Dynamic DNS feature in SSSD fails to update DNS entries with the error : GSS verify error: GSSAPI error: Major = A token had an invalid Message Integrity Check (MIC), Minor = Packet was replayed in wrong direction.

Solution Verified - Updated -

Issue

Dynamic DNS feature in SSSD fails to update DNS entries with the error below. Thus DNS Scavenging in DNS scavenge lots of DNS entries from DNS.

dns_request_getresponse: request 0x7f9be03b7010
GSS verify error: GSSAPI error: Major = A token had an invalid Message Integrity Check (MIC), Minor = Packet was replayed in wrong direction.
tsig key '3852538182.sig-dc001.example.com' (<null>): signature failed to verify(1)
; TSIG error with server: tsig verify failure

We have the following sssd.conf configuration in place :

[domain/ad.example.com]
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
ldap_schema = ad

dyndns_update = true
dyndns_refresh_interval = 43200
dyndns_upd ate_ptr = true
dyndns_ttl = 3600

Environment

Red Hat Enterprise Linux 7.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In