[Samba] DNS managment error

Wed Aug 28 08:52:49 MDT 2013

Hello again,

I wanted to notify everybody that I managed to overcome this problem.
The issue was that CN=MicrosoftDNS,DC=ForestDnsZones,... branch was 
missing because
the Forest was operating in Windows 2000 native functional level.
The thing that I did was, transfer all FSMO roles back to Windows 2003 
server plugged off Samba servers, cleaned Samba server metadata and then 
raised the level of the domain to Windows 2003 Native.
Then in the DNS tool I configured forest wide zone replication.
Then i did fresh install of Samba on Linux servers and joined the them 
to the domain.

When I was sure that all changes are being replicated across all domain 
controllers, I transfered all FSMO roles
back to one Linux server and unplugged Windows 2003 from the network.

Now I have full access to DNS services and all other levels of Domain 
are functional.

To be exact, I still have some minor issues such as long logon times , 
but soon I will resolve them to.

All best,
Antun

On 08/27/2013 09:00 PM, Antun Horvat wrote:
> Well that's the thing, I can only replicate DNS changes from WinDC to 
> Samba, but not in other way.
> I can't even update DNS records on Samba side, only on Windows side.
>
> I managed to figure out an error on Samba caused by RPC call:
> dnsserver: Found DNS zone .
> Failed to find DNS Zones in 
> CN=MicrosoftDNS,DC=ForestDnsZones,DC=Radio101,DC=local
>
> Now I am surfing on the web trying to find some kind of solution.
>
> All best,
> Antun
>
> On 08/27/2013 08:46 PM, Garth Keesler wrote:
>> Interesting. Are Forest and Domain records being replicated in both 
>> directions from all DCs? It always worked from the WinDC to the S4DC 
>> but not in the other direction. Also, were you able to use the WIN 
>> DNS MMC to examine the DNS records on any of the Samba DCs? If so, 
>> you are probably close to having it working; something I never 
>> managed to do.
>>
>> See ya...
>> Garth
>>
>> On 08/27/2013 12:07 PM, Antun Horvat wrote:
>>> Thanks for such quick reply,
>>>
>>> I have just executed "samba-tool drs showrepl" command and it seems 
>>> that Forest and Domain LDAP DIT are being replicated successfully.
>>> But I still doubt that it can not be fixed since all RR records that 
>>> are added to w2k3 server are successfully propagated and present. 
>>> All name resolution queries on samba reflect the state of w2k3 DNS.
>>>
>>> Is there some way to debug RPC calls so that we can more precisely 
>>> locate the error?
>>>
>>>
>>> All best,
>>> Antun
>>>
>>> On 08/27/2013 06:40 PM, Garth Keesler wrote:
>>>> This issue has been discussed at length before with no resolution 
>>>> to my knowledge. If you use "samba-tool drs showrepl", you will 
>>>> probably notice that Forest and Domain DNS is not being replicated 
>>>> to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will 
>>>> not be able to detect that DNS is running on the Samba DCs nor that 
>>>> they are DCs at all. I have only tested this using internal Samba 
>>>> DNS but have found no workaround and have dropped trying to use 
>>>> Samba to demote/replace a Win2003 DC for now.
>>>>
>>>> Good luck,
>>>> Garth
>>>>
>>>> On 08/27/2013 09:58 AM, Antun Horvat wrote:
>>>>>
>>>>>
>>>>> Hello,
>>>>>
>>>>> i have an issue with existing installation of samba4 domain 
>>>>> controller
>>>>> that is specific to dns managment.
>>>>> In the domain I have two samba4 4.0.7 and one windows 2003 server 
>>>>> that I
>>>>> plug periodically to manage the dns.
>>>>> All fsmo roles are transfered to samba.
>>>>>
>>>>> All aspects of the domain work perfectly, except one, the 
>>>>> samba-tool dns
>>>>> commands do not work.
>>>>> All commands when executed on samba server return "ERROR(runtime):
>>>>> uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')" 
>>>>> error. The
>>>>> same command pointed to windows server works fine.
>>>>> All commands that add hosts to window are replicated to samba 
>>>>> instances.
>>>>>
>>>>> The domain is functioning at 2003 native level (reported by windows
>>>>> tool), but samba can't figure out the level.
>>>>> Also when i try to demote the w2k3 server i get the error that 
>>>>> "Active
>>>>> Directory could not find another domain controller to transfer the
>>>>> remaining data in the directory partition
>>>>> DC=DomainDnsZones,Dc=example,dc=com"
>>>>>
>>>>> Could you please point me to the right resources so that i can 
>>>>> resolve
>>>>> my current issues.
>>>>>
>>>>> Thanks in advance, and I wish best to all Samba community.
>>>>>
>>>>> ps
>>>>> If you need some kind of help, such as testing rc's in certain
>>>>> configuration, please contact me.
>>>>>
>>>>>
>>>>
>>