[Samba] Unable to join Windows 2008 R2 server DC to Samba DC

[Justin Foreman]

I hate to bump this, but we could really use some ideas here. Andrew, you had indicated that our Windows 2008 R2 DC join issues may be related to duplicate SPNs (with different case). Does this look like the same problem? Next troubleshooting steps?

Justin

> On Apr 3, 2018, at 11:05 PM, Justin Foreman <jforeman at dignitastechnologies.com> wrote:
> 
> I’m unable to successfully join a Windows 2008 R2 server DC to my Samba4 domain.
> 
> I’ve followed the steps on the wiki of joining a Server 2008 R2 DC to a Samba domain. After I reboot the domain controller, I receive a blue screen in regards to a corrupt AD database. I’ve tried Samba v4.6.7 and Samba 4.9.0pre1.
> 
> Prior to the reboot, I see the following three events on the Windows DC:
> ----- 
> Attempt to update DNS Host Name of the computer object in Active Directory failed. The updated value was 'DC8.us.dignitastech.com'. The following error occurred:
> Access is denied.
> ----- 
> Attempt to update HOST Service Principal Names (SPNs) of the computer object in Active Directory failed. The updated values were 'RestrictedKrbHost/DC8.us.dignitastech.com' and 'RestrictedKrbHost/DC8'. The following error occurred:
> Access is denied.
> ----- 
> Internal error: An Active Directory Domain Services error has occurred.
> 
> Additional Data
> Error value (decimal):
> 8374
> Error value (hex):
> 20b6
> Internal ID:
> 30d07c5
> —— 
> 
> On the samba server, the only error that I can pick out in the log.samba (at debug 4) is the following DNS update failure:
> 
>  ../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code 110
> 
> Any assistance is greatly appreciated as we have an (unfortunate) impending organizational requirement to use Windows domain controllers.
> 
> Thanks,
> Justin