[Samba] Windows 2008R2 DC Problems

[Moe Salem]

Hello Marc, 

1. The error message is 


"The host record test.salem.int cannot be created. Refused" 


and in the event log 


"The following application directory partition has no security descriptor reference domain.   Application directory partition: DC=DomainDnsZones,DC=salem,DC=int  The root domain will be used instead.   User Action  Set the security descriptor reference domain for this application directory partition." 



2. Yes, When you create a DNS entry it is replicated to the Win DC. AND if you modify a DNS entry it is replicated from the WIN DC to the samba DC's. 


3. Disabling Samba on the DC before creating it on the win DC does not do anything. 


4. Samba first built and populated the domain. 




Thanks, 


Moe 

----- Original Message -----

From: "Marc Muehlfeld" <mmuehlfeld at samba.org> 
To: "Moe Salem" <abuelias at shaw.ca>, samba at lists.samba.org 
Sent: Wednesday, February 25, 2015 12:46:27 PM 
Subject: Re: [Samba] Windows 2008R2 DC Problems 

Hello Moe, 

Am 25.02.2015 um 17:52 schrieb Moe Salem: 
> When I promote a 2008R2 server as a secondary DC in the samba AD domain, everything seems to work great (Replication and all) Except I am unable to create NEW records. 
> I can update and change existing records but not create any new records via the DNS tool on the win2008R2 server. However if i connected to the centos6.6 PDC via the DNS admin tool, I am able to create new records. Any ideas? 


* What is the error message? 
* When you create a DNS entry on the Samba server, is it replicated to 
the Win DC? 
* Does the behaviour changes, if you temporary shutdown Samba on the 
first DC while you create the record? 
* Who build the domain? I mean: Who was first and populated the AD? 
Windows or Samba? 


Regards, 
Marc