Re-Join MS Active Directory fails with a "LifetimeTimeout" error Scale 24.04

rynotg12 · May 6, 2024, 8:44pm

Was having issues with SMB permissions so I decided to remove my baremetal truenas from the active directory. When trying to re-join the active directory, I keep seeing a lifetime timeout error.

Output below-

LifetimeTimeout

“The resolution lifetime expired after 10.003 seconds: Server 192.168.X.X UDP port 53 answered The DNS operation timed out after 3.999 seconds; Server 10.0.X.X UDP port 53 answered The DNS operation timed out after 3.999 seconds; Server 192.168.X.X UDP port 53 answered The DNS operation timed out after 1.894 seconds”

Error: Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 198, in call_method
result = await self.middleware.call_with_audit(message[‘method’], serviceobj, methodobj, params, self)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1466, in call_with_audit
result = await self._call(method, serviceobj, methodobj, params, app=app,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1417, in _call
return await methodobj(*prepared_call.args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/service/config_service.py”, line 82, in update
rv = await self.middleware._call(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1417, in _call
return await methodobj(*prepared_call.args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 187, in nf
return await func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 47, in nf
res = await f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/plugins/activedirectory.py”, line 440, in do_update
await self.common_validate(new, old, verrors)
File “/usr/lib/python3/dist-packages/middlewared/plugins/activedirectory.py”, line 228, in common_validate
if not (await self.middleware.call(‘activedirectory.netbiosname_is_ours’, new[‘netbiosname’], new[‘domainname’], new[‘dns_timeout’])):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1564, in call
return await self._call(
^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1417, in call
return await methodobj(*prepared_call.args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/plugins/activedirectory/dns.py", line 290, in netbiosname_is_ours
dns_addresses = set([x[‘address’] for x in await self.middleware.call(‘dnsclient.forward_lookup’, {
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1564, in call
return await self._call(
^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1417, in _call
return await methodobj(*prepared_call.args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 187, in nf
return await func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 47, in nf
res = await f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/plugins/dns_client.py”, line 182, in forward_lookup
raise failuresPerHost[h][0]
File “/usr/lib/python3/dist-packages/middlewared/plugins/dns_client.py”, line 40, in resolve_name
ans = await r.resolve(
^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/dns/asyncresolver.py”, line 89, in resolve
timeout = self._compute_timeout(start, lifetime, resolution.errors)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/dns/resolver.py”, line 988, in _compute_timeout
raise LifetimeTimeout(timeout=duration, errors=errors)
dns.resolver.LifetimeTimeout: The resolution lifetime expired after 10.003 seconds: Server 192.168.X.X UDP port 53 answered The DNS operation timed out after 3.999 seconds; Server 10.0.X.X UDP port 53 answered The DNS operation timed out after 3.999 seconds; Server 192.168.X.X UDP port 53 answered The DNS operation timed out after 1.894 seconds

awalkerix · May 7, 2024, 11:49am

You can bump up the timeout for DNS resolution in the AD form, but it may be worthwhile to examine why DNS lookups are taking so long to complete.

rynotg12 · May 7, 2024, 2:25pm

I think the timeout is happening during the binding—if I change the username or password to an incorrect one, I get a failure response straight away. I’ve contemplated creating a new admin user on the DC that’s part of the domain join group to see if there are DC permissions issues. Had been using the built in administrator, then my super user which is part of the domain admins group.

Was thinking earlier that it could be a firewall issue on the DC, but now I’m more leaning toward some sort of confusion between truenas local user/pws and the domain user/pws because they’re both the same

In the user field when domain joining, do we set domain.local/user or only use the username without the domain info?

awalkerix · May 7, 2024, 2:54pm

The above error you posted is prior to any username validation. It’s a simple DNS query that’s failing.

rynotg12 · May 7, 2024, 8:53pm

I don’t have any issue with dig–

rynotg12 · May 8, 2024, 6:22pm

update: moved ALL the data off the host, reinstalled the app on the bare metal R750, getting the same error after all that–timeout