Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: dashwell on October 03, 2022, 09:47:43 pm
-
My Zentyal box is no longer seeing the other servers for replication. If I go through samba-tools drs show-repl it reports it can't see the KDC servers on the domain controller.
Please can someone help me
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:hangarserver.dummy.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name hangarserver.dummy.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name hangarserver.dummy.local<0x20>
Cannot reach a KDC we require to contact (null) : kinit for HANGARSERVER$@dummy.local failed (Cannot contact any KDC for requested realm)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/HANGARSERVER.dummy.local failed (next[ntlmssp]): NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
resolve_lmhosts: Attempting lmhosts lookup for name hangarserver.dummy.local<0x20>
Cannot reach a KDC we require to contact (null) : kinit for HANGARSERVER$@dummy.local failed (Cannot contact any KDC for requested realm)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/hangarserver.dummy.local failed (next[ntlmssp]): NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Default-First-Site-Name\HANGARSERVER
DSA Options: 0x00000001
DSA object GUID: a14123e4-7784-4b37-bcc3-21a705a98a31
DSA invocationId: 86acb60f-bc0d-48ff-8686-a4929a99662c
==== INBOUND NEIGHBORS ====
CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:00:53 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
13313 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:02:39 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
15187 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
CN=Schema,CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:04:24 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
101163 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
DC=DomainDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:06:09 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
13452 consecutive failure(s).
Last success @ Fri Dec 17 15:02:31 2021 SAST
DC=ForestDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 17:59:08 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
13314 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
==== OUTBOUND NEIGHBORS ====
CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:24:29 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
448611 consecutive failure(s).
Last success @ Wed Jan 12 11:33:36 2022 SAST
DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:25:09 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
828531 consecutive failure(s).
Last success @ Wed Jan 12 12:21:00 2022 SAST
CN=Schema,CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:25:49 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
43778 consecutive failure(s).
Last success @ Mon Feb 28 05:53:29 2022 SAST
DC=DomainDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:23:08 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
829934 consecutive failure(s).
Last success @ Wed Jan 12 11:33:35 2022 SAST
DC=ForestDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:23:48 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
816051 consecutive failure(s).
Last success @ Wed Jan 12 11:33:36 2022 SAST
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 8d40d461-5748-416f-ba56-453127e5f850
Enabled : TRUE
Server DNS name : SERVER.dummy.local
Server DN name : CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dummy,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
-
Hi,
If you are using Zentyal 6.2 or 7.0, run the following script to get a system report and pay special attention to the Domain controller output:
sudo /usr/share/zentyal/smart-admin-report
NOTE: If you want to post the output here, make sure that your rename the sensitive information that the report might have.
However, according to the output, it seems that you do not have any additional domain controller in your environment.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
-
Hi guys,
What are your symptoms on this issue, meaning I did an 22H2 upgrade on a Windows11 joined machine connected to Zentyal 7.0. After that I get the message that my username and password isn't correct. Machines which couldn't update don't have theses problems. Myself and also my clients do run many Windows11 machines so this is a big problem at the moment. Is that related?
Chris
-
Hi,
If you are using Zentyal 6.2 or 7.0, run the following script to get a system report and pay special attention to the Domain controller output:
sudo /usr/share/zentyal/smart-admin-report
NOTE: If you want to post the output here, make sure that your rename the sensitive information that the report might have.
However, according to the output, it seems that you do not have any additional domain controller in your environment.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
Good Day, Sorry that this reply has been so long...
This was a server joined to an existing AD DOMAIN to be part of the domain servers group.
here is that report.
Subject: System report
##################
# GENERAL CHECKS #
##################
########
## Hostname
########
hangarserver.js.local
########
## Hosts
########
127.0.0.1 localhost.localdomain localhost
#127.0.1.1 hangarserver.js.local hangarserver
192.168.100.2 hangarserver.js.local hangarserver
192.168.0.1 server.js.local server
192.168.0.247 server1.js.local server1
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
########
## Resolv
########
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# and managed by Zentyal.
#
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#
nameserver 127.0.0.1
search js.local
########
## Version of Zentyal and Ubuntu
########
Zentyal 6.1.6
Ubuntu 18.04.6 LTS
########
## Zentyal's modules installed
########
ii zentyal-core 6.1.6
ii zentyal-dns 6.1.2
ii zentyal-firewall 6.1
ii zentyal-network 6.1.1
ii zentyal-ntp 6.1
ii zentyal-samba 6.1.2
ii zentyal-software 6.1.1
########
## Modules which are enabled
########
Zentyal module network: [ ENABLED ]
Zentyal module firewall: [ DISABLED ]
Zentyal module audit: [ DISABLED ]
Zentyal module dns: [ ENABLED ]
Zentyal module logs: [ ENABLED ]
Zentyal module ntp: [ ENABLED ]
Zentyal module samba: [ ENABLED ]
Zentyal module webadmin: [ ENABLED ]
########
## Zentyal Commercial Edition
########
The server doesn't have a license key.
########
## Uptime
########
Uptime's server: up 8 hours, 36 minutes
########
## Memory
########
Total memory: 15914 MB
Memory usage: 11.52%
SWAP usage: 0 MB
########
## CPU
########
Total cores: 4
CPU load average (1m,5m,15m): 2.23. 1.87. 1.83
########
## Hard Drives and partitions
########
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 465.8G 0 disk
├─sda1 8:1 0 512M 0 part /boot/efi
└─sda2 8:2 0 465.3G 0 part /
sdb 8:16 0 1.8T 0 disk
└─sdb1 8:17 0 1.8T 0 part /share
sr0 11:0 1 1024M 0 rom
## Disk usage:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 ext4 457G 73G 361G 17% /
/dev/sdb1 ext4 1.8T 1.5T 290G 84% /share
/dev/sda1 vfat 511M 9.6M 502M 2% /boot/efi
########
## Network Interfaces
########
## Interfaces available:
eth0
## IPs configured:
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.100.2/24 brd 192.168.100.255 scope global eth0
## Network Interfaces where were 'Down':
-
Hi,
The domain controller is missing in the output you provide. Basically, the following function must be executed so I can see if something is wrong with the domain controller module.
* https://github.com/zentyal/zentyal/blob/master/main/core/src/scripts/smart-admin-report#L194
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
-
Good evening,
I'm still digging into this as this server is being referenced still for some AD Lookups and I'd really like to get this fixed.. Please find the attached log made fresh this evening.
Subject: System report
##################
# GENERAL CHECKS #
##################
########
## Hostname
########
hangarserver.js.local
########
## Hosts
########
127.0.0.1 localhost.localdomain localhost
#127.0.1.1 hangarserver.js.local hangarserver
192.168.100.2 hangarserver.js.local hangarserver
192.168.0.1 server.js.local server
192.168.0.247 server1.js.local server1
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
########
## Resolv
########
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# and managed by Zentyal.
#
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#
nameserver 127.0.0.1
search js.local
########
## Version of Zentyal and Ubuntu
########
Zentyal 6.1.6
Ubuntu 18.04.6 LTS
########
## Zentyal's modules installed
########
ii zentyal-core 6.1.6
ii zentyal-dns 6.1.2
ii zentyal-firewall 6.1
ii zentyal-network 6.1.1
ii zentyal-ntp 6.1
ii zentyal-samba 6.1.2
ii zentyal-software 6.1.1
########
## Modules which are enabled
########
Zentyal module network: [ ENABLED ]
Zentyal module firewall: [ DISABLED ]
Zentyal module audit: [ DISABLED ]
Zentyal module dns: [ ENABLED ]
Zentyal module logs: [ ENABLED ]
Zentyal module ntp: [ ENABLED ]
Zentyal module samba: [ ENABLED ]
Zentyal module webadmin: [ ENABLED ]
########
## Zentyal Commercial Edition
########
The server doesn't have a license key.
########
## Uptime
########
Uptime's server: up 8 hours, 30 minutes
########
## Memory
########
Total memory: 15914 MB
Memory usage: 7.50%
SWAP usage: 0 MB
########
## CPU
########
Total cores: 4
CPU load average (1m,5m,15m): 0.54. 0.42. 0.42
########
## Hard Drives and partitions
########
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 238.5G 0 disk
├─sda1 8:1 0 512M 0 part /boot/efi
└─sda2 8:2 0 164.7G 0 part /
sdb 8:16 0 3.7T 0 disk
└─sdb1 8:17 0 3.7T 0 part
└─md127 9:127 0 3.7T 0 raid1 /share
sdc 8:32 0 3.7T 0 disk
└─sdc1 8:33 0 3.7T 0 part
└─md127 9:127 0 3.7T 0 raid1 /share
## Disk usage:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 ext4 162G 15G 139G 10% /
/dev/sda1 vfat 511M 9.6M 502M 2% /boot/efi
/dev/md127 ext4 3.6T 1.5T 2.0T 43% /share
########
## Network Interfaces
########
## Interfaces available:
eth0
## IPs configured:
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.100.2/24 brd 192.168.100.255 scope global eth0
## Network Interfaces where were 'Down': 0
########
## Server packages
########
Broken packages: 0
Upgradable packages:
250 updates can be applied immediately.
221 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
Last update by Zentyal:
########
## Repositories
########
## Repositorios configured:
deb http://za.archive.ubuntu.com/ubuntu/ bionic main restricted
deb http://za.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
deb http://za.archive.ubuntu.com/ubuntu/ bionic universe
deb http://za.archive.ubuntu.com/ubuntu/ bionic-updates universe
deb http://za.archive.ubuntu.com/ubuntu/ bionic multiverse
deb http://za.archive.ubuntu.com/ubuntu/ bionic-updates multiverse
deb http://za.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse
deb http://packages.zentyal.org/zentyal 6.1 main extra
deb http://security.ubuntu.com/ubuntu bionic-security main restricted
deb http://security.ubuntu.com/ubuntu bionic-security universe
deb http://security.ubuntu.com/ubuntu bionic-security multiverse
## Custom repositories:
/etc/apt/sources.list.d/dropbox.list
deb [arch=i386,amd64] http://linux.dropbox.com/ubuntu bionic main
/etc/apt/sources.list.d/owncloud.list
deb https://download.owncloud.com/desktop/ownCloud/stable/2.9.2.6206/linux/Ubuntu_18.04/ /
/etc/apt/sources.list.d/openvpn3.list
deb https://swupdate.openvpn.net/community/openvpn3/repos bionic main
########
## System emails
########
########
## Mysql daemon
########
active
########
## Mysql databases
########
## Databases available:
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| zentyal |
+--------------------+
## Mysql databases check:
mysql.columns_priv OK
mysql.db OK
mysql.engine_cost OK
mysql.event OK
mysql.func OK
mysql.general_log OK
mysql.gtid_executed OK
mysql.help_category OK
mysql.help_keyword OK
mysql.help_relation OK
mysql.help_topic OK
mysql.innodb_index_stats OK
mysql.innodb_table_stats OK
mysql.ndb_binlog_index OK
mysql.plugin OK
mysql.proc OK
mysql.procs_priv OK
mysql.proxies_priv OK
mysql.server_cost OK
mysql.servers OK
mysql.slave_master_info OK
mysql.slave_relay_log_info OK
mysql.slave_worker_info OK
mysql.slow_log OK
mysql.tables_priv OK
mysql.time_zone OK
mysql.time_zone_leap_second OK
mysql.time_zone_name OK
mysql.time_zone_transition OK
mysql.time_zone_transition_type OK
mysql.user OK
sys.sys_config OK
zentyal.audit_actions OK
zentyal.audit_sessions OK
zentyal.firewall OK
zentyal.firewall_report OK
zentyal.samba_access OK
zentyal.samba_access_report OK
zentyal.samba_disk_usage OK
zentyal.samba_disk_usage_report OK
zentyal.samba_quarantine OK
###################
# Login accesses #
###################
Successful accesses to the Zentyal Admin Interface: 4
Failed accesses to the Zentyal Admin Interface: 0
Successful accesses from SSH: 3
Failed accesses from SSH: 1
#####################
# ZENTYAL LOG FILE #
#####################
## Errors and Warnings found from '2022/10/03' to '2023/01/05'
## Errors found:
ntp 0
dhcp 0
openvpn 0
network 1
ipsec 0
squid 0
firewall 0
mysql 0
samba 11
sogo 0
ejabber 0
logs 0
dns 12
mail 0
## Warnings found:
ntp 3
dhcp 0
openvpn 0
network 0
ipsec 0
squid 0
firewall 0
mysql 0
samba 1
sogo 0
ejabber 0
logs 0
dns 0
mail 0
############################
# DOMAIN CONTROLLER CHECKS #
############################
########
## DNS user
########
dns-HANGARSERVER
## DNS users on DnsAdmins:
dns-HANGARSERVER
########
## DNS user password flags
########
Usuario: dns-HANGARSERVER -> U
########
## DNS user ticket
########
Skipping the check for Kerberos ticket for 'dns-hangarserver' because its password isn't set as 'noexpiry'.
########
## Status of old Samba daemon
########
## Daemons' information:
Status of the daemon: 'smbd': inactive
State of the daemon: 'smbd': disabled
Status of the daemon: 'nmbd': inactive
State of the daemon: 'nmbd': disabled
Status of the daemon: 'winbind': inactive
State of the daemon: 'winbind': disabled
Status of the daemon: 'sssd': inactive
State of the daemon: 'sssd':
########
## Samba database check
########
Checked 7581 objects (51 errors)
########
## FSMO OWNER
########
SchemaMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
InfrastructureMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
RidAllocationMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
DomainNamingMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
########
## Domain Controllers configured
########
dn: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
objectGUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
dn: CN=NTDS Settings,CN=HANGARSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
objectGUID: a14123e4-7784-4b37-bcc3-21a705a98a31
########
## DNS alias
########
06b2d19c-ffe4-45e3-be6f-183540b1c68b._msdcs.js.local is an alias for server.js.local.
a14123e4-7784-4b37-bcc3-21a705a98a31._msdcs.js.local is an alias for hangarserver.js.local.
########
## DNS Errors on log file
########
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm JS.LOCAL
--
Exit value: 1 at root command kinit -k -t /var/lib/samba/private/dns.keytab dns-HANGARSERVER failed.
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm JS.LOCAL
--
2022/12/22 15:39:57 ERROR> GlobalImpl.pm:652 EBox::GlobalImpl::saveAllModules - Failed to save changes in module dns: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-HANGARSERVER failed.
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm JS.LOCAL
I've got three KDC points, all of them I can ping without an issue on either name or IP Address.
The error i'm seeing pop up is that it can't resolve hangarserver.js.local via lmhosts.
I can ping hangarserver.js.local and hangarserver and they both respond perfectly with the correct IP Address.
Any help would be fantastic. I did have to update this unit's IP Address a long time back and I've adjusted the DNS to see the correct IP address, I don't know if that's what's causing this issue.
Many thanks to everyone for help on this matter.
Duane
-
Hi,
According to your output, there are a few things to analyze:
1. It is not recommended to set the IP address of any hostname rather than the '127.0.0.1' and '127.0.1.1' in the configuration file '/etc/hosts'. The three records you have must be set up in the DNS module.
192.168.100.2 hangarserver.js.local hangarserver
192.168.0.1 server.js.local server
192.168.0.247 server1.js.local server1
2. Your Zentyal server has 250 packages to update. This shouldn't cause the issue, but I think it is interesting to mention.
250 updates can be applied immediately.
221 of these updates are standard security updates
3. The internal database of Samba has 51 errors, this could be the cause of the replication issue.
Checked 7581 objects (51 errors)
The fix for the third point is explained here: https://wiki.samba.org/index.php/Dbcheck
Related to the IP change a long time back, this can also be the issue, check the following:
1. Domain controller is listening to the new IP address.
sudo ss -tunpl | grep :389
2. The DNS entries were correctly updated, here you have another link: https://wiki.samba.org/index.php/DNS_Administration#Listing_zone_records
## An example
samba-tool dns query 127.0.0.1 js.local @ ALL -U administrator
Finally, did you check the log files: '/var/log/zentyal/zentyal.log' and '/var/log/syslog'? And also, did you check what errors you get related to the replication as this link explains: https://wiki.samba.org/index.php/Verifying_the_Directory_Replication_Statuses ?
NOTE: What operating system uses the other domain controller?
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".