<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2015-02-27 12:23 GMT+02:00 Alexander Bokovoy <span dir="ltr"><<a href="mailto:abokovoy@redhat.com" target="_blank">abokovoy@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On Fri, 27 Feb 2015, mete bilgin wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
[0000] 85 A6 68 FD 0D BF 20 B8                            ..h... .<br>
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2a90<br>
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2a90<br>
s4_tevent: Destroying timer event 0x7fed9c0487b0 "tevent_req_timedout"<br>
s4_tevent: Destroying timer event 0x7fed9c044ed0 "dcerpc_timeout_handler"<br>
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2760<br>
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2760<br>
    netr_LogonControl2Ex: struct netr_LogonControl2Ex<br>
       out: struct netr_LogonControl2Ex<br>
           query                    : *<br>
               query                    : union<br>
netr_CONTROL_QUERY_<u></u>INFORMATION(case 2)<br>
               info2                    : *<br>
                   info2: struct netr_NETLOGON_INFO_2<br>
                       flags                    : 0x00000080 (128)<br>
                              0: NETLOGON_REPLICATION_NEEDED<br>
                              0: NETLOGON_REPLICATION_IN_<u></u>PROGRESS<br>
                              0: NETLOGON_FULL_SYNC_REPLICATION<br>
                              0: NETLOGON_REDO_NEEDED<br>
                              0: NETLOGON_HAS_IP<br>
                              0: NETLOGON_HAS_TIMESERV<br>
                              0: NETLOGON_DNS_UPDATE_FAILURE<br>
                              1: NETLOGON_VERIFY_STATUS_<u></u>RETURNED<br>
                       pdc_connection_status    : WERR_NO_LOGON_SERVERS<br>
                       trusted_dc_name          : *<br>
                           trusted_dc_name          : ''<br>
                       tc_connection_status     : WERR_NO_LOGON_SERVERS<br>
           result                   : WERR_OK<br>
</blockquote>
Here is the result -- AD DC was unable to reach IPA DC. Check your<br>
firewall and DNS records.<br>
<br>
For DNS, make sure you can resolve SRV record _ldap._<a href="http://tcp.IPADOMAIN.COM" target="_blank">tcp.IPADOMAIN.COM</a><br>
from AD DC console.<br>
<a href="http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Verify_DNS_configuration" target="_blank">http://www.freeipa.org/page/<u></u>Howto/IPAv3_AD_trust_setup#<u></u>Verify_DNS_configuration</a><br>
<br>
For firewall, see<br>
<a href="http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Firewall_configuration" target="_blank">http://www.freeipa.org/page/<u></u>Howto/IPAv3_AD_trust_setup#<u></u>Firewall_configuration</a><span class=""><font color="#888888"><br>
<br>
<br>
-- <br>
/ Alexander Bokovoy<br>
</font></span></blockquote></div>Hi,</div><div class="gmail_extra"><br></div><div class="gmail_extra">I think get entry for replication server. That's the problem. I remove the replica on dns server.</div><div class="gmail_extra"><br></div><div class="gmail_extra"><a href="https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=538e023107ed307142ca7302ff34106c53afa932">https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=538e023107ed307142ca7302ff34106c53afa932</a><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_extra">> _ldap._<a href="http://tcp.ipdomin.com">tcp.ipdomin.com</a></div><div class="gmail_extra">Server:  UnKnown</div><div class="gmail_extra">Address:  ::1</div><div class="gmail_extra"><br></div><div class="gmail_extra">Non-authoritative answer:</div><div class="gmail_extra">_ldap._<a href="http://tcp.bilyoner.com">tcp.bilyoner.com</a> SRV service location:</div><div class="gmail_extra">          priority       = 0</div><div class="gmail_extra">          weight         = 100</div><div class="gmail_extra">          port           = 389</div><div class="gmail_extra">          svr hostname   = <a href="http://ipa02.ipadomain.com">ipa02.ipadomain.com</a></div><div class="gmail_extra">_ldap._<a href="http://tcp.bilyoner.com">tcp.bilyoner.com</a> SRV service location:</div><div class="gmail_extra">          priority       = 0</div><div class="gmail_extra">          weight         = 100</div><div class="gmail_extra">          port           = 389</div><div class="gmail_extra">          svr hostname   = <a href="http://ipa01.domain.com">ipa01.domain.com</a></div><div class="gmail_extra"><br></div><div class="gmail_extra"><a href="http://ipa02.ipadomain.com">ipa02.ipadomain.com</a>      internet address = 172.16.50.97</div><div class="gmail_extra"><a href="http://ipa01.ipadomain.com">ipa01.ipadomain.com</a>      internet address = 192.168.12.27</div></div><div class="gmail_extra"><br></div></div>