Re: [Samba] DNS managment error
Hello again, I wanted to notify everybody that I managed to overcome this problem. The issue was that CN=MicrosoftDNS,DC=ForestDnsZones,... branch was missing because the Forest was operating in Windows 2000 native functional level. The thing that I did was, transfer all FSMO roles back to Windows 2003 server plugged off Samba servers, cleaned Samba server metadata and then raised the level of the domain to Windows 2003 Native. Then in the DNS tool I configured forest wide zone replication. Then i did fresh install of Samba on Linux servers and joined the them to the domain. When I was sure that all changes are being replicated across all domain controllers, I transfered all FSMO roles back to one Linux server and unplugged Windows 2003 from the network. Now I have full access to DNS services and all other levels of Domain are functional. To be exact, I still have some minor issues such as long logon times , but soon I will resolve them to. All best, Antun On 08/27/2013 09:00 PM, Antun Horvat wrote: Well that's the thing, I can only replicate DNS changes from WinDC to Samba, but not in other way. I can't even update DNS records on Samba side, only on Windows side. I managed to figure out an error on Samba caused by RPC call: dnsserver: Found DNS zone . Failed to find DNS Zones in CN=MicrosoftDNS,DC=ForestDnsZones,DC=Radio101,DC=local Now I am surfing on the web trying to find some kind of solution. All best, Antun On 08/27/2013 08:46 PM, Garth Keesler wrote: Interesting. Are Forest and Domain records being replicated in both directions from all DCs? It always worked from the WinDC to the S4DC but not in the other direction. Also, were you able to use the WIN DNS MMC to examine the DNS records on any of the Samba DCs? If so, you are probably close to having it working; something I never managed to do. See ya... Garth On 08/27/2013 12:07 PM, Antun Horvat wrote: Thanks for such quick reply, I have just executed samba-tool drs showrepl command and it seems that Forest and Domain LDAP DIT are being replicated successfully. But I still doubt that it can not be fixed since all RR records that are added to w2k3 server are successfully propagated and present. All name resolution queries on samba reflect the state of w2k3 DNS. Is there some way to debug RPC calls so that we can more precisely locate the error? All best, Antun On 08/27/2013 06:40 PM, Garth Keesler wrote: This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
Wow! I'm impressed! :-) I also ensured that the domain was at 2003 native but with no improvement. When you say that in the DNS tool I configured forest wide zone replication, is that the Win DNS MMC or samba-tool? Can you be specific? That may have been my problem. Thanx, Garth On 08/28/2013 09:52 AM, Antun Horvat wrote: Hello again, I wanted to notify everybody that I managed to overcome this problem. The issue was that CN=MicrosoftDNS,DC=ForestDnsZones,... branch was missing because the Forest was operating in Windows 2000 native functional level. The thing that I did was, transfer all FSMO roles back to Windows 2003 server plugged off Samba servers, cleaned Samba server metadata and then raised the level of the domain to Windows 2003 Native. Then in the DNS tool I configured forest wide zone replication. Then i did fresh install of Samba on Linux servers and joined the them to the domain. When I was sure that all changes are being replicated across all domain controllers, I transfered all FSMO roles back to one Linux server and unplugged Windows 2003 from the network. Now I have full access to DNS services and all other levels of Domain are functional. To be exact, I still have some minor issues such as long logon times , but soon I will resolve them to. All best, Antun On 08/27/2013 09:00 PM, Antun Horvat wrote: Well that's the thing, I can only replicate DNS changes from WinDC to Samba, but not in other way. I can't even update DNS records on Samba side, only on Windows side. I managed to figure out an error on Samba caused by RPC call: dnsserver: Found DNS zone . Failed to find DNS Zones in CN=MicrosoftDNS,DC=ForestDnsZones,DC=Radio101,DC=local Now I am surfing on the web trying to find some kind of solution. All best, Antun On 08/27/2013 08:46 PM, Garth Keesler wrote: Interesting. Are Forest and Domain records being replicated in both directions from all DCs? It always worked from the WinDC to the S4DC but not in the other direction. Also, were you able to use the WIN DNS MMC to examine the DNS records on any of the Samba DCs? If so, you are probably close to having it working; something I never managed to do. See ya... Garth On 08/27/2013 12:07 PM, Antun Horvat wrote: Thanks for such quick reply, I have just executed samba-tool drs showrepl command and it seems that Forest and Domain LDAP DIT are being replicated successfully. But I still doubt that it can not be fixed since all RR records that are added to w2k3 server are successfully propagated and present. All name resolution queries on samba reflect the state of w2k3 DNS. Is there some way to debug RPC calls so that we can more precisely locate the error? All best, Antun On 08/27/2013 06:40 PM, Garth Keesler wrote: This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
To clarify things a bit for others with the same problem, I will try to explain exact things that I did. Like I said, one of my issues was that the domain was functioning in level 2003 native, but the forest remained in the 2000 native functioning level. So you need to be sure that both domain and forest levels are indeed functioning in 2003 native level. If your domain and forest is not running in that level, you need to transfer all FSMO roles to your Windows server. These roles are (RID, PDC, Infrastructure, Naming master, Schema master). At that point I removed all samba servers from the domain which may not be needed, but I wanted to decrease the chance of Samba to interfere with the process of raising the level. Since I could not demote the samba for some reason from the domain, i simply stopped the Samba process on Linux servers and removed Samba metadata on windows using ntdsutil tool. You must be careful with that command since you can destroy all your domain data with it. Now with just Windows 2003 server in the domain I have simply raised the forest level and did not experience any problems with it. Next, I opened DNS MMC in Windows2003 and selected my domain zones, right clicked the zone and in options selected forest wide replication. I don't remember the exact name of the tab, but it is easily identified. Now I have reinstalled (make uninstall; make install) Samba on the Linux servers and joined them as DC's to Windows server. Now it is a good time to test replication of LDAP data between server by adding for example user1 to Windows and user2 to Linux server and see if the users are being replicated between the servers. Also check the status of samba-tool drs showrepl. Then if the data is replicating without any error using the samba-tool fsmo transfer --role=all transfer all FSMO roles to Linux server. Now wait few minutes and shutdown Windows 2003 server from the network. At this point the domain should be running just fine and everything can be based on Samba4 AD's. Now you can manage your Domain and DNS data through Windows MMC tools or through samba-tool CLI tool. Also if you experience some issue with slow logins in Domain workstations, be sure to delete ipv6 address from DNS zone, as it fixed login times in my case. If you are doing this in fully functional environment where everything is depending on your DC, and people are using workstations 24H don't worry, it can be done since I did that without any downtime. I have successfully converted old windows 2000 domain into 2003 compatible domain running only on (for now) two Samba DC's. On 08/28/2013 06:29 PM, Garth Keesler wrote: Wow! I'm impressed! :-) I also ensured that the domain was at 2003 native but with no improvement. When you say that in the DNS tool I configured forest wide zone replication, is that the Win DNS MMC or samba-tool? Can you be specific? That may have been my problem. Thanx, Garth On 08/28/2013 09:52 AM, Antun Horvat wrote: Hello again, I wanted to notify everybody that I managed to overcome this problem. The issue was that CN=MicrosoftDNS,DC=ForestDnsZones,... branch was missing because the Forest was operating in Windows 2000 native functional level. The thing that I did was, transfer all FSMO roles back to Windows 2003 server plugged off Samba servers, cleaned Samba server metadata and then raised the level of the domain to Windows 2003 Native. Then in the DNS tool I configured forest wide zone replication. Then i did fresh install of Samba on Linux servers and joined the them to the domain. When I was sure that all changes are being replicated across all domain controllers, I transfered all FSMO roles back to one Linux server and unplugged Windows 2003 from the network. Now I have full access to DNS services and all other levels of Domain are functional. To be exact, I still have some minor issues such as long logon times , but soon I will resolve them to. All best, Antun On 08/27/2013 09:00 PM, Antun Horvat wrote: Well that's the thing, I can only replicate DNS changes from WinDC to Samba, but not in other way. I can't even update DNS records on Samba side, only on Windows side. I managed to figure out an error on Samba caused by RPC call: dnsserver: Found DNS zone . Failed to find DNS Zones in CN=MicrosoftDNS,DC=ForestDnsZones,DC=Radio101,DC=local Now I am surfing on the web trying to find some kind of solution. All best, Antun On 08/27/2013 08:46 PM, Garth Keesler wrote: Interesting. Are Forest and Domain records being replicated in both directions from all DCs? It always worked from the WinDC to the S4DC but not in the other direction. Also, were you able to use the WIN DNS MMC to examine the DNS records on any of the Samba DCs? If so, you are probably close to having it working; something I never managed to do. See ya... Garth On 08/27/2013 12:07 PM, Antun Horvat wrote: Thanks for such quick reply, I have
Re: [Samba] DNS managment error
Many thanks! I'll give this a try. See ya... Garth On 08/28/2013 01:18 PM, Antun Horvat wrote: To clarify things a bit for others with the same problem, I will try to explain exact things that I did. Like I said, one of my issues was that the domain was functioning in level 2003 native, but the forest remained in the 2000 native functioning level. So you need to be sure that both domain and forest levels are indeed functioning in 2003 native level. If your domain and forest is not running in that level, you need to transfer all FSMO roles to your Windows server. These roles are (RID, PDC, Infrastructure, Naming master, Schema master). At that point I removed all samba servers from the domain which may not be needed, but I wanted to decrease the chance of Samba to interfere with the process of raising the level. Since I could not demote the samba for some reason from the domain, i simply stopped the Samba process on Linux servers and removed Samba metadata on windows using ntdsutil tool. You must be careful with that command since you can destroy all your domain data with it. Now with just Windows 2003 server in the domain I have simply raised the forest level and did not experience any problems with it. Next, I opened DNS MMC in Windows2003 and selected my domain zones, right clicked the zone and in options selected forest wide replication. I don't remember the exact name of the tab, but it is easily identified. Now I have reinstalled (make uninstall; make install) Samba on the Linux servers and joined them as DC's to Windows server. Now it is a good time to test replication of LDAP data between server by adding for example user1 to Windows and user2 to Linux server and see if the users are being replicated between the servers. Also check the status of samba-tool drs showrepl. Then if the data is replicating without any error using the samba-tool fsmo transfer --role=all transfer all FSMO roles to Linux server. Now wait few minutes and shutdown Windows 2003 server from the network. At this point the domain should be running just fine and everything can be based on Samba4 AD's. Now you can manage your Domain and DNS data through Windows MMC tools or through samba-tool CLI tool. Also if you experience some issue with slow logins in Domain workstations, be sure to delete ipv6 address from DNS zone, as it fixed login times in my case. If you are doing this in fully functional environment where everything is depending on your DC, and people are using workstations 24H don't worry, it can be done since I did that without any downtime. I have successfully converted old windows 2000 domain into 2003 compatible domain running only on (for now) two Samba DC's. On 08/28/2013 06:29 PM, Garth Keesler wrote: Wow! I'm impressed! :-) I also ensured that the domain was at 2003 native but with no improvement. When you say that in the DNS tool I configured forest wide zone replication, is that the Win DNS MMC or samba-tool? Can you be specific? That may have been my problem. Thanx, Garth On 08/28/2013 09:52 AM, Antun Horvat wrote: Hello again, I wanted to notify everybody that I managed to overcome this problem. The issue was that CN=MicrosoftDNS,DC=ForestDnsZones,... branch was missing because the Forest was operating in Windows 2000 native functional level. The thing that I did was, transfer all FSMO roles back to Windows 2003 server plugged off Samba servers, cleaned Samba server metadata and then raised the level of the domain to Windows 2003 Native. Then in the DNS tool I configured forest wide zone replication. Then i did fresh install of Samba on Linux servers and joined the them to the domain. When I was sure that all changes are being replicated across all domain controllers, I transfered all FSMO roles back to one Linux server and unplugged Windows 2003 from the network. Now I have full access to DNS services and all other levels of Domain are functional. To be exact, I still have some minor issues such as long logon times , but soon I will resolve them to. All best, Antun On 08/27/2013 09:00 PM, Antun Horvat wrote: Well that's the thing, I can only replicate DNS changes from WinDC to Samba, but not in other way. I can't even update DNS records on Samba side, only on Windows side. I managed to figure out an error on Samba caused by RPC call: dnsserver: Found DNS zone . Failed to find DNS Zones in CN=MicrosoftDNS,DC=ForestDnsZones,DC=Radio101,DC=local Now I am surfing on the web trying to find some kind of solution. All best, Antun On 08/27/2013 08:46 PM, Garth Keesler wrote: Interesting. Are Forest and Domain records being replicated in both directions from all DCs? It always worked from the WinDC to the S4DC but not in the other direction. Also, were you able to use the WIN DNS MMC to examine the DNS records on any of the Samba DCs? If so, you are probably close to having it working; something I never managed to do.
[Samba] DNS managment error
Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS managment error
Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
Thanks for such quick reply, I have just executed samba-tool drs showrepl command and it seems that Forest and Domain LDAP DIT are being replicated successfully. But I still doubt that it can not be fixed since all RR records that are added to w2k3 server are successfully propagated and present. All name resolution queries on samba reflect the state of w2k3 DNS. Is there some way to debug RPC calls so that we can more precisely locate the error? All best, Antun On 08/27/2013 06:40 PM, Garth Keesler wrote: This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
Interesting. Are Forest and Domain records being replicated in both directions from all DCs? It always worked from the WinDC to the S4DC but not in the other direction. Also, were you able to use the WIN DNS MMC to examine the DNS records on any of the Samba DCs? If so, you are probably close to having it working; something I never managed to do. See ya... Garth On 08/27/2013 12:07 PM, Antun Horvat wrote: Thanks for such quick reply, I have just executed samba-tool drs showrepl command and it seems that Forest and Domain LDAP DIT are being replicated successfully. But I still doubt that it can not be fixed since all RR records that are added to w2k3 server are successfully propagated and present. All name resolution queries on samba reflect the state of w2k3 DNS. Is there some way to debug RPC calls so that we can more precisely locate the error? All best, Antun On 08/27/2013 06:40 PM, Garth Keesler wrote: This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
Well that's the thing, I can only replicate DNS changes from WinDC to Samba, but not in other way. I can't even update DNS records on Samba side, only on Windows side. I managed to figure out an error on Samba caused by RPC call: dnsserver: Found DNS zone . Failed to find DNS Zones in CN=MicrosoftDNS,DC=ForestDnsZones,DC=Radio101,DC=local Now I am surfing on the web trying to find some kind of solution. All best, Antun On 08/27/2013 08:46 PM, Garth Keesler wrote: Interesting. Are Forest and Domain records being replicated in both directions from all DCs? It always worked from the WinDC to the S4DC but not in the other direction. Also, were you able to use the WIN DNS MMC to examine the DNS records on any of the Samba DCs? If so, you are probably close to having it working; something I never managed to do. See ya... Garth On 08/27/2013 12:07 PM, Antun Horvat wrote: Thanks for such quick reply, I have just executed samba-tool drs showrepl command and it seems that Forest and Domain LDAP DIT are being replicated successfully. But I still doubt that it can not be fixed since all RR records that are added to w2k3 server are successfully propagated and present. All name resolution queries on samba reflect the state of w2k3 DNS. Is there some way to debug RPC calls so that we can more precisely locate the error? All best, Antun On 08/27/2013 06:40 PM, Garth Keesler wrote: This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
Unfortunate since that's exactly what I saw. I've no answers but I will keep watch in hope that you have better luck solving it than I did. See ya... Garth On 08/27/2013 02:00 PM, Antun Horvat wrote: Well that's the thing, I can only replicate DNS changes from WinDC to Samba, but not in other way. I can't even update DNS records on Samba side, only on Windows side. I managed to figure out an error on Samba caused by RPC call: dnsserver: Found DNS zone . Failed to find DNS Zones in CN=MicrosoftDNS,DC=ForestDnsZones,DC=Radio101,DC=local Now I am surfing on the web trying to find some kind of solution. All best, Antun On 08/27/2013 08:46 PM, Garth Keesler wrote: Interesting. Are Forest and Domain records being replicated in both directions from all DCs? It always worked from the WinDC to the S4DC but not in the other direction. Also, were you able to use the WIN DNS MMC to examine the DNS records on any of the Samba DCs? If so, you are probably close to having it working; something I never managed to do. See ya... Garth On 08/27/2013 12:07 PM, Antun Horvat wrote: Thanks for such quick reply, I have just executed samba-tool drs showrepl command and it seems that Forest and Domain LDAP DIT are being replicated successfully. But I still doubt that it can not be fixed since all RR records that are added to w2k3 server are successfully propagated and present. All name resolution queries on samba reflect the state of w2k3 DNS. Is there some way to debug RPC calls so that we can more precisely locate the error? All best, Antun On 08/27/2013 06:40 PM, Garth Keesler wrote: This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
