samba - Aug 2016 - Samba AD member join failure - internal error

Hi,

I have setup a Samba AD Domain Controller on a fresh Ubuntu 16.04 installation,
and at face value it looks to be working. The member join from two clients are
not working, one another fresh Ubuntu 16.04 install, the other a Mac.  The Mac
used to join my old server install (which I had done a long time back with
Centrify) just fine, but following same steps it does not join the new server. 
I have a feeling my issue is on the server side, where I missing something
fundamental, but I need help figuring it out.

Server side setup: http://pastebin.com/hnfZdn7i
Client side setup:  http://pastebin.com/sbPZUAEQ

On the server side, I had to manually create and initialize the Kerberos domain.
The only thing unusual is I had to add Kerberos principals manually for
"administrator" and "admin/admin".  I did not add a
principal for Administrator (with capital "a"), I notice Samba adds
that user internally.

On the Ubuntu client/AD Member side, I can kinit and receive principals
correctly. However, the "net ads join" fails, as below.
On the Mac client, I get a failure complaining about NTP time sync, but I have
ensured that all three machines are syncing of the Ubuntu NTP servers (including
the Mac).

When I used to use Unix auth with Samba (prior to Centrify/AD), I used to have
to add "machine$" using "useradd -m". I tried adding Samba
users with "samba-tool", it didn't help. I wonder if I need to do
something similar with Kerberos as well? I tried adding principals to Kerberos,
but it didn't help, and I am not sure what the exact format of the principal
would be any way.

Any and all help would be most appreciated!  Please let me know if I can provide
more specific logs.

Thanks,
Shash

Failure from net join as "Administrator": 
http://pastebin.com/KX4u5NLc
Failure from net join as "administrator": 
http://pastebin.com/8yrhd735