Mitja TavĨar
2024-Aug-11 14:51 UTC
[Samba] Problems on joining samba DC to a Windows Domain while adding DNS record for new DC
Il giorno sab, 10/08/2024 alle 09.29 +0100, Rowland Penny via samba ha scritto:> On Sat, 10 Aug 2024 09:34:32 +0200 > Mitja Tav?ar via samba <samba at lists.samba.org> wrote: > > > Il giorno ven, 09/08/2024 alle 17.32 +0100, Rowland Penny via samba > > ha scritto: > > > On Fri, 09 Aug 2024 17:51:22 +0200 > > > Mitja Tav?ar via samba <samba at lists.samba.org> wrote: > > > > > > > > > > > The original domain was not deployed as 2008R2 but as Windows2000 > > > > and then upgraded to 2003 and subsequently to 2008R2 level. But > > > > we have not encountered any problems so far. > > > > > > The DNS on a W2k is very different from what is used now, so when it > > > was updated was the DNS updated as well ? > > > > Ok, according to the error that popped out also of Douglas patch it > > should be a missing DNS zone in my DNS. > > > > (9601, 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST') > > > > > If it wasn't, then the base NC will not be there to put the dns > > > record into. > > > > Maybe you know how can i check if the correct NC exists? whith ADSI > > Edit or some other tool? > > > > Do you have any Linux domain clients ? > If so try this command: > > sudo ldbsearch --cross-ncs --show-binary -H > ldap://vmw2srvdc1.intra.comune.trento.it -P -b > 'dc=intra,dc=comune,dc=trento,dc=it' -s sub '(objectclass=dnszone)' -d0 > > grep 'dn:' > > When I run the command, I get this: > > dn: DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > dn: DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com > dn: DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > dn: DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com > > Yours will not be in the same order, I have re-ordered them to explain > them better. > The first is the forward domain dns zone. > the second is the forward forest dns zone. > the third is the reverse zone and in this case isn't important, you may > not have one, or you could have multiple, but can be created/deleted at > will. > The final two are 'root' dns servers and are not used by Samba.I ran the command as domain administrator sudo ldbsearch --cross-ncs --show-binary -H ldap://vmw2srvdc1.intra.comune.trento.it -P -b 'dc=intra,dc=comune,dc=trento,dc=it' -s sub '(objectclass=dnszone)' -d0 | grep 'dn:' and received this response: dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it dn: DC=10.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it dn: DC=11.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it (...cut all similar lines...) dn: DC=27.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it dn: DC=43.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it dn: DC=37.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it I can see that, apart for the reverse zone records, only one of the 'root' dns servers records exist in my directory. So almost all the relevant top level DNS objects are missing. I think I need to verify and correct the zones in Active Directory and maybe recreate them. The system is in production and so I think I will have to plan to work with some notice. Thank You for the help Mitja Tav?ar
Rowland Penny
2024-Aug-11 15:39 UTC
[Samba] Problems on joining samba DC to a Windows Domain while adding DNS record for new DC
On Sun, 11 Aug 2024 16:51:27 +0200 Mitja Tav?ar via samba <samba at lists.samba.org> wrote:> Il giorno sab, 10/08/2024 alle 09.29 +0100, Rowland Penny via samba > ha scritto: > > On Sat, 10 Aug 2024 09:34:32 +0200 > > Mitja Tav?ar via samba <samba at lists.samba.org> wrote: > > > > > Il giorno ven, 09/08/2024 alle 17.32 +0100, Rowland Penny via > > > samba ha scritto: > > > > On Fri, 09 Aug 2024 17:51:22 +0200 > > > > Mitja Tav?ar via samba <samba at lists.samba.org> wrote: > > > > > > > > > > > > > > The original domain was not deployed as 2008R2 but as > > > > > Windows2000 and then upgraded to 2003 and subsequently to > > > > > 2008R2 level. But we have not encountered any problems so far. > > > > > > > > The DNS on a W2k is very different from what is used now, so > > > > when it was updated was the DNS updated as well ? > > > > > > Ok, according to the error that popped out also of Douglas patch > > > it should be a missing DNS zone in my DNS. > > > > > > (9601, 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST') > > > > > > > If it wasn't, then the base NC will not be there to put the dns > > > > record into. > > > > > > Maybe you know how can i check if the correct NC exists? whith > > > ADSI Edit or some other tool? > > > > > > > Do you have any Linux domain clients ? > > If so try this command: > > > > sudo ldbsearch --cross-ncs --show-binary -H > > ldap://vmw2srvdc1.intra.comune.trento.it -P -b > > 'dc=intra,dc=comune,dc=trento,dc=it' -s sub '(objectclass=dnszone)' > > -d0 > > > grep 'dn:' > > > > When I run the command, I get this: > > > > dn: > > DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > dn: > > DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com > > dn: > > DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > dn: > > DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > dn: > > DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com > > > > Yours will not be in the same order, I have re-ordered them to > > explain them better. > > The first is the forward domain dns zone. > > the second is the forward forest dns zone. > > the third is the reverse zone and in this case isn't important, you > > may not have one, or you could have multiple, but can be > > created/deleted at will. > > The final two are 'root' dns servers and are not used by Samba. > > I ran the command as domain administrator > > sudo ldbsearch --cross-ncs --show-binary -H > ldap://vmw2srvdc1.intra.comune.trento.it -P -b > 'dc=intra,dc=comune,dc=trento,dc=it' -s sub '(objectclass=dnszone)' > -d0 | grep 'dn:' > > and received this response: > > dn: > DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it > dn: > DC=10.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it > dn: > DC=11.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it > (...cut all similar lines...) dn: > DC=27.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it > dn: > DC=43.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it > dn: > DC=37.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it > > > I can see that, apart for the reverse zone records, only one of the > 'root' dns servers records exist in my directory. So almost all the > relevant top level DNS objects are missing. > > I think I need to verify and correct the zones in Active Directory > and maybe recreate them. The system is in production and so I think I > will have to plan to work with some notice. > > Thank You for the help > > Mitja Tav?arDo you want the good news or the bad news ?? I will start with the good news: I know what your problem is. The bad news is: I do not know how to fix it :-( You are still using the W2k dns system, this means that your dns knows nothing about ForestDnsZones. There used to be a Microsoft webpage, but that disappeared quite some time ago, but I have found a copy: https://ftp.zx.net.nz/pub/archive/ftp.microsoft.com/MISC/KB/en-us/817/470.HTM See if that helps. Sorry that I cannot really help further, but I have never directly faced this problem. I know vaguely what needs to be done, but not how precisely to do it, perhaps some else knows the secret incantations required ;-) Rowland