Chris Welsh via FreeIPA-users wrote:
> Hi Rob,
>
> I have run your tool and found it to report some issues. I wonder if you could help me figure out what they are. Our problem is that we often have staff who loose their groups and this has been happening for 3 years. sss_cache -u username sometimes fixes it. Any advise greatly welcome. Note that I have removed our send are master “vmpdr-linuxidm......”
>
> Really ken to solve this but no expert.
> Centos 7.8 server and clients
> ipa-server-4.6.6

The "Unexpected SRV entry in DNS" warnings mean that some servers are
defined in the IPA domain with services that IPA provides but those
servers aren't IPA servers.

Similarly, "Expected SRV record missing", a SRV record is missing for an
IPA service for one or more IPA servers.

"expected ipa-ca IPAddr missing" means that the IPA server at
10.126.18.129 is not in the ipa-ca CNAME (and also caught with the count
of ipa-ca records).

The final errors are due to your installation still using domain level
0. You can ignore these if you don't want to or can't update domain
levels. https://www.freeipa.org/page/Domain_Levels

rob

>
>
> [
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Unexpected SRV entry in DNS",
> "key": "_ntp._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
> },
> "uuid": "57735f69-6d98-4ae1-9f0a-dd848bbfa1f7",
> "duration": "0.024868",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Expected SRV record missing",
> "key": "_kerberos._tcp.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
> },
> "uuid": "3b789068-16ff-4684-bb5e-3add8a62b2b8",
> "duration": "0.025853",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Unexpected SRV entry in DNS",
> "key": "_kerberos._tcp.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
> },
> "uuid": "bab58235-1a9b-48bc-9b4c-b0e75b91d619",
> "duration": "0.027710",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Unexpected SRV entry in DNS",
> "key": "_kerberos._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
> },
> "uuid": "44a47316-ba13-4226-9625-2f29f369cdd4",
> "duration": "0.027825",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Expected SRV record missing",
> "key": "_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
> },
> "uuid": "313a97f5-9f05-4465-a50f-27996c22c306",
> "duration": "0.028995",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Unexpected SRV entry in DNS",
> "key": "_kerberos._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
> },
> "uuid": "d00274ff-12a9-465f-957e-392c4edd7e5a",
> "duration": "0.030514",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Unexpected SRV entry in DNS",
> "key": "_kerberos-master._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
> },
> "uuid": "0e50f8e7-6321-429a-b84e-3a88922ec07b",
> "duration": "0.031876",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Unexpected SRV entry in DNS",
> "key": "_kpasswd._udp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
> },
> "uuid": "011bf574-e7ea-4f5d-8bf6-f5ecdd722ecd",
> "duration": "0.033430",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Unexpected SRV entry in DNS",
> "key": "_kpasswd._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
> },
> "uuid": "d00839d9-6e83-481d-9685-8eaca6caea14",
> "duration": "0.034777",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Expected SRV record missing",
> "key": "_kerberos._udp.Default-First-Site-Name._sites.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
> },
> "uuid": "8bff3eb5-521d-4029-b368-c1b4cd39047c",
> "duration": "0.036379",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Unexpected SRV entry in DNS",
> "key": "_ldap._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
> },
> "uuid": "2091880e-5777-4854-abb4-bc14c032b1af",
> "duration": "0.037861",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Expected SRV record missing",
> "key": "_ldap._tcp.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
> },
> "uuid": "8f9862fa-45a0-4bdd-b561-93a6a15ac7f1",
> "duration": "0.038836",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Unexpected SRV entry in DNS",
> "key": "_kerberos-master._tcp.unix.foo.org.au.:vmdr-linuxidm.unix.foo.org.au."
> },
> "uuid": "cfd7b896-da90-4ac4-9b08-eccdbafeca30",
> "duration": "0.040348",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Expected SRV record missing",
> "key": "_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
> },
> "uuid": "3c38ad1e-96a5-41fd-a161-56dde9601896",
> "duration": "0.041473",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "Expected SRV record missing",
> "key": "_kerberos._udp.dc._msdcs.unix.foo.org.au.:vmpr-linuxidm.unix.foo.org.au."
> },
> "uuid": "fd6a163f-a338-4ff0-a2f2-9fb00064ab93",
> "duration": "0.042447",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "msg": "expected ipa-ca IPAddr missing",
> "key": "10.126.18.129"
> },
> "uuid": "59581cec-e08f-4e67-aed1-697698d66e92",
> "duration": "0.044304",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.idns",
> "kw": {
> "expected": 1,
> "count": 2,
> "msg": "Got {count} ipa-ca A records, expected {expected}"
> },
> "uuid": "6852b70e-b366-44a3-bc1f-6bde42f79209",
> "duration": "0.044392",
> "when": "20200820104327Z",
> "check": "IPADNSSystemRecordsCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.topology",
> "kw": {
> "msg": "topologysuffix-verify domain failed, Topology management requires minimum domain level 1 "
> },
> "uuid": "e5386d69-3028-4c71-8a93-87de8e954682",
> "duration": "0.002170",
> "when": "20200820104332Z",
> "check": "IPATopologyDomainCheck",
> "result": "ERROR"
> },
> {
> "source": "ipahealthcheck.ipa.topology",
> "kw": {
> "msg": "topologysuffix-verify domain failed, Topology management requires minimum domain level 1 "
> },
> "uuid": "c50ccc80-d031-4a52-a097-43b6b09c46c6",
> "duration": "0.005159",
> "when": "20200820104332Z",
> "check": "IPATopologyDomainCheck",
> "result": "ERROR"
> }
> ]
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>