Author Topic: [SOLVED] nsupdate => update failed: REFUSED  (Read 20693 times)

IntOverflow

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
[SOLVED] nsupdate => update failed: REFUSED
« on: November 18, 2014, 11:49:42 pm »
Hello,

I have a little problem. I installed Zentyal 4.0 (core version 4.0.2) and tried to run Zentyal as additional AD with Windows Server 2012 as primary AD.
  • Web gui shows an error: "The following modules failed while saving their changes, their state is unknown: samba"
  • Log "/var/log/zentyal/zentyal.log":
Code: [Select]
2014/11/18 23:25:13 INFO> GlobalImpl.pm:624 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall samba mail openchange logs
2014/11/18 23:25:13 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: firewall
2014/11/18 23:25:14 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: samba
2014/11/18 23:25:14 INFO> Provision.pm:823 EBox::Samba::Provision::checkAddress - Resolving winservices.mydomain.local to an IP address
2014/11/18 23:25:14 INFO> Provision.pm:843 EBox::Samba::Provision::checkAddress - The DC winservices.mydomain.local has been resolved to 192.168.176.201
2014/11/18 23:25:14 INFO> Provision.pm:846 EBox::Samba::Provision::checkAddress - Checking reverse DNS resolution of '192.168.176.201'...
2014/11/18 23:25:14 INFO> Provision.pm:870 EBox::Samba::Provision::checkAddress - The IP address 192.168.176.201 does not have associated PTR record
2014/11/18 23:25:14 INFO> Provision.pm:769 EBox::Samba::Provision::checkServerReachable - Checking if AD server '192.168.176.201' is online...
2014/11/18 23:25:14 INFO> Provision.pm:879 EBox::Samba::Provision::checkFunctionalLevels - Checking forest and domain functional levels...
2014/11/18 23:25:14 INFO> Provision.pm:907 EBox::Samba::Provision::checkRfc2307 - Checking RFC2307 compliant schema...
2014/11/18 23:25:14 INFO> Provision.pm:788 EBox::Samba::Provision::checkLocalRealmAndDomain - Checking local domain and realm...
2014/11/18 23:25:14 INFO> Provision.pm:981 EBox::Samba::Provision::checkClockSkew - Checking clock skew with AD server...
2014/11/18 23:25:14 INFO> Provision.pm:1002 EBox::Samba::Provision::checkClockSkew - Clock skew below two minutes, should be enough.
2014/11/18 23:25:14 INFO> Provision.pm:688 EBox::Samba::Provision::checkDnsZonesInMainPartition - Checking for old DNS zones stored in main domain partition...
2014/11/18 23:25:14 INFO> Provision.pm:735 EBox::Samba::Provision::checkForestDomains - Checking number of domains inside forest...
2014/11/18 23:25:14 INFO> Provision.pm:941 EBox::Samba::Provision::checkTrustDomainObjects - Checking for domain trust relationships...
2014/11/18 23:25:14 INFO> Provision.pm:1043 EBox::Samba::Provision::checkADServerSite - Checking the site where the specified server is located
2014/11/18 23:25:14 INFO> Provision.pm:1051 EBox::Samba::Provision::checkADServerSite - The specified server has been located at site named Default-First-Site-Name
2014/11/18 23:25:14 INFO> Provision.pm:1068 EBox::Samba::Provision::checkADNebiosName - Checking domain netbios name...
2014/11/18 23:25:14 INFO> Provision.pm:1291 EBox::Samba::Provision::provisionADC - Joining to domain 'mydomain.local' as DC
2014/11/18 23:25:14 INFO> Provision.pm:1304 EBox::Samba::Provision::provisionADC - Trying to get a kerberos ticket for principal 'Administrator@mydomain.LOCAL'
2014/11/18 23:25:14 INFO> Provision.pm:1313 EBox::Samba::Provision::provisionADC - Executing domain join
2014/11/18 23:25:32 INFO> Provision.pm:301 EBox::Samba::Provision::setupKerberos - Setting up kerberos
2014/11/18 23:25:33 INFO> Provision.pm:277 EBox::Samba::Provision::setupDNS - Setting up DNS
2014/11/18 23:25:33 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2014/11/18 23:25:45 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at root command nsupdate -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/uL0BoVgdOn.cmd 2> /var/lib/zentyal/tmp/stderr', 'nsupdate -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm', 512, 'ARRAY(0x8418000)', 'ARRAY(0x2fdf978)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, 'nsupdate -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('nsupdate -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm') called at /usr/share/perl5/EBox/DNS.pm line 926
EBox::DNS::_postServiceHook('EBox::DNS=HASH(0x5772670)', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 980
EBox::Module::Service::_regenConfig('EBox::DNS=HASH(0x5772670)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::DNS=HASH(0x5772670)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 290
EBox::Samba::Provision::setupDNS('EBox::Samba::Provision=HASH(0x72f6ea0)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 1329
eval {...} at /usr/share/perl5/EBox/Samba/Provision.pm line 1290
EBox::Samba::Provision::provisionADC('EBox::Samba::Provision=HASH(0x72f6ea0)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 390
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x72f6ea0)') called at /usr/share/perl5/EBox/Samba.pm line 914
EBox::Samba::_setConfInternal('EBox::Samba=HASH(0x5478800)', undef) called at /usr/share/perl5/EBox/Samba.pm line 870
EBox::Samba::_setConf('EBox::Samba=HASH(0x5478800)') called at /usr/share/perl5/EBox/Module/Base.pm line 995
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x5478800)') called at /usr/share/perl5/EBox/Module/Service.pm line 972
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x5478800)') called at /usr/share/perl5/EBox/Samba.pm line 847
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x5478800)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x5478800)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 656
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 655
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x48be388)', 'progress', 'EBox::ProgressIndicator=HASH(0x2c04fe8)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x48e6d60)', 'progress', 'EBox::ProgressIndicator=HASH(0x2c04fe8)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2014/11/18 23:25:45 INFO> Provision.pm:301 EBox::Samba::Provision::setupKerberos - Setting up kerberos
2014/11/18 23:25:45 INFO> Provision.pm:277 EBox::Samba::Provision::setupDNS - Setting up DNS
2014/11/18 23:25:45 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2014/11/18 23:25:50 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at root command nsupdate -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/ysL224oReP.cmd 2> /var/lib/zentyal/tmp/stderr', 'nsupdate -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm', 512, 'ARRAY(0x8368c58)', 'ARRAY(0x83fa018)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, 'nsupdate -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('nsupdate -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm') called at /usr/share/perl5/EBox/DNS.pm line 926
EBox::DNS::_postServiceHook('EBox::DNS=HASH(0x5772670)', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 980
EBox::Module::Service::_regenConfig('EBox::DNS=HASH(0x5772670)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::DNS=HASH(0x5772670)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 290
EBox::Samba::Provision::setupDNS('EBox::Samba::Provision=HASH(0x72f6ea0)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 1374
EBox::Samba::Provision::provisionADC('EBox::Samba::Provision=HASH(0x72f6ea0)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 390
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x72f6ea0)') called at /usr/share/perl5/EBox/Samba.pm line 914
EBox::Samba::_setConfInternal('EBox::Samba=HASH(0x5478800)', undef) called at /usr/share/perl5/EBox/Samba.pm line 870
EBox::Samba::_setConf('EBox::Samba=HASH(0x5478800)') called at /usr/share/perl5/EBox/Module/Base.pm line 995
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x5478800)') called at /usr/share/perl5/EBox/Module/Service.pm line 972
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x5478800)') called at /usr/share/perl5/EBox/Samba.pm line 847
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x5478800)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x5478800)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 656
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 655
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x48be388)', 'progress', 'EBox::ProgressIndicator=HASH(0x2c04fe8)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x48e6d60)', 'progress', 'EBox::ProgressIndicator=HASH(0x2c04fe8)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2014/11/18 23:25:50 ERROR> GlobalImpl.pm:660 EBox::GlobalImpl::saveAllModules - Failed to save changes in module samba: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2
2014/11/18 23:25:50 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: mail
2014/11/18 23:25:50 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: openchange
2014/11/18 23:25:50 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: logs
2014/11/18 23:25:50 ERROR> GlobalImpl.pm:735 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: samba  at The following modules failed while saving their changes, their state is unknown: samba  at /usr/share/perl5/EBox/GlobalImpl.pm line 735
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x48be388)', 'progress', 'EBox::ProgressIndicator=HASH(0x2c04fe8)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x48e6d60)', 'progress', 'EBox::ProgressIndicator=HASH(0x2c04fe8)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30

  • File: /var/lib/zentyal/tmp/bmjsGbUPfm 
Code: [Select]
                                                             
zone mydomain.local
update delete mydomain.local A
update add mydomain.local 259200 A 192.168.176.50
update delete zentyal.mydomain.local A
update add zentyal.mydomain.local 259200 A 192.168.176.50
update delete mydomain.local MX
update add _kerberos.mydomain.local 259200 TXT mydomain.local
update add _kerberos._tcp.mydomain.local. 259200 SRV 100 100 88 zentyal.mydomain.local
update add _kerberos._udp.mydomain.local. 259200 SRV 100 100 88 zentyal.mydomain.local
update add _kerberos-master._tcp.mydomain.local. 259200 SRV 100 100 88 zentyal.mydomain.local
update add _kerberos-master._udp.mydomain.local. 259200 SRV 100 100 88 zentyal.mydomain.local
update add _kpasswd._tcp.mydomain.local. 259200 SRV 100 100 464 zentyal.mydomain.local
update add _kpasswd._udp.mydomain.local. 259200 SRV 100 100 464 zentyal.mydomain.local
send

  • nsupdate debug
Code: [Select]
root@zentyal:/var/log/zentyal# nsupdate -d -D -l -t 10 /var/lib/zentyal/tmp/bmjsGbUPfm
setup_system()
Creating key...
namefromtext
keycreate
reset_system()
user_interaction()
do_next_command()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
start_update()
send_update()
Sending update to 127.0.0.1#53
show_message()
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  25195
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 12, ADDITIONAL: 1
;; ZONE SECTION:
;mydomain.local. IN SOA

;; UPDATE SECTION:
mydomain.local. 0 ANY A
mydomain.local. 259200 IN A 192.168.176.50
zentyal.mydomain.local. 0 ANY A
zentyal.mydomain.local. 259200 IN A 192.168.176.50
mydomain.local. 0 ANY MX
_kerberos.mydomain.local. 259200 IN TXT "mydomain.local"
_kerberos._tcp.mydomain.local. 259200 IN SRV 100 100 88 zentyal.mydomain.local.
_kerberos._udp.mydomain.local. 259200 IN SRV 100 100 88 zentyal.mydomain.local.
_kerberos-master._tcp.mydomain.local. 259200 IN SRV 100 100 88 zentyal.mydomain.local.
_kerberos-master._udp.mydomain.local. 259200 IN SRV 100 100 88 zentyal.mydomain.local.
_kpasswd._tcp.mydomain.local. 259200 IN SRV 100 100 464 zentyal.mydomain.local.
_kpasswd._udp.mydomain.local. 259200 IN SRV 100 100 464 zentyal.mydomain.local.

;; TSIG PSEUDOSECTION:
local-ddns. 0 ANY TSIG hmac-sha256. 1416350775 300 32 z9DHfbgzShG7mhQ+8OevFgn2DhKc58+eLu7dV3ZGWzU= 25195 NOERROR 0

update_completed()
tsig verification successful
show_message()

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id:  25195
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;mydomain.local. IN SOA

;; TSIG PSEUDOSECTION:
local-ddns. 0 ANY TSIG hmac-sha256. 1416350775 300 32 cZj38CD0vCeREZKbzA4Ssm7HjDfSfngK+IQKd52kof8= 25195 NOERROR 0

done_update()
reset_system()
user_interaction()
cleanup()
detach tsigkey x0x7f59ceb2b0b8
Shutting down task manager
shutdown_program()
Shutting down request manager
Destroy DST lib
Destroying request manager
Freeing the dispatchers
Shutting down dispatch manager
Destroying event
Shutting down socket manager
Shutting down timer manager
Destroying hash context
Destroying name state
Removing log context
Destroying memory context


Please help me :)

Thank you
« Last Edit: December 09, 2014, 03:09:45 pm by IntOverflow »

IntOverflow

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: nsupdate => update failed: REFUSED
« Reply #1 on: November 26, 2014, 08:41:53 pm »
Problem still exists  :'(

The Zentyal AD added sucessfully as additional AD controller, but when it tries to update DNS on Windows Server 2012 R2 (same as main AD) it fails.

Greifi

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: nsupdate => update failed: REFUSED
« Reply #2 on: November 28, 2014, 11:35:42 am »
Hi,

I have the exact same problem  :-[ :

  • Trying to join an existing domain with a Win2012R2 Domain Controller.
  • Domain Functional Level and Forest Functional Level both at Windows2008R2, so that is not the problem.
  • My Zentyal box also seems to have succesfully joined the domain as a domain controller,
     it shows up in "Active Directory Users and Computer => Domain Controller"
  • My Log files show the exact same error information.
  • Same references to files and line numbers, so I skip attaching my log files....
From my understanding  ::) of the log messages it seems to be a problem with DNS.
Bind isn't able to update DNS records.

  • Is it a configuration problem on the side of the Windows DNS Server?
  • Do I have to configure something, so that BIND can update records?
I already experimented a little with the Microsoft DNS Server settings, but problem persists.

I connected several Linux Samba 4 boxes to my domain before, (mostly based on CentOS) and I know it worked.
Though I have to admit that the most painless way was to use the internal DNS backend of Samba4.

Is there a way to make Zentyal use the samba4 internal dns backend??  ???

Other possibility might be, that zentyal ignores that DNS update error.
So that the Domain and Users modules work at least.
Zentyal DNS would still get the DNS updates from the Windows Servers, just isn't able to update DNS records itself.
Then when it runs, and is connected to the domain, it could takeover the fsmo roles and then the DNS update issue wouldn't be a problem anymore, since the Windows Servers aren't SOA (source of authority) anymore.

Just a thought.  :-\

I would love to make it work with Zentyal to use the easy intergration of Exchange features,
currently I don't have enough time to configure OpenChange from scratch.

Thank You
 :P
Matthias

IntOverflow

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: nsupdate => update failed: REFUSED
« Reply #3 on: November 29, 2014, 04:49:51 pm »
I'm sorry for you, but I'm glad that I'm not alone with this problem. I hope there is someone who has a solution for this problem.

IntOverflow

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: nsupdate => update failed: REFUSED
« Reply #4 on: December 05, 2014, 10:04:39 am »
The new update solved this problem.

woznyak

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] nsupdate => update failed: REFUSED
« Reply #5 on: December 23, 2014, 07:32:38 pm »
Hi!
What do you think? What version of update will solve this problem?
my version of zentyal-core is 4.0.5, zentyal-dns is 4.0.1 and zentyal-samba is 4.0.5.
I have this problem too.

IntOverflow

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] nsupdate => update failed: REFUSED
« Reply #6 on: December 23, 2014, 10:32:49 pm »
I'm sorry for you!

It's been days since I've tested the Zentyal server. But 3 weeks ago, it works with my PDC (but there were still a lot of bugs). When I find some time, I will test it again.

Can you post your log?
Can you tell me your system configuration (Windows Server, DNS Server, extern DC...)

woznyak

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] nsupdate => update failed: REFUSED
« Reply #7 on: December 24, 2014, 12:44:13 pm »
Hi!
Thanks for your reply.

My Zentyal 4.0 is up to date.

PDC on Windows Server 2008R2
DNS - Windows Internal

The last time I ran commands
unconfigure-module samba
unconfigure-module dns

Then I tried to change my server role to Additional domain controller again but I still have the same error about insufficient rights to update dns via key local-ddns. Zentyal.log in attachments.

woznyak

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] nsupdate => update failed: REFUSED
« Reply #8 on: December 24, 2014, 12:49:53 pm »
in syslog you can see named logs.

woznyak

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] nsupdate => update failed: REFUSED
« Reply #9 on: December 26, 2014, 06:04:07 pm »
if I removed from command nsupdate -l -t 10 /var/lib/zentyal/tmp/tempfile substring "-l"
in syslog I cannot see any error messages from named but in zentyal.log still the same error REFUSED.
why???

g4dcp

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: nsupdate => update failed: REFUSED
« Reply #10 on: December 28, 2014, 11:27:43 pm »
Please could someone reply clearly as to how to fix this problem?

I am using the latest version downloaded tonight from the website. V 4.0.5

I am getting nsupdate -l -t 10 /var/lib/zentyal/tmp/HimFrGMZPU

update failed: REFUSED

Please how do I progress this:-

2014/12/28 22:19:26 INFO> Provision.pm:300 EBox::Samba::Provision::setupKerberos - Setting up kerberos
2014/12/28 22:19:26 INFO> Provision.pm:277 EBox::Samba::Provision::setupDNS - Setting up DNS
2014/12/28 22:19:26 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2014/12/28 22:19:28 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/9_0UXDoZnP failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at root command nsupdate -l -t 10 /var/lib/zentyal/tmp/9_0UXDoZnP failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/UjNAESwavA.cmd 2> /var/lib/zentyal/tmp/stderr', 'nsupdate -l -t 10 /var/lib/zentyal/tmp/9_0UXDoZnP', 512, 'ARRAY(0x63cf600)', 'ARRAY(0x63cf420)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, 'nsupdate -l -t 10 /var/lib/zentyal/tmp/9_0UXDoZnP') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('nsupdate -l -t 10 /var/lib/zentyal/tmp/9_0UXDoZnP') called at /usr/share/perl5/EBox/DNS.pm line 926
EBox::DNS::_postServiceHook('EBox::DNS=HASH(0x3aca7c8)', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 980
EBox::Module::Service::_regenConfig('EBox::DNS=HASH(0x3aca7c8)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::DNS=HASH(0x3aca7c8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 290
EBox::Samba::Provision::setupDNS('EBox::Samba::Provision=HASH(0x5f691a8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 1375
EBox::Samba::Provision::provisionADC('EBox::Samba::Provision=HASH(0x5f691a8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 391
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x5f691a8)') called at /usr/share/perl5/EBox/Samba.pm line 929
EBox::Samba::_setConfInternal('EBox::Samba=HASH(0x3dd8d30)', undef) called at /usr/share/perl5/EBox/Samba.pm line 884
EBox::Samba::_setConf('EBox::Samba=HASH(0x3dd8d30)') called at /usr/share/perl5/EBox/Module/Base.pm line 995
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x3dd8d30)') called at /usr/share/perl5/EBox/Module/Service.pm line 972
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x3dd8d30)') called at /usr/share/perl5/EBox/Samba.pm line 861
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x3dd8d30)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x3dd8d30)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 656
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 655
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x2f23310)', 'progress', 'EBox::ProgressIndicator=HASH(0x121c9a0)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x2f491e8)', 'progress', 'EBox::ProgressIndicator=HASH(0x121c9a0)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2014/12/28 22:19:28 ERROR> GlobalImpl.pm:660 EBox::GlobalImpl::saveAllModules - Failed to save changes in module samba: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/9_0UXDoZnP failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2
2014/12/28 22:19:28 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: logs
2014/12/28 22:19:28 ERROR> GlobalImpl.pm:735 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: samba  at The following modules failed while saving their changes, their state is unknown: samba  at /usr/share/perl5/EBox/GlobalImpl.pm line 735
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x2f23310)', 'progress', 'EBox::ProgressIndicator=HASH(0x121c9a0)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x2f491e8)', 'progress', 'EBox::ProgressIndicator=HASH(0x121c9a0)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30

Any help appreciated!
« Last Edit: December 29, 2014, 11:58:33 am by g4dcp »

g4dcp

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: nsupdate => update failed: REFUSED
« Reply #11 on: December 28, 2014, 11:34:50 pm »
Added nsupdate debug:-

root@zentyaldc:/var/log/zentyal# nsupdate -D -l -t 10 /var/lib/zentyal/tmp/6FsQasnf9a
setup_system()
Creating key...
namefromtext
keycreate
reset_system()
user_interaction()
do_next_command()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
start_update()
send_update()
Sending update to 127.0.0.1#53
show_message()
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  59430
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 12, ADDITIONAL: 1
;; ZONE SECTION:
;phull.myip.org.                        IN      SOA

;; UPDATE SECTION:
phull.myip.org.         0       ANY     A
phull.myip.org.         259200  IN      A       192.168.0.83
zentyaldc.phull.myip.org. 0     ANY     A
zentyaldc.phull.myip.org. 259200 IN     A       192.168.0.83
phull.myip.org.         0       ANY     MX
_kerberos.phull.myip.org. 259200 IN     TXT     "phull.myip.org"
_kerberos._tcp.phull.myip.org. 259200 IN SRV    100 100 88 zentyaldc.phull.myip.org.
_kerberos._udp.phull.myip.org. 259200 IN SRV    100 100 88 zentyaldc.phull.myip.org.
_kerberos-master._tcp.phull.myip.org. 259200 IN SRV 100 100 88 zentyaldc.phull.myip.org.
_kerberos-master._udp.phull.myip.org. 259200 IN SRV 100 100 88 zentyaldc.phull.myip.org.
_kpasswd._tcp.phull.myip.org. 259200 IN SRV     100 100 464 zentyaldc.phull.myip.org.
_kpasswd._udp.phull.myip.org. 259200 IN SRV     100 100 464 zentyaldc.phull.myip.org.

;; TSIG PSEUDOSECTION:
local-ddns.             0       ANY     TSIG    hmac-sha256. 1419805939 300 32 fZJOD6CdZPYARMa32L52NtqEzYd+OqGwWzURGg+if9A= 59430 NOERROR 0

update_completed()
tsig verification successful
show_message()

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id:  59430
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;phull.myip.org.                        IN      SOA

;; TSIG PSEUDOSECTION:
local-ddns.             0       ANY     TSIG    hmac-sha256. 1419805939 300 32 HzoE/WujCk048wuo8YrxQEXNNmyCfc14hLFrwIUmrRc= 59430 NOERROR 0

done_update()
reset_system()
user_interaction()
cleanup()
detach tsigkey x0x7f53592670b8
Shutting down task manager
shutdown_program()
Shutting down request manager
Destroy DST lib
Destroying request manager
Freeing the dispatchers
Shutting down dispatch manager
Destroying event
Shutting down socket manager
Shutting down timer manager
Destroying hash context
Destroying name state
Removing log context
Destroying memory context
« Last Edit: December 29, 2014, 11:58:46 am by g4dcp »

g4dcp

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] nsupdate => update failed: REFUSED
« Reply #12 on: December 29, 2014, 12:19:26 pm »
New thread started please ignore my messages in this thread.

IntOverflow

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] nsupdate => update failed: REFUSED
« Reply #13 on: December 29, 2014, 04:20:08 pm »
Sorry, I have no idea how to help you. I've installed zentyal the last days without problems. (As additional domain controller, the pdc is a Win2012 with domain level 2008)

g4dcp

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] nsupdate => update failed: REFUSED
« Reply #14 on: December 29, 2014, 10:30:03 pm »
Thanks for the comment and I'm glad it worked for you!

I just hope someone knows the answer.