Forum Discussion
Solved
Error joining Azure VM AD to on_prem AD through VPN
Good morning, I am trying to extend AD to Azure. I did this, starting in Azure, by creating a Virtual Network, a class 16 subnet (10.0.0.0/16), a virtual Gateway, a local Gateway, an Azure Public ...
Hi Kurt,
Having said you created AD Sites and services. Did you put the Azure AD01 into another site you created on-prem.?
However, I turned off NetBIOS in the NIC on DC01 per some instructions I read.
Let me turn it back on and see if that resolves the telnet to 137 issue.
Hi Kurt,
Having said you created AD Sites and services. Did you put the Azure AD01 into another site you created on-prem.?
Well, yes. About that. A couple things. First, I DID create a Site, I assigned the appropriate subnet, but I did NOT assign the server. Because there was no server called AD01 joined to the domain at the time I created the site.
Second, I did NOT try to join AD01 to the domain before I tried to install ADDS and DCPROMO it up. Why not? Dunno, just didn't. So, I blew away that server and re-created it. I joined it tothe domain first (it worked), then I ran ADDS, then I DCPROMO'd it up, and BOOM! New AD DC and DNS Server. I added the DNS Server address hosted in Azure to the Virtual Network, rebooted both servers to get the new DNS adddress listed in the NICs, then... couldn't replicate from Azure to on_prem.
THEN I added the AD01 server to the Site I created in AD Sites and Services. At which point everything replicated and I became a happy camper. So, excellent point, JIDE, thank you.
While I fixed this issue myself, I will give you both credit as both of you addressed 2 separate but valid issues you cna have while trying to join across a VPN.
Thank you both for responding.
Kurt
Good day. I have an ON-Prem environment running on a Hyper-V Hyper Visor (Windows Server 2019) with two network adapters. One for Internet and one from my firewall (Fortigate)
I created a Domain on Prem and synchronized it with AD Connect to Office 365 for my users etc. I also synced my custom domain to Office 365 and on prem.
I then created a site to site VPN to Azure from on Prem and it is connected, my goal is to join the Windows 10 Client I created in Azure to my on prem domain but I cannot due to DNS settings. I am able to ping the domain controller, its ip address and do a nslookup and vice versa. My site to site vpn in the firewall has nat enabled.
My Azure environment has two virtual networks that are peered to each other. One VNET has the VPN created in it, the other one is in another region because I could not deploy reseources or vms in my VPN region (South Africa North) so I had to peer it for my vm to get connected. Please assist.
On prem configs:
IP Address: 10.70.20.20
DNS Server: 172.10.0.10
No DHCP, cause its connected to my on prem networjk
Azure environment: VNET DNS SERVERS: 172.10.0.10
client vm ip : 10.1.0.4
DNS SERVER : 172.10.0.10
I have SVR records and DNS installed on prem but stilll cant get client to connect to my domain. Please assist
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "YASEEN-DC.YASEEN.LOCAL":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.YASEEN-DC.YASEEN.LOCAL
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
8.8.8.8
172.10.0.10
- One or more of the following zones do not include delegation to its child zone:
YASEEN-DC.YASEEN.LOCAL
YASEEN.LOCAL
LOCAL
. (the root zone)PS C:\Users\yaseen.abrahams> ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
PS C:\Users\yaseen.abrahams> Get-DnsClientServerAddress
InterfaceAlias Interface Address ServerAddresses
Index Family
-------------- --------- ------- ---------------
Ethernet 5 IPv4 {172.10.0.10, 8.8.8.8}
Ethernet 5 IPv6 {}
Loopback Pseudo-Interface 1 1 IPv4 {}
Loopback Pseudo-Interface 1 1 IPv6 {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}
PS C:\Users\yaseen.abrahams> Resolve-DNSName yaseen.local
Name Type TTL Section IPAddress
---- ---- --- ------- ---------
yaseen.local A 600 Answer 208.91.112.55
yaseen.local A 600 Answer 208.91.112.55PS C:\Users\yaseen.abrahams> Resolve-DNSName _ldap._tcp.dc._msdcs.yaseen.local
Name Type TTL Section PrimaryServer NameAdministrator SerialNumber
---- ---- --- ------- ------------- ----------------- ------------
yaseen.local SOA 3600 Authority yaseen-dc.yaseen.local hostmaster.yaseen.local 45Apparently I cannot have TWO best answers. Ah well.
