Dynamic DNS feature in SSSD fails to update DNS entries with the error : GSS verify error: GSSAPI error: Major = A token had an invalid Message Integrity Check (MIC), Minor = Packet was replayed in wrong direction.

Solution Verified - Updated -

Issue

Dynamic DNS feature in SSSD fails to update DNS entries with the error below. Thus DNS Scavenging in DNS scavenge lots of DNS entries from DNS.

dns_request_getresponse: request 0x7f9be03b7010
GSS verify error: GSSAPI error: Major = A token had an invalid Message Integrity Check (MIC), Minor = Packet was replayed in wrong direction.
tsig key '3852538182.sig-dc001.example.com' (<null>): signature failed to verify(1)
; TSIG error with server: tsig verify failure

We have the following sssd.conf configuration in place :

[domain/ad.example.com]
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
ldap_schema = ad

dyndns_update = true
dyndns_refresh_interval = 43200
dyndns_upd ate_ptr = true
dyndns_ttl = 3600

Environment

Red Hat Enterprise Linux 7.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content