samba - Oct 2008 - samba4/Win2008: error -> directory property cannot be found in the cache

I setup a samba4 pdc and successfully added a Windows 2008 machine to 
the domain.

When I start up the "Active Directory Users and Computers" tool, I get
a
"Naming information cannot be located because: directory property cannot 
be found in the cache" error.

I'm running a pretty up to date version of samba4. The head commit is:

commit 044bb5ce391e0b271d5dee87dd05bbedd6bcdadc
Author: G?nther Deschner <gd@samba.org>
Date:   Sun Oct 19 00:26:16 2008 +0200

I set my log level to 10 in smb.conf, and get the output shown below. 
Any ideas on what's going wrong? I thing else I can do to help 
troubleshoot the problem? I have a wireshark capture as well, but wasn't 
sure if it would be safe to post.

jr

Registered NVIZN<1b> with 10.0.0.1 on interface 10.0.0.255
Registered NVIZN<1c> with 10.0.0.1 on interface 10.0.0.255
Registered NVIZN<00> with 10.0.0.1 on interface 10.0.0.255
Received cldap packet of length 156 from 10.0.0.2:55695
cldap netlogon query domain=nvizn.com host=FRODO user=(null) 
version=536870934 guid=0020fc69-5a37-46af-8279-7462bed3d8e9
added interface ip=10.0.0.1 nmask=255.255.255.0
gendb_search_v: cn=Primary Domains 
(&(flatname=NVIZN)(objectclass=primaryDomain)) -> 1
Security token of user S-1-5-7
 SIDs (4):
  SID[  0]: S-1-5-7
  SID[  1]: S-1-5-32-546
  SID[  2]: S-1-1-0
  SID[  3]: S-1-5-2
 Privileges (0x               0):
gendb_search_v:  (objectclass=ldapSecret) -> 0
(normal if no LDAP backend required) Could not find entry to match 
filter: '(objectclass=ldapSecret)' base: '(null)'
ldb: naming_fsmo_init: we are master: yes

ldb: pdc_fsmo_init: we are master: yes

SearchRequest basedn:  filter: (objectclass=*)
SearchRequest: basedn: []
SearchRequest: filter: [(objectclass=*)]
SearchRequest: scope: [BASE]
SearchRequest: attrs: [subschemaSubentry]
SearchRequest: attrs: [dsServiceName]
SearchRequest: attrs: [namingContexts]
SearchRequest: attrs: [defaultNamingContext]
SearchRequest: attrs: [schemaNamingContext]
SearchRequest: attrs: [configurationNamingContext]
SearchRequest: attrs: [rootDomainNamingContext]
SearchRequest: attrs: [supportedControl]
SearchRequest: attrs: [supportedLDAPVersion]
SearchRequest: attrs: [supportedLDAPPolicies]
SearchRequest: attrs: [supportedSASLMechanisms]
SearchRequest: attrs: [dnsHostName]
SearchRequest: attrs: [ldapServiceName]
SearchRequest: attrs: [serverName]
SearchRequest: attrs: [supportedCapabilities]
ldb_request BASE dn= filter=(objectclass=*)
SearchRequest: results: [1]
Received cldap packet of length 156 from 10.0.0.2:55999
cldap netlogon query domain=NVIZN.COM host=FRODO user=(null) 
version=536870934 guid=0020fc69-5a37-46af-8279-7462bed3d8e9
added interface ip=10.0.0.1 nmask=255.255.255.0
Received KDC packet of length 1522 from 10.0.0.2:50044
Kerberos: TGS-REQ Administrator@NVIZN.COM from 10.0.0.2 for 
ldap/gandalf.nvizn.com/nvizn.com@NVIZN.COM [renewable, forwardable]
gendb_search_v: DC=nvizn,DC=com NULL -> 1
gendb_search_v: CN=GANDALF,OU=Domain Controllers,DC=nvizn,DC=com NULL -> 1
gendb_search_v: CN=Partitions,CN=Configuration,DC=nvizn,DC=com 
ncName=DC=nvizn,DC=com -> 1
gendb_search_v: DC=nvizn,DC=com NULL -> 1
gendb_search_v: CN=Partitions,CN=Configuration,DC=nvizn,DC=com 
(ncName=DC=nvizn,DC=com) -> 1
gendb_search_v: CN=Administrator,CN=Users,DC=nvizn,DC=com NULL -> 1
Kerberos: TGS-REQ authtime: 2008-10-19T14:36:44 starttime: 
2008-10-19T14:41:56 endtime: 2037-09-12T22:48:05 renew till: unset
Terminating connection - 'NT_STATUS_END_OF_FILE'
Terminating connection - 'NT_STATUS_END_OF_FILE'
single_terminate: reason[NT_STATUS_END_OF_FILE]
BindSASL dn:
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographicly sealed
gendb_search_v:  (objectclass=ldapSecret) -> 0
(normal if no LDAP backend required) Could not find entry to match 
filter: '(objectclass=ldapSecret)' base: '(null)'
ldb: naming_fsmo_init: we are master: yes

ldb: pdc_fsmo_init: we are master: yes

gendb_search_v: NULL 
objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\B1\CE\E2\C1u\8Dip\B3\F1Y\07\F4\01\00\00
-> 1
gendb_search_v: NULL 
objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\B1\CE\E2\C1u\8Dip\B3\F1Y\07\01\02\00\00
-> 1
gendb_search_v: NULL objectSid=\01\01\00\00\00\00\00\01\00\00\00\00 -> 1
gendb_search_v: NULL objectSid=\01\01\00\00\00\00\00\05\02\00\00\00 -> 1
gendb_search_v: NULL objectSid=\01\01\00\00\00\00\00\05\0B\00\00\00 -> 1
gendb_search_v: NULL 
objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\B1\CE\E2\C1u\8Dip\B3\F1Y\07\06\02\00\00
-> 1
gendb_search_v: NULL 
objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\B1\CE\E2\C1u\8Dip\B3\F1Y\07\07\02\00\00
-> 1
gendb_search_v: NULL 
objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\B1\CE\E2\C1u\8Dip\B3\F1Y\07\00\02\00\00
-> 1
gendb_search_v: NULL 
objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\B1\CE\E2\C1u\8Dip\B3\F1Y\07\08\02\00\00
-> 1
gendb_search_v: NULL 
objectSid=\01\02\00\00\00\00\00\05\20\00\00\00\20\02\00\00 -> 1
Security token of user S-1-5-21-3252866737-1885965685-123335091-500
 SIDs (10):
  SID[  0]: S-1-5-21-3252866737-1885965685-123335091-500
  SID[  1]: S-1-5-21-3252866737-1885965685-123335091-513
  SID[  2]: S-1-1-0
  SID[  3]: S-1-5-2
  SID[  4]: S-1-5-11
  SID[  5]: S-1-5-21-3252866737-1885965685-123335091-518
  SID[  6]: S-1-5-21-3252866737-1885965685-123335091-519
  SID[  7]: S-1-5-21-3252866737-1885965685-123335091-512
  SID[  8]: S-1-5-21-3252866737-1885965685-123335091-520
  SID[  9]: S-1-5-32-544
 Privileges (0x          FFFFFF):
  Privilege[  0]: SeSecurityPrivilege
  Privilege[  1]: SeBackupPrivilege
  Privilege[  2]: SeRestorePrivilege
  Privilege[  3]: SeSystemtimePrivilege
  Privilege[  4]: SeShutdownPrivilege
  Privilege[  5]: SeRemoteShutdownPrivilege
  Privilege[  6]: SeTakeOwnershipPrivilege
  Privilege[  7]: SeDebugPrivilege
  Privilege[  8]: SeSystemEnvironmentPrivilege
  Privilege[  9]: SeSystemProfilePrivilege
  Privilege[ 10]: SeProfileSingleProcessPrivilege
  Privilege[ 11]: SeIncreaseBasePriorityPrivilege
  Privilege[ 12]: SeLoadDriverPrivilege
  Privilege[ 13]: SeCreatePagefilePrivilege
  Privilege[ 14]: SeIncreaseQuotaPrivilege
  Privilege[ 15]: SeChangeNotifyPrivilege
  Privilege[ 16]: SeUndockPrivilege
  Privilege[ 17]: SeManageVolumePrivilege
  Privilege[ 18]: SeImpersonatePrivilege
  Privilege[ 19]: SeCreateGlobalPrivilege
  Privilege[ 20]: SeEnableDelegationPrivilege
  Privilege[ 21]: SeInteractiveLogonRight
  Privilege[ 22]: SeNetworkLogonRight
  Privilege[ 23]: SeRemoteInteractiveLogonRight
Got KRB5 session key of length 32 (done)
gensec_gssapi: NO delegated credentials supplied by client
gendb_search_v:  (objectclass=ldapSecret) -> 0
(normal if no LDAP backend required) Could not find entry to match 
filter: '(objectclass=ldapSecret)' base: '(null)'
ldb: naming_fsmo_init: we are master: yes

ldb: pdc_fsmo_init: we are master: yes

SearchRequest basedn:  filter: (objectClass=*)
SearchRequest: basedn: []
SearchRequest: filter: [(objectClass=*)]
SearchRequest: scope: [BASE]
ldb_request BASE dn= filter=(objectClass=*)
SearchRequest: results: [1]
UnbindRequest
Terminating connection - 'NT_STATUS_END_OF_FILE'
Terminating connection - 'NT_STATUS_END_OF_FILE'
single_terminate: reason[NT_STATUS_END_OF_FILE]
dreplsrv_periodic_run(): schedule pull replication
dreplsrv_periodic_run(): run pending_ops
dreplsrv_periodic_schedule(300) scheduled for: Sun Oct 19 14:46:57 2008 EDT

Joel Reed wrote:
> I setup a samba4 pdc and successfully added a Windows 2008 machine to 
> the domain.
>
> When I start up the "Active Directory Users and Computers" tool,
I get
> a "Naming information cannot be located because: directory property 
> cannot be found in the cache" error. 
I tried this with Windows 2003 as well. The computer can be successfully 
added to the domain, but the "dsa.msc" tool fails on load with a
similar
error about "naming information cannot be located".

Are there some dns records required for these tools that are not 
required for domain join operations?

I've also successfully joined a linux box running winbind to this domain 
as well.

jr