Hello It took a while until I was able to get the logs from a failed machine. There have been three occasions been logged where the client updated the AD Password. Both 2022-5-23 and 2022-05-31 have been fine only 2022-06-07 wasn't and locally the kvon was not updated, but on the DC it was. The only difference I can spot this.
Working: * Found computer account for LC015564$ at: CN=LC015564,OU=Computer,OU=Minden,OU=Germany,DC=wago,DC=local * Retrieved kvno '16' for computer account in directory: CN=LC015564,OU=Computer,OU=Minden,OU=Germany,DC=wago,DC=local * Sending NetLogon ping to domain controller: svdc01011.wago.local * Received NetLogon info from: SVDC01011.wago.local * Changed computer password * kvno incremented to 17 * Checking RestrictedKrbHost/lc015564.wago.local Not working: * Found computer account for LC015564$ at: CN=LC015564,OU=Computer,OU=Minden,OU=Germany,DC=wago,DC=local * Retrieved kvno '17' for computer account in directory: CN=LC015564,OU=Computer,OU=Minden,OU=Germany,DC=wago,DC=local * Sending NetLogon ping to domain controller: svdc03002.wago.local * Found old kvno '17' * Changed computer password * Retrieved kvno '17' for computer account in directory: CN=LC015564,OU=Computer,OU=Minden,OU=Germany,DC=wago,DC=local * Sending NetLogon ping to domain controller: svdc03002.wago.local * Received NetLogon info from: SVDC03002.wago.local * Checking RestrictedKrbHost/lc015564.wago.local I inclued all log output. To me it looks like the communication is done only in TCP allso I do not see any KRB5KRB_AP_ERR_REPEAT errors. So I believe I have a different problem then Spike. I do believe that the problem only occurs if the client is connect over VPN. But I have no data to prove this. It may also be related to the side the client is connected to. I have no idea what to check next. Maybe I will set one specific server to be used for updating the computer password. Mit freundlichen Grüßen / Best regards WAGO GmbH & Co. KG Sebastian Grebe IT Service Center phone: +49 571 887-9000 fax: +49 571 887-8658 WAGO GmbH & Co. KG Hansastraße 27 32423 Minden Deutschland http://www.wago.com<http://www.wago.com/> Public Diese E-Mail einschließlich ihrer Anhänge ist vertraulich und daher allein für den Gebrauch durch den vorgesehenen Empfänger bestimmt. Dritten ist das Lesen, Verteilen oder Weiterleiten dieser E-Mail sowie jedwedes Vertrauen auf deren Inhalt untersagt. Wir bitten, eine fehlgeleitete E-Mail unverzüglich vollständig zu löschen und uns eine Nachricht zukommen zu lassen. This email may contain material that is confidential and/or privileged for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. WAGO GmbH & Co. KG - Sitz: Minden - Amtsgericht Bad Oeynhausen HRA 6218 Komplementärin: WAGO Beteiligungs GmbH – Sitz: Brunn am Gebirge (Österreich) - Landesgericht Wiener Neustadt, FN 553907w - Niederlassung Minden - Amtsgericht Bad Oeynhausen, HRB 17863 Geschäftsführung: Axel Börner, Kathrin Fricke, Dr. Heiner Lang, Christian Sallach, Jürgen Schäfer, Dr. Karsten Stoll, Yannick Weber WAGO ist eine eingetragene Marke der WAGO Verwaltungsgesellschaft mbH
adcli_update.out.2022-05-31_07-10-18
Description: adcli_update.out.2022-05-31_07-10-18
adcli_update.out.2022-06-07_07-33-23
Description: adcli_update.out.2022-06-07_07-33-23
adcli_update.pcap.2022-05-31_07-10-18
Description: adcli_update.pcap.2022-05-31_07-10-18
adcli_update.pcap.2022-06-07_07-33-23
Description: adcli_update.pcap.2022-06-07_07-33-23
krb5_trace.out.2022-05-31_07-10-18
Description: krb5_trace.out.2022-05-31_07-10-18
krb5_trace.out.2022-06-07_07-33-23
Description: krb5_trace.out.2022-06-07_07-33-23
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
