Hello Tarun,
On 02/12/2011 01:58, Tarun Chopra wrote:
Hi Matthieu
I tried reproducing the scenario by provisioning Windows 2k8 R2 as external DNS
server, Windows 2k8 R2 as Primary Domain Controller (PDC) and Windows 2k3 Sp2
as 2nd Domain Controller and didn't observe additional DRSAddEntry packets
flowing from 2nd Domain Controller to PDC, capture enclosed. I also replayed
TTT trace and seems 2nd Domain controller is receiving LDAP ADD Request packets
triggering it to invoke these additional DRSAddEntry packets.
What are the added info through LDAP that seems to trigger this ?
I also created a local repro with SAMBA server as PDC build dated (5th Nov'11)
and didn't observe any additional DRSAddEntry packets, listed below are the
steps I performed to add the 2nd domain controller. However, it would be
helpful if you can share the network trace of entire scenario (hopefully LDAP
packets will be unencrypted) so that I can analyze it in parallel.
Steps to Add 2nd Domain Controller:
1) Machine was not joined to the existing PDC (test.com)
2) Selected option "Additional domain controller for an existing
domain".
3) Entered the full DNS name of existing domain controller.
(test.com)
The thing is that I noticed another domain with this behavior.
The other day I was working on a demote bug we had in Samba, so I did
the following:
1) created a new forest on a Samba DC:
./source4/setup/provision --realm test.samba.home.matws.net --domain
TEST --adminpass totoTATA123 --targetdir=/home/mat/workspace/samba/test
Last two parameters are not really critical they just define the
administrator password and the path where the AD database and related
file will be stored
2) configured bind 9.8 as indicated
http://www.matws.net/pres/sambaxp_2011/#%2811%29 and
http://www.matws.net/pres/sambaxp_2011/#%2812%29
3) started windows 2003R2 with the DNS server role activated
4) run dcpromo with the option "Additional domain controller for an
existing domain"
5) After the reboot I noticed that the server starts to send DsAddEntry
to the PDC in order to create new partitions.
Matthieu.
Thanks
Tarun.
-----Original Message-----
From: Matthieu Patou [mailto:[email protected]]
Sent: Tuesday, November 22, 2011 2:17 PM
To: Tarun Chopra
Cc: MSSolve Case Email; [email protected]; [email protected]
Subject: Re: [REG: 111111580301298 ] DNS partition creation
Hello Tarun,
On 22/11/2011 22:42, Tarun Chopra wrote:
Hi Matthieu - On windows box, I can also see ADDEntry request from 2nd domain
controller to 1st domain controller during DCPROMO. By below statement, is it
that you are seeing this packet during DCPROMO or after DCPROMO completes and
machine restarts ?
You'll see the DsAddEntry during DC promo to create some objects needed for the
replication, but my point is for after DCPROMO and not for object related to
the to be promoted DC but for the container for DNS
3) Scenario when windows DC w/o DNS is trying to create these partitions.
Is it during domain join or replication or something else ?
So after the DC promo, I see DsAddEntry packet from the second DC to the first
one.
So is it "normal" that a 2nd DC tries to create the DNS containers after
joining a domain where DNS zones are not stored in the AD ?
Matthieu.
Thanks.
Tarun
-----Original Message-----
From: Tarun Chopra
Sent: Saturday, November 19, 2011 1:42 AM
To: '[email protected]'
Cc: MSSolve Case Email
Subject: RE: [REG: 111111580301298 ] DNS partition creation
Thanks Matthieu, I am able to load previously shared TTT traces. Will update
you as soon as I am done with investigation.
--
Matthieu Patou
Samba Team
http://samba.org
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
--
Matthieu Patou
Samba Team
http://samba.org
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
