[Samba] samba4 dc to adc failover

[Morgan Toal]

Hi Samba List!

Used samba3 for years, now it's time for samba4 (thanks!!!) 
Unfortunately I am not familiar with certain microsoft concepts about AD 
and the roles of domain controllers.

I've got three vm's for my experiments:
1) a samba4 domain controller test1.test.local
2) a samba4 additional domain controller test2 joined to my domain 
test.local.
3) a win7 workstation that is joined to domain test.local and has ip's 
of both test1 and test2 for dns

If I understand correctly, dns and ad are synchronized between test1 and 
test2 per samba-tool drs show-repl

What I want, is to have a test2 be a failover domain controller if test1 
is offline for some reason.

My experiment went like this:

1) service samba4 stop on test1.test.local to simulate failure
2) still log in on win7 workstation to test2, i think this is due to 
cached credentials
3) call up active directory users and computers on win7
4) make some changes to ad and have those replicated from test2->test1 
when it comes back online

However, I get the message on the win7 vm:

"Naming information cannot be located because: the system detected a 
possible attempt to compromise security. Please ensure that you can 
contact the server that authenticated you. Contact your system 
administrator to verify that your domain is properly configured and is 
currently online."

Any suggestions?
Is there something I need to do to "pass the hat" to test2?
Can it be passed back to test1 afterward?

thanks!

mtoal