Re: adding machine to domain with NATed IPs
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Tue, 10 Feb 2009 23:38:53 -0000
Hi
Hum... Time out errors, sounds that the DCs are not reaching the clients or vice versa? Any errors on the logs for the NAT devices? Any FW configured between them? Can you ping back the clients and servers? Can you ping the domain by its FQDN? can the servers pint the clients by IP and Name? Since that the clients are simulated within the same subnet, will the broadcast request pass the NAT device?
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"BlueIT" <bijal.shah@xxxxxxxxxx> wrote in message news:0160003b-2f78-4aab-8c39-4d48ee0aab49@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Within the domain, there are five DCs for three sites. Subnets are
specified within AD Site and Services accordingly. No forest within
the domain.
We have four remote machines that need to added to the domain. Due to
the cost/maintenance we went to a 3rd party hosted solution for
connectivity between the main site and remote. The third party is
NATing a list of given IPs we provided for within the same subnet
(172.31.244.x). Clients will communicate based on the NATed IPs,
clients will be accessible by actual IP.
The NATed IPs for the DC/DNS on the 172.31.244.x subnet:
SRV1 206.13.184.4
SRV2 206.13.184.5
On the remote clients, we specified these IPs as DNS server within TCP/
IP properties and the remote subnet within Sites and Services. When
attemping to add the machines to the domain, we get this initial
error:
Note: This information is intended for a network administrator. If
you are not your network's administrator, notify the administrator
that you received this information, which has been recorded in the
file C:\WINDOWS\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service
location (SRV) resource record used to locate a domain controller for
domain bluecapital.local:
The error was: "This operation returned because the timeout period
expired."
(error code 0x000005B4 ERROR_TIMEOUT)
The query was for the SRV record for
_ldap._tcp.dc._msdcs.bluecapital.local
The DNS servers used by this computer for name resolution are not
responding. This computer is configured to use DNS servers with the
following IP addresses:
206.13.184.4
206.13.184.5
Verify that this computer is connected to the network, that these are
the correct DNS server IP addresses, and that at least one of the DNS
servers is running.
For more information on how to correct this problem, click Help.
In an effort to determine the issue, we ran a WireShark on the PDC
emulator and believe that all five DCs were responding back to the
request. And since all five DCs are not NATed, the client was failing
to join the domain. WireShark output below:
Queries
_ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN
Name: _ldap._tcp.dc._msdcs.mydomain.local
Type: SRV (Service location)
Class: IN (0x0001)
Answers
_ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
weight 100, port 389, target srv5.mydomain.local
Name: _ldap._tcp.dc._msdcs.mydomain.local
Type: SRV (Service location)
Class: IN (0x0001)
Time to live: 10 minutes
Data length: 33
Priority: 0
Weight: 100
Port: 389
Target: srv5.mydomain.local
_ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
weight 100, port 389, target srv3.mydomain.local
Name: _ldap._tcp.dc._msdcs.mydomain.local
Type: SRV (Service location)
Class: IN (0x0001)
Time to live: 10 minutes
Data length: 33
Priority: 0
Weight: 100
Port: 389
Target: srv3.mydomain.local
_ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
weight 100, port 389, target srv4.mydomain.local
Name: _ldap._tcp.dc._msdcs.mydomain.local
Type: SRV (Service location)
Class: IN (0x0001)
Time to live: 10 minutes
Data length: 33
Priority: 0
Weight: 100
Port: 389
Target: srv4.mydomain.local
_ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
weight 100, port 389, target srv1.mydomain.local
Name: _ldap._tcp.dc._msdcs.mydomain.local
Type: SRV (Service location)
Class: IN (0x0001)
Time to live: 10 minutes
Data length: 33
Priority: 0
Weight: 100
Port: 389
Target: srv1.mydomain.local
_ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
weight 100, port 389, target srv2.mydomain.local
Name: _ldap._tcp.dc._msdcs.mydomain.local
Type: SRV (Service location)
Class: IN (0x0001)
Time to live: 10 minutes
Data length: 33
Priority: 0
Weight: 100
Port: 389
Target: srv2.mydomain.local
My first attempt was changing the priority for each of the _ldap(SRV)
within DNS and failed. Second attempt was to changed the client local
LMHOST file and failed. My searches are leading to a dead end. We
basically want only the two NATed DCs to respond back if that is the
problem.
Thanks in advance
.
- Follow-Ups:
- Re: adding machine to domain with NATed IPs
- From: BlueIT
- Re: adding machine to domain with NATed IPs
- References:
- adding machine to domain with NATed IPs
- From: BlueIT
- adding machine to domain with NATed IPs
- Prev by Date: Re: Importing email addresses
- Next by Date: Re: Importing email addresses
- Previous by thread: adding machine to domain with NATed IPs
- Next by thread: Re: adding machine to domain with NATed IPs
- Index(es):
Relevant Pages
|
Loading
