I am using Zentyal 3.3.2 as a sole domain controller in a network of Windows 7 Pro SP1 clients. I am trying to also use it to do Group Policy, but when I run gpupdate I get the following error on the Windows 7 workstations:
The processing of Group Policy failed because of lack of network connectivity to
a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
I'm able to log into the domain, access shares, and I can connect with RSAT. I ran dcdiag from one of the Windows 7 workstations and received the following results:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GRANVILLE-SERVE
Starting test: Connectivity
......................... GRANVILLE-SERVE passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GRANVILLE-SERVE
Starting test: Replications
......................... GRANVILLE-SERVE passed test Replications
Starting test: NCSecDesc
......................... GRANVILLE-SERVE passed test NCSecDesc
Starting test: NetLogons
......................... GRANVILLE-SERVE passed test NetLogons
Starting test: Advertising
Server GRANVILLE-SERVE is advertising as a global catalog, but
it could not be verified that the server thought it was a GC.
......................... GRANVILLE-SERVE failed test Advertising
Starting test: KnowsOfRoleHolders
......................... GRANVILLE-SERVE passed test KnowsOfRoleHolders
Starting test: RidManager
......................... GRANVILLE-SERVE passed test RidManager
Starting test: MachineAccount
......................... GRANVILLE-SERVE passed test MachineAccount
Starting test: Services
Could not open Dnscache Service on [GRANVILLE-SERVE]:failed with 8: Not enough storage is available to process this command.
Could not open NtFrs Service on [GRANVILLE-SERVE]:failed with 8: Not enough storage is available to process this command.
Could not open IsmServ Service on [GRANVILLE-SERVE]:failed with 8: Not enough storage is available to process this command.
Could not open kdc Service on [GRANVILLE-SERVE]:failed with 8: Not enough storage is available to process this command.
Could not open SamSs Service on [GRANVILLE-SERVE]:failed with 8: Not enough storage is available to process this command.
Could not open LanmanServer Service on [GRANVILLE-SERVE]:failed with 8: Not enough storage is available to process this command.
Could not open LanmanWorkstation Service on [GRANVILLE-SERVE]:failed with 8: Not enough storage is available to process this command.
Could not open RpcSs Service on [GRANVILLE-SERVE]:failed with 8: Not enough storage is available to process this command.
Could not open w32time Service on [GRANVILLE-SERVE]:failed with 8: Not enough storage is available to process this command.
......................... GRANVILLE-SERVE failed test Services
Starting test: ObjectsReplicated
Failed to read object metadata on GRANVILLE-SERVE, error The request is not supported.
Failed to read object metadata on GRANVILLE-SERVE, error The request is not supported.
......................... GRANVILLE-SERVE passed test ObjectsReplicated
Starting test: frssysvol
The SysVol is not ready. This can cause the DC to not advertise
itself as a DC for netlogon after dcpromo. Also trouble with FRS
SysVol replication can cause Group Policy problems. Check the FRS
event log on this DC.
......................... GRANVILLE-SERVE failed test frssysvol
Starting test: frsevent
Error 161 opening FRS eventlog \\GRANVILLE-SERVE:File Replication Service:
The specified path is invalid.
......................... GRANVILLE-SERVE failed test frsevent
Starting test: kccevent
Error 161 opening FRS eventlog \\GRANVILLE-SERVE:Directory Service:
The specified path is invalid.
Failed to enumerate event log records, error The specified path is invalid.
......................... GRANVILLE-SERVE failed test kccevent
Starting test: systemlog
Error 161 opening FRS eventlog \\GRANVILLE-SERVE:System:
The specified path is invalid.
Failed to enumerate event log records, error The specified path is invalid.
......................... GRANVILLE-SERVE failed test systemlog
Starting test: VerifyReferences
Some objects relating to the DC GRANVILLE-SERVE have problems:
[1] Problem: Missing Expected Value
Base Object:
CN=GRANVILLE-SERVE,OU=Domain Controllers,DC=zentyal-domain,DC=lan
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN=GRANVILLE-SERVE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zentyal-domain,DC=lan
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... GRANVILLE-SERVE failed test VerifyReferences
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : zentyal-domain
Starting test: CrossRefValidation
......................... zentyal-domain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... zentyal-domain passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
The application directory partition
DC=DomainDnsZones,DC=zentyal-domain,DC=lan is missing a security
descriptor reference domain. The administrator should set the
msDS-SD-Reference-Domain attribute on the cross reference object
CN=4be619ed-c49a-4c27-bf3f-b7d4a9ab6b33,CN=Partitions,CN=Configuration,DC=zentyal-domain,DC=lan
to the DN of a domain.
......................... DomainDnsZones failed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
The application directory partition
DC=ForestDnsZones,DC=zentyal-domain,DC=lan is missing a security
descriptor reference domain. The administrator should set the
msDS-SD-Reference-Domain attribute on the cross reference object
CN=25400d83-e387-4213-8cb4-21f2028f5b7e,CN=Partitions,CN=Configuration,DC=zentyal-domain,DC=lan
to the DN of a domain.
......................... ForestDnsZones failed test CheckSDRefDom
Running enterprise tests on : zentyal-domain.lan
Starting test: Intersite
......................... zentyal-domain.lan passed test Intersite
Starting test: FsmoCheck
Error: The server returned by DsGetDcName() did not match DsListRoles() for the PDC
......................... zentyal-domain.lan passed test FsmoCheck
I then checked /var/log/zentyal/zentyal.log and found some error messages that appear to be related because they occur when I run gpupdate on the Win7 workstations:
2013/12/20 16:51:50 INFO> Group.pm:188 EBox::Samba::Group::addToZentyal - Adding samba group 'Users' to Zentyal
2013/12/20 16:51:50 DEBUG> Samba.pm:2398 EBox::Samba::ldbObjectByObjectGUID - Missing argument: objectGUID at Trace begun at /usr/share/perl5/EBox/Exceptions/Base.pm line 79
EBox::Exceptions::Base::stacktrace('EBox::Exceptions::MissingArgument=HASH(0x4810df0)') called at /usr/share/perl5/EBox/Exceptions/Base.pm line 119
EBox::Exceptions::Base::log('EBox::Exceptions::MissingArgument=HASH(0x4810df0)') called at /usr/share/perl5/EBox/Exceptions/External.pm line 43
EBox::Exceptions::External::new('EBox::Exceptions::MissingArgument', 'Missing argument: objectGUID') called at /usr/share/perl5/EBox/Exceptions/MissingArgument.pm line 50
EBox::Exceptions::MissingArgument::new('EBox::Exceptions::MissingArgument', 'objectGUID') called at /usr/share/perl5/EBox/Exceptions/Base.pm line 91
EBox::Exceptions::Base::throw('EBox::Exceptions::MissingArgument', 'objectGUID') called at /usr/share/perl5/EBox/Samba.pm line 2398
EBox::Samba::ldbObjectByObjectGUID('EBox::Samba=HASH(0x45e5e80)') called at /usr/share/perl5/EBox/Users.pm line 1381
EBox::Users::groupExists('EBox::Users=HASH(0x447f378)', 'Users') called at /usr/share/perl5/EBox/Users/Group.pm line 525
EBox::Users::Group::create('EBox::Users::Group', 'name', 'Users', 'parent', 'EBox::Users::OU=HASH(0x482d4e8)', 'isSecurityGroup', 1, 'ignoreMods', 'ARRAY(0x47bdc08)', 'description', 'Users are prevented from making accidental or intentional system-wide changes and can run most applications', 'gidNumber', 3000009, 'isSystemGroup', '', 'isInternal', 1) called at /usr/share/perl5/EBox/Samba/Group.pm line 216
eval {...} at /usr/share/perl5/EBox/Samba/Group.pm line 189
EBox::Samba::Group::addToZentyal('EBox::Samba::Group=HASH(0x4717a88)') called at /usr/share/zentyal-samba/s4sync line 248
eval {...} at /usr/share/zentyal-samba/s4sync line 247
2013/12/20 16:51:50 ERROR> Group.pm:225 EBox::Samba::Group::addToZentyal - Error loading group 'Users': Missing argument: objectGUID
What do I need to do to get this/these errors resolved? Any input and advice is much appreciated.