samba - Apr 2020 - samba 4.12.2: WERR_DNS_ERROR_DS_UNAVAILABLE, unable to manage samba DNS

On 30/04/2020 11:44, Olaf Dreyer wrote:
> Hi,
>
> I restored the last backup with the 4.11.6 setup. This is working fine 
> and i can confirm that my AD is set up with a single forwarding zone, 
> there is no _msdsc zone. On this 4.11.6 setup also the Windows DNS 
> Tool does not complain. When upgrading to 4.12.2 DNS administration 
> fails again with WERR_DNS_ERROR_DS_UNAVAILABLE.
>
> I will try the steps described in the MS document? and come back with 
> the results.
I think both Andrew and myself are both right, Your problem with 4.12.x 
is undoubtedly due to the bug Andrew pointed to, but you also do not 
have a _msdcs zone and if you ever want to add another DC, experience 
from earlier posts to this list has shown that this will not work.

Rowland

Am 30.04.2020 um 12:57 schrieb Rowland penny via samba:
> On 30/04/2020 11:44, Olaf Dreyer wrote:
>> Hi,
>>
>> I restored the last backup with the 4.11.6 setup. This is working 
>> fine and i can confirm that my AD is set up with a single forwarding 
>> zone, there is no _msdsc zone. On this 4.11.6 setup also the Windows 
>> DNS Tool does not complain. When upgrading to 4.12.2 DNS 
>> administration fails again with WERR_DNS_ERROR_DS_UNAVAILABLE.
>>
>> I will try the steps described in the MS document? and come back with 
>> the results.
>
> I think both Andrew and myself are both right, Your problem with 
> 4.12.x is undoubtedly due to the bug Andrew pointed to, but you also 
> do not have a _msdcs zone and if you ever want to add another DC, 
> experience from earlier posts to this list has shown that this will 
> not work.
>
> Rowland
>
>
>
I have created the _msdcs zone (using MS DNS MMC) and removed the _msdcs 
subdomain using ldbdel since this was not possible using the MMC. The 
_msdcs zone is populated with all entries. But after upgrading to 4.12.2 
i again get the WERR_DNS_ERROR_DS_UNAVAILABLE.

Best regards,
Olaf

Hello,

I spent some more time on this issue.

First I added a Win2012R2 Server to the domain an promoted this server 
to DC and FSMO Role owner.

Then I changed the DNS setup according to the docs provided by 
Microsoft. So the _msdcs.xxxx.xx zone is forest wide replicated, the 
xxx.xx zone is domain wide replicated. Running ldbsearch:

root at OMTNDC3:~#? ldbsearch --cross-ncs -H 
/usr/local/samba/private/sam.ldb -s sub | grep -i dn: | grep -i 
"DC=DomainDNS"
dn: 
DC=_kerberos._udp,DC=omtn.de,CN=MicrosoftDNS,DC=DomainDnsZones,DC=omtn,DC=de
dn: 
DC=tk-prod-radius2,DC=omtn.de,CN=MicrosoftDNS,DC=DomainDnsZones,DC=omtn,DC=de
dn: DC=_imap._tcp,DC=omtn.de,CN=MicrosoftDNS,DC=DomainDnsZones,DC=omtn,DC=de
dn: 
DC=_ldap._tcp.ForestDnsZones,DC=omtn.de,CN=MicrosoftDNS,DC=DomainDnsZones,DC=omtn,DC=de
dn: DC=zotac,DC=omtn.de,CN=MicrosoftDNS,DC=DomainDnsZones,DC=omtn,DC=de
......

oot at OMTNDC3:~#? ldbsearch --cross-ncs -H 
/usr/local/samba/private/sam.ldb -s sub | grep -i dn: | grep 
"DC=ForestDnsZones" | grep -v in-addr
dn: 
DC=ForestDnsZones,DC=omtn.de,CN=MicrosoftDNS,DC=DomainDnsZones,DC=omtn,DC=de
dn: 
DC=11688bc4-f4b8-434b-bb24-4cd0ad1d3253,DC=_msdcs.omtn.de,CN=MicrosoftDNS,DC=ForestDnsZones,DC=omtn,DC=de
dn: CN=Infrastructure,DC=ForestDnsZones,DC=omtn,DC=de
dn: DC=_msdcs.omtn.de,CN=MicrosoftDNS,DC=ForestDnsZones,DC=omtn,DC=de
dn: 
DC=_ldap._tcp.pdc,DC=_msdcs.omtn.de,CN=MicrosoftDNS,DC=ForestDnsZones,DC=omtn,DC=de
dn: 
DC=_kerberos._tcp.CorporateDataCenter._sites.dc,DC=_msdcs.omtn.de,CN=MicrosoftDNS,DC=ForestDnsZones,DC=omtn,DC=de
dn: CN=MicrosoftDNS,DC=ForestDnsZones,DC=omtn,DC=de
dn: 
DC=_ldap._tcp.b66950c4-e9b8-4bc9-b625-5b7d8a36f903.domains,DC=_msdcs.omtn.de,CN=MicrosoftDNS,DC=ForestDnsZones,DC=omtn,DC=de
.......

Then i demoted one samba 4.11 servers, deleted the full /usr/local/samba 
directory tree,

install samba 4.12.2 and joined the doamin again as a DC. The join went 
fine.

But running a samba-tool dns query command I get the 
WERR_DNS_ERROR_DS_UNAVAILABLE again. Downgrading to Samba 4.11.8 fixes 
this problem.

Best regards,
Olaf


Am 30.04.2020 um 13:41 schrieb od--- via samba:
> Am 30.04.2020 um 12:57 schrieb Rowland penny via samba:
>> On 30/04/2020 11:44, Olaf Dreyer wrote:
>>> Hi,
>>>
>>> I restored the last backup with the 4.11.6 setup. This is working 
>>> fine and i can confirm that my AD is set up with a single
forwarding
>>> zone, there is no _msdsc zone. On this 4.11.6 setup also the
Windows
>>> DNS Tool does not complain. When upgrading to 4.12.2 DNS 
>>> administration fails again with WERR_DNS_ERROR_DS_UNAVAILABLE.
>>>
>>> I will try the steps described in the MS document? and come back 
>>> with the results.
>>
>> I think both Andrew and myself are both right, Your problem with 
>> 4.12.x is undoubtedly due to the bug Andrew pointed to, but you also 
>> do not have a _msdcs zone and if you ever want to add another DC, 
>> experience from earlier posts to this list has shown that this will 
>> not work.
>>
>> Rowland
>>
>>
>>
> I have created the _msdcs zone (using MS DNS MMC) and removed the 
> _msdcs subdomain using ldbdel since this was not possible using the 
> MMC. The _msdcs zone is populated with all entries. But after 
> upgrading to 4.12.2 i again get the WERR_DNS_ERROR_DS_UNAVAILABLE.
>
> Best regards,
> Olaf
>
>
>
>