[Samba] NO DNS zone information found in source domain, not replicating DNS

Mon Mar 3 11:11:42 MST 2014

I am trying to join a Fedora Linux box running Samba 4.1.5 to a Windows
Server 2000 domain controller as an additional domain controller. I should
mention that our realm is the same as our domain name, adi.com. This is a
15 year old mistake. And the Windows DC does not have all of our machines
listed. To work around that I have delegated _msdcs, _sites, _tcp and
_udp to the Windows DC with name server records in our main domain name
servers. On the Linux box I have listed the Windows DC as the first
entry in /etc/resolv.conf and then added a large number of records to
the /etc/hosts file to restore name resolution. If I do a 'dig axfr adi.com'
I do get a trandfer of adi.com from the Windows DC. Note that I did not
have to specify which name server to use to dig, so the entry in resolv.conf
is working.

When I try to join the domain as a DC, I get the error:

NO DNS zone information found in source domain, not replicating DNS

The Windows DC does now list the Linux box (Koi) as a DC, but the
adi.com zone on the Windows box does not list Koi in any of the records.
I manually added an address record for Koi to the Windows DC and redid
the join, but the result is the same. Given some of the other messages,
I am not sure if anything is working correctly. Following is the output
of the join command and several other results from various queries.

[root at koi bin]# ./samba-tool domain join adi.com DC -Uadministrator
     --realm=adi.com --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'adi.com'
Found DC starfish2.adi.com
Password for [WORKGROUP\administrator]:
NO DNS zone information found in source domain, not replicating DNS
workgroup is ADI
realm is adi.com
checking sAMAccountName
Adding CN=KOI,OU=Domain Controllers,DC=adi,DC=com
Adding CN=KOI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
       CN=Configuration,DC=adi,DC=com
Adding CN=NTDS Settings,CN=KOI,CN=Servers,CN=Default-First-Site-Name,
       CN=Sites,CN=Configuration,DC=adi,DC=com
Adding SPNs to CN=KOI,OU=Domain Controllers,DC=adi,DC=com
Setting account password for KOI$
Enabling account
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=adi,DC=com
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=adi,DC=com] objects[140]
          linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=adi,DC=com] objects[279]
          linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=adi,DC=com] objects[420]
          linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=adi,DC=com] objects[560]
          linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=adi,DC=com] objects[698]
          linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=adi,DC=com] objects[838]
          linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=adi,DC=com] objects[953]
          linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=adi,DC=com] objects[1014]
          linked_values[0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=adi,DC=com] objects[172] linked_values[0]
Partition[CN=Configuration,DC=adi,DC=com] objects[323] linked_values[0]
Partition[CN=Configuration,DC=adi,DC=com] objects[472] linked_values[0]
Partition[CN=Configuration,DC=adi,DC=com] objects[622] linked_values[0]
Partition[CN=Configuration,DC=adi,DC=com] objects[774] linked_values[0]
Partition[CN=Configuration,DC=adi,DC=com] objects[924] linked_values[0]
Partition[CN=Configuration,DC=adi,DC=com] objects[1073] linked_values[0]
Partition[CN=Configuration,DC=adi,DC=com] objects[1224] linked_values[0]
Partition[CN=Configuration,DC=adi,DC=com] objects[1346] linked_values[0]
Replicating critical objects from the base DN of the domain
Partition[DC=adi,DC=com] objects[80] linked_values[0]
Partition[DC=adi,DC=com] objects[202] linked_values[0]
Partition[DC=adi,DC=com] objects[272] linked_values[0]
Partition[DC=adi,DC=com] objects[337] linked_values[0]
Partition[DC=adi,DC=com] objects[411] linked_values[0]
Partition[DC=adi,DC=com] objects[453] linked_values[0]
Done with always replicated NC (base, config, schema)
Committing SAM database
Sending DsReplicateUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain ADI (SID S-1-5-21-3086556783-1154713322-1448514472) as a DC

[root at koi bin]# ./ldbsearch -H /opt/local/samba4/private/sam.ldb
                '(invocationid=*)' --cross-ncs objectguid
# record 1
dn: CN=NTDS Settings,CN=STARFISH2,CN=Servers,CN=Default-First-Site-Name,
    CN=Sites,CN=Configuration,DC=adi,DC=com
objectGUID: 29b0b8d7-20fb-43ab-ab8c-8490b4689191

# record 2
dn: CN=NTDS Settings,CN=KOI,CN=Servers,CN=Default-First-Site-Name,
    CN=Sites,CN=Configuration,DC=adi,DC=com
objectGUID: ef382a43-092e-4cda-acb1-e7ba70e9253e

# returned 2 records
# 2 entries
# 0 referrals

[root at koi bin]# ./samba-tool drs showrepl
Default-First-Site-Name\KOI
DSA Options: 0x00000001
DSA object GUID: ef382a43-092e-4cda-acb1-e7ba70e9253e
DSA invocationId: 3b9dbd10-260a-4a38-b77f-c408a66586d3

==== INBOUND NEIGHBORS ====

==== OUTBOUND NEIGHBORS ====

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: ec004b4b-5bcd-4107-a146-d6b814fe645d
        Enabled        : TRUE
        Server DNS name : starfish2.adi.com
        Server DN name  : CN=NTDS Settings,CN=STARFISH2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adi,DC=com
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!

[root at koi bin]# dig +multiline axfr adi.com
; <<>> DiG 9.9.5 <<>> +multiline axfr adi.com
;; global options: +cmd
adi.com.		3600 IN	SOA starfish2.adi.com. admin.adi.com. (
				22         ; serial
				900        ; refresh (15 minutes)
				600        ; retry (10 minutes)
				86400      ; expire (1 day)
				3600       ; minimum (1 hour)
				)
adi.com.		600 IN A 192.168.2.178
adi.com.		3600 IN	NS starfish2.adi.com.
29b0b8d7-20fb-43ab-ab8c-8490b4689191._msdcs.adi.com. 600
    IN CNAME starfish2.adi.com.
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.adi.com. 600
    IN	SRV 0 100 88 starfish2.adi.com.
_ldap._tcp.default-first-site-name._sites.dc._msdcs.adi.com. 600
    IN SRV	0 100 389 starfish2.adi.com.
_kerberos._tcp.dc._msdcs.adi.com. 600 IN SRV 0 100 88 starfish2.adi.com.
_ldap._tcp.dc._msdcs.adi.com. 600 IN SRV 0 100 389 starfish2.adi.com.
_ldap._tcp.4e01c3e7-1adb-4ddb-bf28-b6559f328de8.domains._msdcs.adi.com.	600
    IN SRV 0 100 389 starfish2.adi.com.
gc._msdcs.adi.com.	600 IN A 192.168.2.178
_ldap._tcp.default-first-site-name._sites.gc._msdcs.adi.com. 600
    IN SRV	0 100 3268 starfish2.adi.com.
_ldap._tcp.gc._msdcs.adi.com. 600 IN SRV 0 100 3268 starfish2.adi.com.
_ldap._tcp.pdc._msdcs.adi.com. 600 IN SRV 0 100 389 starfish2.adi.com.
_gc._tcp.default-first-site-name._sites.adi.com. 600
    IN	SRV 0 100 3268 starfish2.adi.com.
_kerberos._tcp.default-first-site-name._sites.adi.com. 600
    IN SRV 0 100 88 starfish2.adi.com.
_ldap._tcp.default-first-site-name._sites.adi.com. 600
    IN SRV 0 100 389 starfish2.adi.com.
_gc._tcp.adi.com.	600 IN SRV 0 100 3268 starfish2.adi.com.
_kerberos._tcp.adi.com.	600 IN SRV 0 100 88 starfish2.adi.com.
_kpasswd._tcp.adi.com.	600 IN SRV 0 100 464 starfish2.adi.com.
_ldap._tcp.adi.com.	600 IN SRV 0 100 389 starfish2.adi.com.
_kerberos._udp.adi.com.	600 IN SRV 0 100 88 starfish2.adi.com.
_kpasswd._udp.adi.com.	600 IN SRV 0 100 464 starfish2.adi.com.
koi.adi.com.		3600 IN	A 192.168.2.159
starfish2.adi.com.	3600 IN	A 192.168.2.178
;; Query time: 1 msec
;; SERVER: 192.168.2.178#53(192.168.2.178)

The samba.log
[2014/03/02 14:31:58.386838,  0] ../source4/smbd/server.c:370(binary_smbd_main)
  samba version 4.1.5 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2013
[2014/03/02 14:31:58.587695,  0] ../source4/smbd/server.c:492(binary_smbd_main)
  samba: using 'standard' process model
[2014/03/02 14:31:58.621843,  0]
   ../source4/lib/tls/tlscert.c:70(tls_cert_generate)
  Attempting to autogenerate TLS self-signed keys for https for hostname
  'KOI.adi.com'
[2014/03/02 14:31:58.910948,  0]
   ../source4/lib/tls/tlscert.c:166(tls_cert_generate)
  TLS self-signed keys generated OK
[2014/03/02 14:31:59.262744,  0]
   ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
  /opt/local/samba4/sbin/samba_dnsupdate: dns_request_getresponse: FORMERR
[2014/03/02 14:32:18.706897,  0]
   ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
  ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT
[2014/03/02 14:41:59.042163,  0]
   ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
  /opt/local/samba4/sbin/samba_dnsupdate: dns_request_getresponse: FORMERR
[2014/03/02 14:42:18.767059,  0]
   ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
  ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT
------------------- the rest deleted, the same thing over and over -----------

Tom Schulz
Applied Dynamics Intl.
schulz at adi.com