Hi!

Setup: Ubuntu 18.04 (future), SSSD 1.16.0, nsupdate/bind: 9.11.2.P1, 2008R2 DC/DNS

I need some help and guidance with troubleshooting nsupdate-problems.

I get the famous "TSIG error with server: tsig verify failure" when trying to update my A-record against our Microsoft DNS.

I get the error in sssd-logs and the same error when running nsupdate manually with the same input as found in the logs (when cranking up debug level).

I have tried with client keytab and with a user that I know have permission to update. (nsupdate with -g)

SSSD is fully configured and I can do user lookups and logins. ldapsearch agains different domains in the forest with -Y GSSAPI works without problem.

Our setup is a domain forest where the clients are in the subdomain and the DNS is in the parent domain. Parent DNS domain and subdomains is in the same Zone and has Secure Only updates enabled. 

Anyone have any ideas what I can do next to troubleshoot this issue?