LDAP certificate updated due to expiration. Getting the same message from two separate Truenas CORE systems:
TrueNAS @ freenas64.insouth.com
New alerts:
* Domain validation failed with error: [EFAULT] Failed to retrieve machine
account status: gse_get_client_auth_token: gss_init_sec_context failed with [
Miscellaneous failure (see text): Message stream modified](2529638953)
ads_sasl_spnego_bind: kinit succeeded but SPNEGO bind with Kerberos failed for
ldap/op-ctr.insouth.com - user[FREENAS64$], realm[INSOUTH.COM]: The attempted
logon is invalid. This is either due to a bad username or authentication
information. gse_get_client_auth_token: gss_init_sec_context failed with [
Miscellaneous failure (see text): Message stream modified](2529638953)
ads_sasl_spnego_bind: kinit succeeded but SPNEGO bind with Kerberos failed for
ldap/op-ctr.insouth.com - user[FREENAS64$], realm[INSOUTH.COM]: The attempted
logon is invalid. This is either due to a bad username or authentication
information.
I’ve only received this message one time so far, so I’m wondering if it is a glitch or timing issue with the AD. I can successfully log into both systems locally, and it appears that teverything is running as expected.
Systems have been rock solid to this point. What do I do to get rid of this issue, if I truly do have an issue?
May have been self-inflicted. The domain controller server mentioned in the email, when reviewed in its Server Manager, had a couple AD-based services that had stalled three days ago for no apparent reason, and when we restarted the services, the issue resolved itself. Apparently the AD services in that domain controller had gotten its knickers in a wad, and decided to quit communicating on a couple of its subsystems, including the NETLOGON service. We also saw where, for whatever reason, the NTP time sync had also stalled and was throwing errors in the event log. A good ole fashioned reboot cleared the deck, and the messages have been reported in the emails as “cleared”, and life has returned to normal. Digging more on the server to find the underlying cause, but it might have been totally attributable to the fact that the server had been up for 6 months, and probably just needed a reboot to clear the deck and start fresh ( typical windows memory and resource rot ). Nothing was done to the config on the NAS system, but after rebooting the domain controller in question, it probably wouldn’t be a bad idea to reboot the NAS, and restart fresh at that level also, so that it’ll resync freshly with that domain controller. Close this case, but document for future use, that it might simply be a problem with the domain controller not fully working with the AD services, that ultimately cause these errors.
