
    Q: How to setup default controller IP for domain.
    Ideal solution is /etc/hosts update and setting server IP for domain controllers.
    ====================================================
    From ACS CLI:
    ====================================================
    acs-new/acsadmin# nslookup xx.domain.com
    Trying "xx.domain.com"
    ;; Truncated, retrying in TCP mode.
    Trying "xx.domain.com"
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35020
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 75, AUTHORITY: 0, ADDITIONAL: 25
    ;; QUESTION SECTION:
    ;xx.domain.com.                 IN      ANY
    ;; ANSWER SECTION:
    xx.domain.com.          600     IN      A       192.168.21.19
    xx.domain.com.          600     IN      A       10.249.4.41
    xx.domain.com.          600     IN      A       10.245.1.19
    xx.domain.com.          600     IN      A       10.250.20.1
    xx.domain.com.          600     IN      A       10.241.2.29
    xx.domain.com.          600     IN      A       172.16.90.83
    xx.domain.com.          600     IN      A       10.247.10.5
    xx.domain.com.          600     IN      A       10.244.48.100
    xx.domain.com.          600     IN      A       10.242.53.218
    xx.domain.com.          600     IN      A       10.242.52.202
    xx.domain.com.          600     IN      A       172.21.8.32
    xx.domain.com.          600     IN      A       10.16.1.29
    xx.domain.com.          600     IN      A       10.254.99.182
    xx.domain.com.          600     IN      A       10.245.48.229
    xx.domain.com.          600     IN      A       10.100.8.19       !# me default controllers
    xx.domain.com.          600     IN      A       10.224.201.10
    xx.domain.com.          600     IN      A       10.254.100.2
    xx.domain.com.          600     IN      A       10.243.18.13
    xx.domain.com.          600     IN      A       10.249.4.1
    xx.domain.com.          600     IN      A       10.249.4.2
    xx.domain.com.          600     IN      A       172.31.4.26
    xx.domain.com.          600     IN      A       10.241.2.28
    xx.domain.com.          600     IN      A       10.245.48.235
    xx.domain.com.          600     IN      A       172.31.4.21
    xx.domain.com.          600     IN      A       10.242.52.201
    xx.domain.com.          600     IN      A       10.243.18.14
    xx.domain.com.          600     IN      A       10.240.1.16
    xx.domain.com.          600     IN      A       172.21.8.33
    xx.domain.com.          600     IN      A       10.224.201.1
    xx.domain.com.          600     IN      A       10.254.152.214
    xx.domain.com.          600     IN      A       10.100.17.81       !# me default controllers
    xx.domain.com.          600     IN      A       10.253.116.158
    xx.domain.com.          600     IN      A       10.100.17.80
    xx.domain.com.          600     IN      A       10.250.20.2
    xx.domain.com.          600     IN      A       10.241.20.231
    xx.domain.com.          600     IN      A       10.253.116.161
    xx.domain.com.          600     IN      A       10.244.48.120

  • OVM Server takes long time to boot up - gets stuck for minutes after joining domain

    Server takes a long time to reboot. Seems to get stuck for 8-10 minutes every time after joining domain.
    See below extract from /var/log/messages:-
    Feb 1 16:39:49 svrshir441 kernel: OCFS2 1.8.0
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB0000050000E5144BF336A244A4 ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,4) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB00000500000328DE591E03F0DB ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,2) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB000005000024F2772BB88DAA6A ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,5) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB0000050000B8721C8850D2C515 ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,1) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB0000050000EE77A2D3C8C7383B ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,0) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB0000050000B96BA1B4B79D765E ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,3) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain ovm ( 0 1 2 ) 3 nodes
    Feb 1 16:47:22 svrshir441 kernel: mpt2sas0: _ctl_BRM_status_show: BRM attribute is only forwarpdrive
    Feb 1 16:47:22 svrshir441 kernel: mpt2sas0: _ctl_host_trace_buffer_show: host_trace_buffer is not registered
    Feb 1 16:47:22 svrshir441 kernel: mpt2sas0: _ctl_host_trace_buffer_size_show: host_trace_buffer is not registered
    Feb 1 16:47:22 svrshir441 kernel: qla2xxx [0000:30:00.0]-1020:7: **** Failed mbx[0]=4006
    No idea why it seems to pause for 8 minutes.

    [2015-02-01 16:38:23 9555] DEBUG (ocfs2:162) cluster debug: {'/sys/kernel/debug/o2dlm': [], '/sys/kernel/debug/o2net': ['connected_n
    odes', 'stats', 'sock_containers', 'send_tracking'], '/sys/kernel/debug/o2hb': ['0004FB0000050000E5144BF336A244A4', 'failed_regions'
    , 'quorum_regions', 'live_regions', 'livenodes'], 'service o2cb status': 'Driver for "configfs": Loaded\nFilesystem "configfs": Moun
    ted\nStack glue driver: Loaded\nStack plugin "o2cb": Loaded\nDriver for "ocfs2_dlmfs": Loaded\nFilesystem "ocfs2_dlmfs": Mounted\nCh
    ecking O2CB cluster "8cd10008859eaf59": Online\n  Heartbeat dead threshold: 61\n  Network idle timeout: 60000\n  Network keepalive d
    elay: 2000\n  Network reconnect delay: 2000\n  Heartbeat mode: Global\nChecking O2CB heartbeat: Active\n  0004FB0000050000E5144BF336
    A244A4 /dev/dm-4\nNodes in O2CB cluster: 0 1 2 \n'}
    [2015-02-01 16:38:23 9555] DEBUG (ocfs2:162) cluster debug: {'/sys/kernel/debug/o2dlm': [], '/sys/kernel/debug/o2net': ['connected_n
    odes', 'stats', 'sock_containers', 'send_tracking'], '/sys/kernel/debug/o2hb': ['0004FB0000050000E5144BF336A244A4', 'failed_regions'
    , 'quorum_regions', 'live_regions', 'livenodes'], 'service o2cb status': 'Driver for "configfs": Loaded\nFilesystem "configfs": Moun
    ted\nStack glue driver: Loaded\nStack plugin "o2cb": Loaded\nDriver for "ocfs2_dlmfs": Loaded\nFilesystem "ocfs2_dlmfs": Mounted\nCh
    ecking O2CB cluster "8cd10008859eaf59": Online\n  Heartbeat dead threshold: 61\n  Network idle timeout: 60000\n  Network keepalive d
    elay: 2000\n  Network reconnect delay: 2000\n  Heartbeat mode: Global\nChecking O2CB heartbeat: Active\n  0004FB0000050000E5144BF336
    A244A4 /dev/dm-4\nNodes in O2CB cluster: 0 1 2 \n'}
    [2015-02-01 16:38:23 9555] DEBUG (ocfs2:270) Trying to mount /dev/mapper/360080e500036115200000b315294458d to /poolfsmnt/0004fb00000
    50000e5144bf336a244a4
    [2015-02-01 16:38:23 9555] DEBUG (ocfs2:295) /dev/mapper/360080e500036115200000b315294458d mounted to /poolfsmnt/0004fb0000050000e51
    44bf336a244a4
    [2015-02-01 16:38:24 10441] INFO (notificationserver:213) NOTIFICATION SERVER STARTED
    [2015-02-01 16:38:24 10443] INFO (remaster:140) REMASTER SERVER STARTED
    [2015-02-01 16:38:24 10444] INFO (monitor:23) MONITOR SERVER STARTED
    [2015-02-01 16:38:24 10447] INFO (ha:89) HA SERVER STARTED
    [2015-02-01 16:38:24 10448] INFO (stats:26) STAT SERVER STARTED
    [2015-02-01 16:38:24 10451] INFO (xmlrpc:307) Oracle VM Agent XMLRPC Server started.
    [2015-02-01 16:38:24 10451] INFO (xmlrpc:316) Oracle VM Server version: {'release': '3.2.8', 'date': '201404161506', 'build': '736'}
    , hostname: svrshir441, ip: 10.90.17.41
    [2015-02-01 16:38:24 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:38:24 10441] DEBUG (notificationserver:239) Connected to manager.
    [2015-02-01 16:38:25 10441] INFO (notificationserver:267) Service started.
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdb-7:0:0:0 (unde
    f:0x20470080e5361152:360080e500036115200000b315294458d)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdh-9:0:0:0 (acti
    ve:0x20460080e5361152:360080e500036115200000b315294458d)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdd-7:0:0:2 (unde
    f:0x20470080e5361152:360080e500036115200000b36529447cb)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdj-9:0:0:2 (acti
    ve:0x20460080e5361152:360080e500036115200000b36529447cb)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdf-7:0:0:4 (unde
    f:0x20470080e5361152:360080e500036115200000b39529448ba)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdl-9:0:0:4 (acti
    ve:0x20460080e5361152:360080e500036115200000b39529448ba)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdc-7:0:0:1 (acti
    ve:0x20470080e5361152:360080e500037683a00000b1652944694)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdi-9:0:0:1 (unde
    f:0x20460080e5361152:360080e500037683a00000b1652944694)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sde-7:0:0:3 (acti
    ve:0x20470080e5361152:360080e500037683a00000b18529448bf)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdk-9:0:0:3 (unde
    f:0x20460080e5361152:360080e500037683a00000b18529448bf)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdg-7:0:0:5 (acti
    ve:0x20470080e5361152:360080e500037683a00000b1a529449ac)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdm-9:0:0:5 (unde
    f:0x20460080e5361152:360080e500037683a00000b1a529449ac)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-5 (360080e5000
    36115200000b39529448ba)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-1 (360080e5000
    36115200000b36529447cb)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-0 (360080e5000
    37683a00000b1652944694)
    [2015-02-01 16:38:27 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-2 (360080e5000
    37683a00000b18529448bf)
    [2015-02-01 16:38:27 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-3 (360080e5000
    37683a00000b1a529449ac)
    [2015-02-01 16:38:27 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-4 (360080e5000
    36115200000b315294458d)
    [2015-02-01 16:38:29 10444] DEBUG (monitor:36) Cluster state changed from [Unknown] to [DLM_Ready]
    [2015-02-01 16:38:29 10444] INFO (notification:47) Notification sent: {CLUSTER} {MONITOR} Cluster state changed from [Unknown] to [D
    LM_Ready]
    [2015-02-01 16:38:29 10441] INFO (notificationserver:139) Sending notification: {CLUSTER} {MONITOR} Cluster state changed from [Unkn
    own] to [DLM_Ready]
    [2015-02-01 16:38:33 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:33 {NETWORK} net : ADD : eth4 (1)
    [2015-02-01 16:38:36 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:36 {NETWORK} net : ADD : eth5 (1)
    [2015-02-01 16:38:39 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:39 {NETWORK} net : ADD : eth6 (0)
    [2015-02-01 16:38:42 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:42 {NETWORK} net : ADD : eth7 (1)
    [2015-02-01 16:38:45 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:45 {NETWORK} net : ADD : eth0 (1)
    [2015-02-01 16:38:48 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:48 {NETWORK} net : ADD : eth1 (1)
    [2015-02-01 16:38:51 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:51 {NETWORK} net : ADD : eth2 (0)
    [2015-02-01 16:38:54 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:54 {NETWORK} net : ADD : eth3 (1)
    [2015-02-01 16:38:57 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:57 {NETWORK} net : ADD : bond0 (1)
    [2015-02-01 16:39:00 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:39:00 {NETWORK} net : ADD : bond1 (1)
    [2015-02-01 16:39:03 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:39:03 {NETWORK} net : ADD : bond1.590 (1)
    [2015-02-01 16:39:06 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:39:06 {NETWORK} net : ADD : bond1.90 (1)
    [2015-02-01 16:40:56 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) None&c=8&s=
    1422808694292&lb=p&t=2&p=%3Ccom.oracle.odof.OdofIdentifier%3E%3Clong%3E943%3C%2Flong%3E%3C%2Fcom.oracle.odof.OdofIdentifier%3E%2Ccom
    pareTo%2Cjava.lang.Object%2CNone%2C5'
    [2015-02-01 16:41:05 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) https://10.
    90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1767abc
    [2015-02-01 16:41:26 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) https://10.
    90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1767abc
    [2015-02-01 16:41:47 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) https://10.
    90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1767abc
    [2015-02-01 16:42:05 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) https://10.
    90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1767abc
    [2015-02-01 16:42:26 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) https://10.
    90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1767abc
    [2015-02-01 16:42:26 10441] INFO (notificationserver:276) Service stopped.
    [2015-02-01 16:42:26 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:42:29 10441] ERROR (notificationserver:244) Error initializing notification server: 'Invalid URL Request (send) https
    ://10.90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1
    767abc'
    [2015-02-01 16:42:45 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:42:59 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:43:05 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:43:25 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:43:32 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:43:45 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:44:02 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:44:05 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:44:25 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:44:32 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:44:46 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:44:53 11242] DEBUG (service:76) call start: discover_server
    [2015-02-01 16:44:54 11242] DEBUG (service:76) call complete: discover_server
    [2015-02-01 16:45:02 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:45:02 10441] DEBUG (notificationserver:239) Connected to manager.
    [2015-02-01 16:45:03 10441] INFO (notificationserver:267) Service started.
    [2015-02-01 16:47:22 11455] DEBUG (service:76) call start: get_api_version
    [2015-02-01 16:47:22 11455] DEBUG (service:76) call complete: get_api_version
    [2015-02-01 16:47:22 11456] DEBUG (service:76) call start: discover_server
    [2015-02-01 16:47:22 11456] DEBUG (service:76) call complete: discover_server
    [2015-02-01 16:47:22 11470] DEBUG (service:76) call start: discover_hardware
    [2015-02-01 16:47:23 11470] DEBUG (service:76) call complete: discover_hardware
    [2015-02-01 16:47:23 11497] DEBUG (service:76) call start: discover_network
    [2015-02-01 16:47:23 11497] DEBUG (service:76) call complete: discover_network
    [2015-02-01 16:47:24 11498] DEBUG (service:76) call start: discover_storage_plugins
    [2015-02-01 16:47:24 11498] DEBUG (service:76) call complete: discover_storage_plugins
    [2015-02-01 16:47:24 11501] DEBUG (service:74) call start: discover_physical_luns('',)
    [2015-02-01 16:47:25 11501] DEBUG (service:76) call complete: discover_physical_luns
    [2015-02-01 16:47:25 11523] DEBUG (service:74) call start: discover_physical_luns('360080e500036115200000b315294458d 360080e50003611
    5200000b36529447cb 360080e500037683a00000b1652944694 360080e500036115200000b39529448ba 360080e500037683a00000b18529448bf 360080e5000
    36115200000b315294458d 360080e500037683a00000b1a529449ac 360080e500036115200000b36529447cb 360080e500037683a00000b1652944694 360080e
    500036115200000b39529448ba 360080e500037683a00000b18529448bf 360080e500037683a00000b1a529449ac',)
    [2015-02-01 16:47:25 11523] DEBUG (service:76) call complete: discover_physical_luns
    [2015-02-01 16:47:26 11545] DEBUG (service:76) call start: discover_repository_db
    [2015-02-01 16:47:26 11545] DEBUG (service:76) call complete: discover_repository_db
    [2015-02-01 16:47:26 11546] DEBUG (service:74) call start: storage_plugin_listMountPoints('oracle.ocfs2.OCFS2.OCFS2Plugin', {'status
    ': '', 'admin_user': '', 'admin_host': '', 'uuid': '0004fb000009000090ee9ab5a5966c67', 'total_sz': 0, 'admin_passwd': '******', 'fre
    e_sz': 0, 'name': '0004fb000009000090ee9ab5a5966c67', 'access_host': '', 'storage_type': 'FileSys', 'alloc_sz': 0, 'access_grps': []
    , 'used_sz': 0, 'storage_desc': ''})
    [2015-02-01 16:47:26 11546] INFO (storageplugin:109) storage_plugin_listMountPoints(oracle.ocfs2.OCFS2.OCFS2Plugin)
    [2015-02-01 16:47:27 11546] DEBUG (service:76) call complete: storage_plugin_listMountPoints
    [2015-02-01 16:47:27 11573] DEBUG (service:76) call start: get_yum_config
    [2015-02-01 16:47:27 11573] DEBUG (service:76) call complete: get_yum_config
    [2015-02-01 16:47:27 11574] DEBUG (service:76) call start: discover_cluster
    [2015-02-01 16:47:27 11574] DEBUG (service:76) call complete: discover_cluster
    [2015-02-01 16:48:53 11703] DEBUG (service:76) call start: discover_network
    [2015-02-01 16:48:53 11703] DEBUG (service:76) call complete: discover_network
    [2015-02-01 16:48:53 11704] DEBUG (service:74) async call start: start_vm('0004fb00000300001e5b01d4a4cb6426', '0004fb0000060000eff93
    af0676e8c83')
    [2015-02-01 16:48:53 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-eff9-3af0676e8c83 {START
    [2015-02-01 16:48:54 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-eff9-3af0676e8c83 {VNC}
    5900
    [2015-02-01 16:48:54 11706] DEBUG (base:269) async call complete: func: start_vm pid: 11706 status: 0 output:
    [2015-02-01 16:48:54 11706] INFO (notification:47) Notification sent: {ASYNC_PROC} exit PID 11706
    [2015-02-01 16:48:54 10441] INFO (notificationserver:139) Sending notification: {ASYNC_PROC} exit PID 11706
    [2015-02-01 16:48:55 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb0000060000eff93af0676e8c83 {SSLVNC} 6
    900
    [2015-02-01 16:48:55 11958] DEBUG (service:74) call start: configure_vm_ha('0004fb00000300001e5b01d4a4cb6426', '0004fb0000060000eff9
    3af0676e8c83', True)
    [2015-02-01 16:48:56 11958] DEBUG (service:76) call complete: configure_vm_ha
    [2015-02-01 16:48:56 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb0000060000eff93af0676e8c83 {SSLTTY} 7
    900
    [2015-02-01 16:50:01 12075] DEBUG (service:76) call start: discover_network
    [2015-02-01 16:50:01 12075] DEBUG (service:76) call complete: discover_network
    [2015-02-01 16:50:01 12076] DEBUG (service:74) async call start: start_vm('0004fb0000030000ba5b6d02faa88c44', '0004fb0000060000fd7d7
    ad27e9d7b63')
    [2015-02-01 16:50:02 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-fd7d-7ad27e9d7b63 {START
    [2015-02-01 16:50:02 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-fd7d-7ad27e9d7b63 {VNC}
    5901
    [2015-02-01 16:50:02 12078] DEBUG (base:269) async call complete: func: start_vm pid: 12078 status: 0 output:
    [2015-02-01 16:50:02 12078] INFO (notification:47) Notification sent: {ASYNC_PROC} exit PID 12078
    [2015-02-01 16:50:03 10441] INFO (notificationserver:139) Sending notification: {ASYNC_PROC} exit PID 12078
    [2015-02-01 16:50:03 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb0000060000fd7d7ad27e9d7b63 {SSLVNC} 6
    901
    [2015-02-01 16:50:04 12516] DEBUG (service:74) call start: configure_vm_ha('0004fb0000030000ba5b6d02faa88c44', '0004fb0000060000fd7d
    7ad27e9d7b63', True)
    [2015-02-01 16:50:04 12516] DEBUG (service:76) call complete: configure_vm_ha
    [2015-02-01 16:50:04 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb0000060000fd7d7ad27e9d7b63 {SSLTTY} 7
    902
    [2015-02-01 16:50:54 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-fd7d-7ad27e9d7b63 {VMAPI
    } VMAPIEvent {"VMAPIEvent":{"severity":5,"subsystem":"OVMSvcSS","process":"OVMSvc","type":"system","payload":{"type":"alive","alive"
    :{"hostname":"GIS-DB-SVR1","domainName":"gloscc.gov.uk","osType":"Windows","osVersion":"Windows Server 2008 R2 Service Pack 1","kern
    elVersion":"6.1.7601.18700","arch":"AMD64","guestType":"PVHVM","guestDriverVersion":"3.2.2.0","vmapiVersion":"100"}}}}
    [2015-02-01 16:50:54 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-fd7d-7ad27e9d7b63 {VMAPI
    } VMAPIEvent {"VMAPIEvent":{"severity":5,"subsystem":"OVMSvcSS","process":"OVMSvc","type":"system","payload":{"type":"IPChange","IPC
    hange":{"intrface":"Oracle VM Virtual Ethernet Adapter","mac":"0021f6000001","ipv4info":{"ipinfo":[{"address":"10.90.0.66","netmask"
    :"255.255.255.0","gateway":"","mtu":1500,"speed":1000000000}]},"ipv6info":{"ipinfo":[{"address":"fe80::993f:d5f4:599d:fa4%14","netma
    sk":"255.255.255.0","gateway":"","mtu":1500,"speed":1000000000}]}}}}}

  • Windows machines can't join domain after 10.5.4 upgrade

    Howdy folks,
    I have a ticket open with Apple on this but am posting here in hopes that someone might have an idea for me.
    I upgraded our Mac OS X Server 10.5.3 to 10.5.4 on Sunday, and this morning several users reported that their PCs running Windows XP SP2 were unable to login to the Windows domain hosted on this machine. It's the primary domain controller for the Windows users.
    One thing to note is that I had to reinstall the server completely because the 10.5.4 patcher crashed, creating all kinds of mayhem. I did a fresh install of OS X Server 10.5 and immediately applied the 10.5.4 combo updater to it. I had to restore the Open Directory from an archival copy, and the SMB was created fresh. Not sure why but the SMB services weren't preserved by the Server settings export command in Server Admin.
    I thought unbinding the PC from the Windows domain and then rebinding it with a new name would help, but I've been completely unable to add older computers to the domain, even after removing the old computer records first.
    I've got a reproducible failure mode for this problem on a Windows XP virtual machine running on VMware Fusion on my Mac. Here's the method I've been using to create the failure:
    1. Change Windows XP System name to something new that doesn't already have a computer record on the Mac OS X Server and reboot.
    2. After the reboot, run "NewSID" program on Windows to globally change my Windows machine's SID to a new, random value, and reboot again.
    3. Attempt to use the Network ID wizard in the Windows Control Panel to re-add the machine to the domain under a new name so there's no conflict with any old computer records floating around in Open Directory. After it prompts me to enter the username, password and domain name for a user who's authorized to add machines to the domain, I get a dialog box that displays this error:
    "Your computer could not be joined to the domain because the following error has occurred:
    An internal error occurred."
    Not too informative.
    Here are the error messages I see in /var/log/samba/log.smbd (searching for the new computer name in the search field):
    netbios connect: name1=BIGMAC name2=JEFFVM6
    netbios connect: local=bigmac remote=jeffvm6, name type = 0
    opendirectorysamsearchname gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Computers record for account 'JEFFVM6$'
    odssam_getgrnam gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Groups record for 'JEFFVM6$'!
    opendirectorysamsearchname gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Computers record for account 'JEFFVM6$'
    kDSStdAuthNewUser was successful for account "jeffvm6$"
    At that point it's impossible to join the computer to the domain no matter what. The most puzzling thing is that SOME of our users were able to login without any problems whatever. The ones that were either physically off or somewhere else when the 10.5.4 upgrade was applied are the only PCs that seem to be having problems.
    Any help at all is appreciated. I suspect this is some kind of a SID conflict because the SMB server had to be recreated from scratch, but have no idea how to fix the client, the server, or both to make the computer account creation process work.

    The problem is fixed.
    The issue boils down to an argument between the Open Directory server on bigmac (the OS X Server machine) and the SMB server on bigmac. The crucial information I needed to solve this problem was located here: http://www.radiotope.com/node/61
    The Open Directory database had to be restored from a backup following this weekend's problematic upgrade, and it had a different value for the SID for the Windows domain than the one used by the SMB server software itself. Even stranger was that the Open Directory database actually had the wrong domain name! The It was listed as "BIGMAC" in Open Directory, even though it was set to the correct Windows domain name in the SMB server.
    The solution was to demote the SMB server from a Primary Domain Controller to a Standalone Machine, and then repromote it. Although I changed no values in the settings, and did not modify the plist containing the SID in the Open Directory via the Inspector in Workgroup Admin, after the SMB PDC was repromoted, the SIDs and the domain names in Open Directory and the SMB config agreed with each othe. Now new machines can join the domain and users can login just as they did before. No client-side modifications are necessary.
    Hope this is helpful to someone else. It was quite the hair-pulling experience for a while there.
    Jeff Kirk

  • DC on VM Restored after crash - Does Not allow PCs to Join Domain, or Domain Users to Log in

    We currently had a RAID array crash and rebuilt our main server which housed VMs for our Web and DC.
    The main server was restored from a bare-metal backup from 6 months prior to the latest backup of the VMs (not sure if pertinent)
    Since the Restore, Domain computers cannot access file shares on the main server or VMs - "unspecified network error
    0x80004005
    Removed the main server from the Domain to re-join it due to some issues with logging in (even with a Domain Admin account) - Found that any PC removed from the domain was no longer able
    to rejoin - Receive (Network path was not found error)
    Domain Users cannot log in to their computers - Error reads "The trust relationship between this computer and the domain has been lost" - Domain Admin accounts can log in without
    problem.
    Have been working on it for two weeks and tried most of the things that I have found in others questions for related 
    DCDIAG results (run on DC VM) - More errors appear if run on the Server (Locator DcGetDcName(GC_Server_Required) call failed, error 1722 (same for PDC, TIME, GOOD_TIME, and KDC)
    Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
       Home Server = DC1
       * Identified AD Forest. 
       Done gathering initial info.
    Doing initial required tests
       Testing server: Default-First-Site-Name\DC1
          Starting test: Connectivity
             ......................... DC1 passed test Connectivity
    Doing primary tests
       Testing server: Default-First-Site-Name\DC1
          Starting test: Advertising
             ......................... DC1 passed test Advertising
          Starting test: FrsEvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems. 
             ......................... DC1 failed test FrsEvent
          Starting test: DFSREvent
             ......................... DC1 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... DC1 passed test SysVolCheck
          Starting test: KccEvent
             ......................... DC1 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... DC1 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... DC1 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... DC1 passed test NCSecDesc
          Starting test: NetLogons
             ......................... DC1 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... DC1 passed test ObjectsReplicated
          Starting test: Replications
             ......................... DC1 passed test Replications
          Starting test: RidManager
             ......................... DC1 passed test RidManager
          Starting test: Services
             ......................... DC1 passed test Services
          Starting test: SystemLog
             A warning event occurred.  EventID: 0x80040022
                Time Generated: 01/15/2015   19:32:28
                Event String:
                The driver disabled the write cache on device \Device\Harddisk0\DR0.
             A warning event occurred.  EventID: 0x80040022
                Time Generated: 01/15/2015   19:32:28
                Event String:
                The driver disabled the write cache on device \Device\Harddisk0\DR0.
             A warning event occurred.  EventID: 0x80040022
                Time Generated: 01/15/2015   19:32:28
                Event String:
                The driver disabled the write cache on device \Device\Harddisk0\DR0.
             A warning event occurred.  EventID: 0x000003F6
                Time Generated: 01/15/2015   19:32:52
                Event String:
                Name resolution for the name DC1.Home.xxx.com timed out after none of the configured DNS servers responded.
             An error event occurred.  EventID: 0xC00038D6
                Time Generated: 01/15/2015   19:33:25
                Event String:
                The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
             A warning event occurred.  EventID: 0x00000420
                Time Generated: 01/15/2015   19:33:29
                Event String:
                The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service.   This is not a recommended security configuration.
     Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
             A warning event occurred.  EventID: 0x00002724
                Time Generated: 01/15/2015   19:33:33
                Event String:
                This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
             A warning event occurred.  EventID: 0x000727AA
                Time Generated: 01/15/2015   19:36:34
                Event String:
                The WinRM service failed to create the following SPNs: WSMAN/DC1.Home.xxx.com; WSMAN/DC1. 
             A warning event occurred.  EventID: 0x00001695
                Time Generated: 01/15/2015   19:59:52
                Event String:
                Dynamic registration or deletion of one or more DNS records associated with DNS domain 'Home.xxx.com.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified
    domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  
             A warning event occurred.  EventID: 0x00001695
                Time Generated: 01/15/2015   19:59:52
                Event String:
                Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.Home.xxx.com.' failed.  These records are used by other computers to locate this server as a domain controller
    (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  
             A warning event occurred.  EventID: 0x00001695
                Time Generated: 01/15/2015   19:59:52
                Event String:
                Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.Home.xxx.com.' failed.  These records are used by other computers to locate this server as a domain controller
    (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  
             A warning event occurred.  EventID: 0x00000420
                Time Generated: 01/15/2015   20:20:21
                Event String:
                The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service.   This is not a recommended security configuration.
     Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
             A warning event occurred.  EventID: 0x00002724
                Time Generated: 01/15/2015   20:20:25
                Event String:
                This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
             ......................... DC1 failed test SystemLog
          Starting test: VerifyReferences
             ......................... DC1 passed test VerifyReferences
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation
       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
       Running partition tests on : Home
          Starting test: CheckSDRefDom
             ......................... Home passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Home passed test CrossRefValidation
       Running enterprise tests on : Home.xxx.com
          Starting test: LocatorCheck
             ......................... Home.xxx.com passed test LocatorCheck
          Starting test: Intersite
             ......................... Home.xxx.com passed test Intersite
    All PCs can ping the DC, and get name resolution.  Checked IPs, DNS on both WS and DC (DC points to its own IP address with no other DNS), Forwarders for DNS appear to be working,
    as normal DNS name resolution and internet access works on all PCs.  Have tried disabling NIC card and installing another NIC.  All searches keep pointing back at the same things that I have tried.  I feel like I am missing something stupid.
     Please help

    The backup you used is too old. That is why your clients are experiencing trust relationship failures: the computer passwords are no longer matching so they are failing to connect to AD. You need to disjoin and join them again.
    I understand that this is the only DC you have so please make sure that the DC is not multihomed, that it points to its private IP address as primary DNS server and 127.0.0.1 as secondary one. Also, you might need to rebuild your SYSVOL folder if you keep
    getting the SYSVOL errors: https://support.microsoft.com/kb/315457?wa=wsignin1.0
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

Maybe you are looking for

  • PO with BOM

    Hi everyone, pls. I need your advice related with PO with BOM. I explain the process: I always buy a kit containing 350 items, so the PO have only 1 ítem because the manufacturer bills 1 item, but the GR have to be for 350 items. After GR I have to a

  • Are there new updates for camera raw for Lightroom 4, or only for Lightroom 5, as in 5.3 ?

    Are there new updates for camera raw for Lightroom 4, or only for Lightroom 5, as in 5.3 ?

  • ORA-04091: table is mutating, trigger/function may no

    Hi all, I'm trying to create a trigger, but I got the following: ERROR at line 1: ORA-04092: cannot ROLLBACK in a trigger ORA-06512: at "PKG_PROJ", line 63 ORA-04091: table TBL_DATA is mutating, trigger/function may not see it ORA-06512: at "T$D_INS_

  • On demand Expand list.

    Hi, I recently started using spry framework.i successfully implemented the dropdown functionality using coldfusion(for dynamic xml). now i am working on a dynamic report functionality. - there will be a report with only 5 rows displayed at a time. -t

  • Help! Double BMP file

    it is needed to create a new BMP file exactly twice the height of an original BMP file(which is uncompressed), and consisting of two copies of the original image, one on top of the other . now I have modify the file size (ie. size of the bit map data