samba - Oct 2016 - Can't connect via smb to s4 DC

I have 4 samba 4.5.0 DCs.  I can connect via smb to two of them and 
can't connect to another two.  I get an error "The request is not 
supported".  Those same two DCs I cannot connect to via smb also have 
issues via ADUC.  I get an "RPC server is unavailable" when trying to 
connect with ADUC.

Here's my smb.conf: http://pastebin.com/7J8hNd0Y.

Thanks,
Arthur

This e-mail and any attachments may contain CONFIDENTIAL information, including
PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or
disclosure of this information is STRICTLY PROHIBITED; you are requested to
delete this e-mail and any attachments, notify the sender immediately, and
notify the Mediture Privacy Officer at privacyofficer at mediture.com.

On Wed, 19 Oct 2016 10:00:08 -0500
Arthur Ramsey via samba <samba at lists.samba.org> wrote:
> I have 4 samba 4.5.0 DCs.  I can connect via smb to two of them and 
> can't connect to another two.  I get an error "The request is not 
> supported".  Those same two DCs I cannot connect to via smb also have 
> issues via ADUC.  I get an "RPC server is unavailable" when
trying to
> connect with ADUC.
> 
Can I suggest you make the smb.conf look like this:

# Global parameters
[global]
        debug level = 4
        workgroup = MEDITURE
        realm = mediture.dom
        netbios name = AWS-DC01
 
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
         
        template homedir = /home/%U
        template shell = /bin/bash
 
        server string = Samba Server Version %v
 
        allow trusted domains = no
        ldap server require strong auth = no
 
        winbind refresh tickets = yes
        winbind offline logon = yes
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
 
        kerberos method = secrets and keytab
 
        idmap_ldb:use rfc2307 = yes
 
[netlogon]
        path = /usr/local/samba/var/locks/sysvol/mediture.dom/scripts
        read only = No
 
[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

It is the same as yours, with all the default lines removed, the
totally useless (on a DC) 'idmap config' lines removed and winbindd
turned on.

If this doesn't help, try checking this out:

https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record

Rowland

Didn't help.  I went through the wiki page already: the DNS records 
exist and are properly resolving on all DCs.

Thanks,
Arthur

This e-mail and any attachments may contain CONFIDENTIAL information, including
PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or
disclosure of this information is STRICTLY PROHIBITED; you are requested to
delete this e-mail and any attachments, notify the sender immediately, and
notify the Mediture Privacy Officer at privacyofficer at mediture.com.