Recent Posts
91
News and Announcements / Re: Zentyal 7.0 available!
« Last post by Mittelerde on July 19, 2023, 02:25:12 pm »GREAT - Thank you - i install it right now and hope the install works better.
A big thanks to the Zentyal Team
A big thanks to the Zentyal Team
92
German / Re: Login in die Domäne plötzlich nicht mehr möglich, betrifft aber nur einen Client
« Last post by Mittelerde on July 19, 2023, 02:24:09 pm »Hallo,
einfache Frage:
Stimmt das Datum und die Uhrzeit beim neuen Client ?
einfache Frage:
Stimmt das Datum und die Uhrzeit beim neuen Client ?
93
Directory and Authentication / Re: Login into domain suddenly not possible anymore, but only from a single client
« Last post by Zorus on July 19, 2023, 10:37:59 am »It was not the exact same update, because the client runs on Win10 not Win11, but deinstalling the latest update (KB5028166) fixed the issue!
So what now? Is there any info on whether or not this issues is going to be fixed? Is it going to be from the Windows-side, which would of course be the best for me, as i could continue with the windows-updates then.
If not, this would mean that I have to upgrade my server or setting it up from scratch. Is there a Guide on how to go from such an old Version as mine (2.x) to the most recent (7.x). Like can I set up everything on a new server and then just reimport the user-profiles and file-shares?
Any further help is much appreciated!
Greetings, Zorus
So what now? Is there any info on whether or not this issues is going to be fixed? Is it going to be from the Windows-side, which would of course be the best for me, as i could continue with the windows-updates then.
If not, this would mean that I have to upgrade my server or setting it up from scratch. Is there a Guide on how to go from such an old Version as mine (2.x) to the most recent (7.x). Like can I set up everything on a new server and then just reimport the user-profiles and file-shares?
Any further help is much appreciated!
Greetings, Zorus
94
Directory and Authentication / [SOLVED] 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE
« Last post by chris.holmes on July 19, 2023, 01:47:18 am »Description:
Zentyal 6.1.6 - Ubuntu 18.04.6 LTS
Modules - Network, Firewall, DNS, Logs, NTP, Domain Controller and File Sharing
System is apt-get updated and apt-get upgraded
Production Level Domain Controller only. 75 user license. 73 user accounts.
Running in a VM on an Unraid server that is not part of the domain.
Windows 10 computers joined to domain.
Other Unraid servers joined to domain as file servers.
No ebox packages.
Domain Controller is rebooted weekly and has been running flawlessly for over 2 years.
Hypothesis
Domain based issues with computer to computer authentication.
Specifics:
- Mounting a Windows Share <REMOTE COMPUTER> from a Slackware Linux based (Unraid) <SERVER> no longer works.
- Has been working for close to 2 years until now.
SYSLOG from Unraid Server
<SERVER> kernel: CIFS: Attempting to mount \\<REMOTE COMPUTER>\ServerData
<SERVER> kernel: CIFS: Status code returned 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE
<SERVER> kernel: CIFS: VFS: \\<REMOTE COMPUTER> Send error in SessSetup = -5
<SERVER> kernel: CIFS: VFS: cifs_mount failed w/return code = -5
<SERVER> unassigned.devices: SMB 3.1.1 mount failed: 'mount error(5): Input/output error
The mounting script goes through SMB 3.0, 2.0 and 1.0 with the same error.
Lookup up this error:
0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE
Comes up with this description.
The logon request failed because the trust relationship between this workstation and the primary domain failed.
Troubleshooting
Removing a couple of computers/servers from the domain and rejoining it doesn't fix this.
The same <REMOTE COMPUTER> (Windows 10) can connect to the Slackware Linux (Unraid) SMB share with no issues.
Two other Unraid servers with different versions of Unraid have the same issue.
Trying to manually make the connection from the command line generate the same error.
Non specific error code issues that might be related.
- Windows Remote Assistance stopped working unless initiated by end user.
- Been all through the Firewall issues.
- Remote Desktop does work.
- USB shared printer are acting like they are only capable of one way communication.
- Adding a shared USB printer works fine.
- Label printers that don't require bi-directional communication work.
- Been through all the Firewall is not the issues.
Things I've Done:
- do-release-upgrade caused a major issue. Failed to enable the MySQL service during upgrade. Failed. Revereted VM to previous state.
- Posted this in the Unraid forms as well.
- Looking for info on how to upgrade Zentyal to 6.2 or beyond and/or which order to upgrade the Ubuntu LTS Release.
- Creating a test envionment for this VM tomorrow.
Please request any info you may need to help solve this. Thank you.
Win 10 update (KB5028166) - uninstalland re-apply - Fixed all my issues
Note: uninstalling the update then rebooting the system triggered installing the update before the login screen.
FALSE This did not happen. The update was removed and stayed removed, but it looks like it will re-install on the next run of Windows Update.
This has to do with a SAMBA bug. https://forum.zentyal.org/index.php/topic,35598.0.html
Fixed the following issues I was having.
- Unraid mounting an SMB share on a Window 10 Workstation
- Remote Assistance now works when initiated remotely
- Shared bi-directional USB laser printer now works from remote workstations
The Actual Samba Bug - https://bugzilla.samba.org/show_bug.cgi?id=15418
SOLVED-ISH - There is no fix for Samba for Ubuntu 18.04.6 yet. Don't reapply KB5028166 until there is.
SOLVED Patch for 18.04 LTS Bionic - https://launchpad.net/~ahasenack/+archive/ubuntu/samba-kb5028166/
Zentyal 6.1.6 - Ubuntu 18.04.6 LTS
Modules - Network, Firewall, DNS, Logs, NTP, Domain Controller and File Sharing
System is apt-get updated and apt-get upgraded
Production Level Domain Controller only. 75 user license. 73 user accounts.
Running in a VM on an Unraid server that is not part of the domain.
Windows 10 computers joined to domain.
Other Unraid servers joined to domain as file servers.
No ebox packages.
Domain Controller is rebooted weekly and has been running flawlessly for over 2 years.
Hypothesis
Domain based issues with computer to computer authentication.
Specifics:
- Mounting a Windows Share <REMOTE COMPUTER> from a Slackware Linux based (Unraid) <SERVER> no longer works.
- Has been working for close to 2 years until now.
SYSLOG from Unraid Server
<SERVER> kernel: CIFS: Attempting to mount \\<REMOTE COMPUTER>\ServerData
<SERVER> kernel: CIFS: Status code returned 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE
<SERVER> kernel: CIFS: VFS: \\<REMOTE COMPUTER> Send error in SessSetup = -5
<SERVER> kernel: CIFS: VFS: cifs_mount failed w/return code = -5
<SERVER> unassigned.devices: SMB 3.1.1 mount failed: 'mount error(5): Input/output error
The mounting script goes through SMB 3.0, 2.0 and 1.0 with the same error.
Lookup up this error:
0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE
Comes up with this description.
The logon request failed because the trust relationship between this workstation and the primary domain failed.
Troubleshooting
Removing a couple of computers/servers from the domain and rejoining it doesn't fix this.
The same <REMOTE COMPUTER> (Windows 10) can connect to the Slackware Linux (Unraid) SMB share with no issues.
Two other Unraid servers with different versions of Unraid have the same issue.
Trying to manually make the connection from the command line generate the same error.
Non specific error code issues that might be related.
- Windows Remote Assistance stopped working unless initiated by end user.
- Been all through the Firewall issues.
- Remote Desktop does work.
- USB shared printer are acting like they are only capable of one way communication.
- Adding a shared USB printer works fine.
- Label printers that don't require bi-directional communication work.
- Been through all the Firewall is not the issues.
Things I've Done:
- do-release-upgrade caused a major issue. Failed to enable the MySQL service during upgrade. Failed. Revereted VM to previous state.
- Posted this in the Unraid forms as well.
- Looking for info on how to upgrade Zentyal to 6.2 or beyond and/or which order to upgrade the Ubuntu LTS Release.
- Creating a test envionment for this VM tomorrow.
Please request any info you may need to help solve this. Thank you.
Win 10 update (KB5028166) - uninstall
FALSE This did not happen. The update was removed and stayed removed, but it looks like it will re-install on the next run of Windows Update.
This has to do with a SAMBA bug. https://forum.zentyal.org/index.php/topic,35598.0.html
Fixed the following issues I was having.
- Unraid mounting an SMB share on a Window 10 Workstation
- Remote Assistance now works when initiated remotely
- Shared bi-directional USB laser printer now works from remote workstations
The Actual Samba Bug - https://bugzilla.samba.org/show_bug.cgi?id=15418
SOLVED Patch for 18.04 LTS Bionic - https://launchpad.net/~ahasenack/+archive/ubuntu/samba-kb5028166/
96
Directory and Authentication / Re: Login into domain suddenly not possible anymore, but only from a single client
« Last post by turalyon on July 18, 2023, 05:06:21 pm »Check the following link out. It seems you are affected by a bug in Samba.
- https://github.com/zentyal/zentyal/issues/2132
—
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
- https://github.com/zentyal/zentyal/issues/2132
—
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
97
Directory and Authentication / How can I change a user's SID value
« Last post by jchoi on July 18, 2023, 03:29:33 pm »I'm in the process of rebuilding my Windows Server Active Directory user accounts on a Stand Alone Zentyal primary server because over time lots of junk accounts and groups and GPO have piled on to the AD. I have created a powershell script that can add a new user with all the attributes that I want to include using LDAP protocol but one and the most important attribute that I cannot set or even update is the Security Identifier (SID), alias name objectSID. Everytime I try to set or change the value I always get a error message stating that the server is unwilling to make the change.
I have to be able to set this attribute value to match the value existing in the Windows Active Directory server because if this value changes than every user will get a new Windows user profile created when they sign into their computer with their Windows domain account.
How can I set the SID attribute to a value I need instead of the system auto creating a new value?
I have to be able to set this attribute value to match the value existing in the Windows Active Directory server because if this value changes than every user will get a new Windows user profile created when they sign into their computer with their Windows domain account.
How can I set the SID attribute to a value I need instead of the system auto creating a new value?
98
Installation and Upgrades / Total migration from Windows Server 2012 R2 to Zentyal Server
« Last post by jchoi on July 18, 2023, 03:10:11 pm »I've read in the Zentyal 7 document that you can only do a total migration to Zentyal server only up to Windows Server 2008, is this true? I am currently running Windows Server 2012 R2 and want to completely get rid of the Windows server and only run Zentyal server as my Domain controller to run DHCP, DNS, and Active Directory services.
Can someone please tell me if I can do this?
Can someone please tell me if I can do this?
99
German / Login in die Domäne plötzlich nicht mehr möglich, betrifft aber nur einen Client
« Last post by Zorus on July 18, 2023, 02:22:53 pm »Guten Tag,
Ich verwalte ein altes System (Server + ein paar Clients für Filesharing) von Zentyal Version 2 (ich weiß... alt, aber es funktioniert^^)
Gestern konnte sich einer der Clients (auf denen Windows 10 läuft) plötzlich nicht mehr in der Domäne anmelden. Ich bekam immer die Meldung: "Die Vertrauensstellung zwischen dieser Arbeitsstation und der primären Domäne konnte nicht hergestellt werden"
Nach der Google-Suche schien es ein einfaches Problem zu sein, aber alles, was ich von den Suchergebnissen versucht habe, hat es nicht gelöst. Dazu gehörten:
- Zurücksetzen des Passworts des Clients
- Ändern des Namens des PC-Clients
- Entfernen des Clients aus der Domäne und erneutes Beitreten in diese (mehrmals)
Was auch immer ich tue, das Vertrauen zwischen dem Client und der Domain kann nicht wiederhergestellt werden. Ich kann mich problemlos von anderen Clients aus in das Profil einloggen, nur dieser kann das nicht mehr. Ich kann der Domäne ohne Probleme mit dem Client beitreten, kann mich aber danach mit keinem Profil mehr anmelden.
Ideen zur Lösung dieses Problems wären sehr willkommen!
Vielen Dank schonmal und liebe Grüße
Zorus
Ich verwalte ein altes System (Server + ein paar Clients für Filesharing) von Zentyal Version 2 (ich weiß... alt, aber es funktioniert^^)
Gestern konnte sich einer der Clients (auf denen Windows 10 läuft) plötzlich nicht mehr in der Domäne anmelden. Ich bekam immer die Meldung: "Die Vertrauensstellung zwischen dieser Arbeitsstation und der primären Domäne konnte nicht hergestellt werden"
Nach der Google-Suche schien es ein einfaches Problem zu sein, aber alles, was ich von den Suchergebnissen versucht habe, hat es nicht gelöst. Dazu gehörten:
- Zurücksetzen des Passworts des Clients
- Ändern des Namens des PC-Clients
- Entfernen des Clients aus der Domäne und erneutes Beitreten in diese (mehrmals)
Was auch immer ich tue, das Vertrauen zwischen dem Client und der Domain kann nicht wiederhergestellt werden. Ich kann mich problemlos von anderen Clients aus in das Profil einloggen, nur dieser kann das nicht mehr. Ich kann der Domäne ohne Probleme mit dem Client beitreten, kann mich aber danach mit keinem Profil mehr anmelden.
Ideen zur Lösung dieses Problems wären sehr willkommen!
Vielen Dank schonmal und liebe Grüße
Zorus
100
Directory and Authentication / Login into domain suddenly not possible anymore, but only from a single client
« Last post by Zorus on July 18, 2023, 02:18:54 pm »Greetings,
I´m managing an old system (server + a few clients for filesharing) of zentyal version 2 (i know...ancient, but it works^^)
Yesterday, one of the clients (they run windows 10) suddenly could not log in the domain anymore. I always got the message (german: Die vertrauensstellung zwischen dieser Arbeitsstation und der primären Domäne konnte nicht hergestellt werden)...in english "The trust relationship between this workstation and the primary domain could not be established"
after searching google it seemed to be an easy issue, but everything i tried from the search results didnt solve it. This included:
- resetting the password of the client
- changing the name of the PC client
- removing the client from the domain and join it back into it (multiple times)
whatever i do, the trust between the client and the domain cannot be regained. I can log into the profile just fine from other clients, its just this one that cannot do it anymore. I can join the domain with the client with no issues but i cant login with any profile afterwards.
Ideas to solve this would be very much appreciated!
Greetings from Germany
Zorus
I´m managing an old system (server + a few clients for filesharing) of zentyal version 2 (i know...ancient, but it works^^)
Yesterday, one of the clients (they run windows 10) suddenly could not log in the domain anymore. I always got the message (german: Die vertrauensstellung zwischen dieser Arbeitsstation und der primären Domäne konnte nicht hergestellt werden)...in english "The trust relationship between this workstation and the primary domain could not be established"
after searching google it seemed to be an easy issue, but everything i tried from the search results didnt solve it. This included:
- resetting the password of the client
- changing the name of the PC client
- removing the client from the domain and join it back into it (multiple times)
whatever i do, the trust between the client and the domain cannot be regained. I can log into the profile just fine from other clients, its just this one that cannot do it anymore. I can join the domain with the client with no issues but i cant login with any profile afterwards.
Ideas to solve this would be very much appreciated!
Greetings from Germany
Zorus