samba 4.12.2: WERR_DNS_ERROR_DS_UNAVAILABLE, unable to manage samba DNS

Olaf Dreyer dreyer at o-dreyer.de
Wed Apr 29 09:58:31 UTC 2020 

Hi,

I run a setup with two Samba DC (currently samba 4.12.2 on debian 10 
VMs). I started with a Windows 2003 DC but the last Windows DC has been 
removed a few years ago from this setup.

Yesterday I recognized (might be older though) a problem with DNS 
administration. I am using the Samba Built-In DNS.

I added two new Windows 10 clients to the domain and they did not manage 
to register in the DNS domain.

Cross check on DC:

root at OMTNDC3:/usr/local/samba# samba-tool dns query omtndc3 omtn.de 
master A -k 1
ERROR(runtime): uncaught exception - (9717, 
'WERR_DNS_ERROR_DS_UNAVAILABLE')
   File 
"/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/__init__.py", 
line 186, in _run
     return self.run(*args, **kwargs)
   File 
"/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/dns.py", line 
865, in run
     raise e
   File 
"/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/dns.py", line 
861, in run
     None, record_type, select_flags, None, None)

On the other hand, nslookup is working fine.

root at OMTNDC3:/usr/local/samba# nslookup master
Server:         192.168.193.223
Address:        192.168.193.223#53

Name:   master.omtn.de
Address: 192.168.193.230

Another check: The Windows RSAT DNS app says that there is no AD.

So, it looks like DNS is working, but I cannot any longer use any admin 
tool.

smb.conf:

# Global parameters
[global]
         netbios name = OMTNDC3
         realm = OMTN.DE
         dns forwarder = 192.168.193.230
         workgroup = OMTN
         server role = active directory domain controller
         # idmap_ldb:use rfc2307 = yes
         #debuglevel = dns:1

[netlogon]
         path = /usr/local/samba/var/locks/sysvol/omtn.de/scripts
         read only = No

[sysvol]
         path = /usr/local/samba/var/locks/sysvol
         read only = No

The output of samba-tool drs showrepl looks strange, what does NTTIME(0) 
mean?

root at OMTNDC3:/usr/local/samba# samba-tool drs showrepl
CorporateDataCenter\OMTNDC3
DSA Options: 0x00000001
DSA object GUID: 7abd666f-d3bc-4e8f-9ff3-cf3abd802ee5
DSA invocationId: de8ee55e-2383-4f4e-aa8d-03a86c0bba2d

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=omtn,DC=de
         CorporateDataCenter\OMTNDC8 via RPC
                 DSA object GUID: 2d035437-cec0-4a24-bdd0-0b599915e3b6
                 Last attempt @ Wed Apr 29 11:25:28 2020 CEST was 
successful
                 0 consecutive failure(s).
                 Last success @ Wed Apr 29 11:25:28 2020 CEST

DC=omtn,DC=de
         CorporateDataCenter\OMTNDC8 via RPC
                 DSA object GUID: 2d035437-cec0-4a24-bdd0-0b599915e3b6
                 Last attempt @ Wed Apr 29 11:25:28 2020 CEST was 
successful
                 0 consecutive failure(s).
                 Last success @ Wed Apr 29 11:25:28 2020 CEST

CN=Schema,CN=Configuration,DC=omtn,DC=de
         CorporateDataCenter\OMTNDC8 via RPC
                 DSA object GUID: 2d035437-cec0-4a24-bdd0-0b599915e3b6
                 Last attempt @ Wed Apr 29 11:25:28 2020 CEST was 
successful
                 0 consecutive failure(s).
                 Last success @ Wed Apr 29 11:25:28 2020 CEST

CN=Configuration,DC=omtn,DC=de
         CorporateDataCenter\OMTNDC8 via RPC
                 DSA object GUID: 2d035437-cec0-4a24-bdd0-0b599915e3b6
                 Last attempt @ Wed Apr 29 11:25:29 2020 CEST was 
successful
                 0 consecutive failure(s).
                 Last success @ Wed Apr 29 11:25:29 2020 CEST

DC=DomainDnsZones,DC=omtn,DC=de
         CorporateDataCenter\OMTNDC8 via RPC
                 DSA object GUID: 2d035437-cec0-4a24-bdd0-0b599915e3b6
                 Last attempt @ Wed Apr 29 11:25:28 2020 CEST was 
successful
                 0 consecutive failure(s).
                 Last success @ Wed Apr 29 11:25:28 2020 CEST

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=omtn,DC=de
         CorporateDataCenter\OMTNDC8 via RPC
                 DSA object GUID: 2d035437-cec0-4a24-bdd0-0b599915e3b6
                 Last attempt @ NTTIME(0) was successful
                 0 consecutive failure(s).
                 Last success @ NTTIME(0)

DC=omtn,DC=de
         CorporateDataCenter\OMTNDC8 via RPC
                 DSA object GUID: 2d035437-cec0-4a24-bdd0-0b599915e3b6
                 Last attempt @ NTTIME(0) was successful
                 0 consecutive failure(s).
                 Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=omtn,DC=de
         CorporateDataCenter\OMTNDC8 via RPC
                 DSA object GUID: 2d035437-cec0-4a24-bdd0-0b599915e3b6
                 Last attempt @ NTTIME(0) was successful
                 0 consecutive failure(s).
                 Last success @ NTTIME(0)

CN=Configuration,DC=omtn,DC=de
         CorporateDataCenter\OMTNDC8 via RPC
                 DSA object GUID: 2d035437-cec0-4a24-bdd0-0b599915e3b6
                 Last attempt @ NTTIME(0) was successful
                 0 consecutive failure(s).
                 Last success @ NTTIME(0)

DC=DomainDnsZones,DC=omtn,DC=de
         CorporateDataCenter\OMTNDC8 via RPC
                 DSA object GUID: 2d035437-cec0-4a24-bdd0-0b599915e3b6
                 Last attempt @ NTTIME(0) was successful
                 0 consecutive failure(s).
                 Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
         Connection name: 340530b4-a0d6-4f58-a9e3-5a524d2aac42
         Enabled        : TRUE
         Server DNS name : omtndc8.omtn.de
         Server DN name  : CN=NTDS 
Settings,CN=OMTNDC8,CN=Servers,CN=CorporateDataCenter,CN=Sites,CN=Configuration,DC=omtn,DC=de
                 TransportType: RPC
                 options: 0x00000001
Warning: No NC replicated for Connection!


samba_dnsupdate --verbose
No DNS updates needed

Any help is welcome.

Best regards,
Olaf Dreyer

More information about the samba-technical mailing list