Re: adding machine to domain with NATed IPs
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Wed, 11 Feb 2009 18:25:05 -0000
Yes, do the following from cmd (install support tools first, can download from MS web site):
Netdom Join %computername% /Domain:mydomain.local\DCName /UserD:Mydomain\Administrator /PasswordD:*
Let me know the results :)
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"BlueIT" <bijal.shah@xxxxxxxxxx> wrote in message news:2dbbe660-3c66-49f8-ba5f-003f8062a28c@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Feb 10, 5:38 pm, "Jorge Silva" <jorgesilva...@xxxxxxxxxxx> wrote:
Hi
Hum... Time out errors, sounds that the DCs are not reaching the clients or
vice versa? Any errors on the logs for the NAT devices? Any FW configured
between them? Can you ping back the clients and servers? Can you ping the
domain by its FQDN? can the servers pint the clients by IP and Name? Since
that the clients are simulated within the same subnet, will the broadcast
request pass the NAT device?
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights."BlueIT" <bijal.s...@xxxxxxxxxx> wrote in message
news:0160003b-2f78-4aab-8c39-4d48ee0aab49@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Within the domain, there are five DCs for three sites. Subnets are
> specified within AD Site and Services accordingly. No forest within
> the domain.
> We have four remote machines that need to added to the domain. Due to
> the cost/maintenance we went to a 3rd party hosted solution for
> connectivity between the main site and remote. The third party is
> NATing a list of given IPs we provided for within the same subnet
> (172.31.244.x). Clients will communicate based on the NATed IPs,
> clients will be accessible by actual IP.
> The NATed IPs for the DC/DNS on the 172.31.244.x subnet:
> SRV1 206.13.184.4
> SRV2 206.13.184.5
> On the remote clients, we specified these IPs as DNS server within TCP/
> IP properties and the remote subnet within Sites and Services. When
> attemping to add the machines to the domain, we get this initial
> error:
> Note: This information is intended for a network administrator. If
> you are not your network's administrator, notify the administrator
> that you received this information, which has been recorded in the
> file C:\WINDOWS\debug\dcdiag.txt.
> The following error occurred when DNS was queried for the service
> location (SRV) resource record used to locate a domain controller for
> domain bluecapital.local:
> The error was: "This operation returned because the timeout period
> expired."
> (error code 0x000005B4 ERROR_TIMEOUT)
> The query was for the SRV record for
> _ldap._tcp.dc._msdcs.bluecapital.local
> The DNS servers used by this computer for name resolution are not
> responding. This computer is configured to use DNS servers with the
> following IP addresses:
> 206.13.184.4
> 206.13.184.5
> Verify that this computer is connected to the network, that these are
> the correct DNS server IP addresses, and that at least one of the DNS
> servers is running.
> For more information on how to correct this problem, click Help.
> In an effort to determine the issue, we ran a WireShark on the PDC
> emulator and believe that all five DCs were responding back to the
> request. And since all five DCs are not NATed, the client was failing
> to join the domain. WireShark output below:
> Queries
> _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN
> Name: _ldap._tcp.dc._msdcs.mydomain.local
> Type: SRV (Service location)
> Class: IN (0x0001)
> Answers
> _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> weight 100, port 389, target srv5.mydomain.local
> Name: _ldap._tcp.dc._msdcs.mydomain.local
> Type: SRV (Service location)
> Class: IN (0x0001)
> Time to live: 10 minutes
> Data length: 33
> Priority: 0
> Weight: 100
> Port: 389
> Target: srv5.mydomain.local
> _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> weight 100, port 389, target srv3.mydomain.local
> Name: _ldap._tcp.dc._msdcs.mydomain.local
> Type: SRV (Service location)
> Class: IN (0x0001)
> Time to live: 10 minutes
> Data length: 33
> Priority: 0
> Weight: 100
> Port: 389
> Target: srv3.mydomain.local
> _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> weight 100, port 389, target srv4.mydomain.local
> Name: _ldap._tcp.dc._msdcs.mydomain.local
> Type: SRV (Service location)
> Class: IN (0x0001)
> Time to live: 10 minutes
> Data length: 33
> Priority: 0
> Weight: 100
> Port: 389
> Target: srv4.mydomain.local
> _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> weight 100, port 389, target srv1.mydomain.local
> Name: _ldap._tcp.dc._msdcs.mydomain.local
> Type: SRV (Service location)
> Class: IN (0x0001)
> Time to live: 10 minutes
> Data length: 33
> Priority: 0
> Weight: 100
> Port: 389
> Target: srv1.mydomain.local
> _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> weight 100, port 389, target srv2.mydomain.local
> Name: _ldap._tcp.dc._msdcs.mydomain.local
> Type: SRV (Service location)
> Class: IN (0x0001)
> Time to live: 10 minutes
> Data length: 33
> Priority: 0
> Weight: 100
> Port: 389
> Target: srv2.mydomain.local
> My first attempt was changing the priority for each of the _ldap(SRV)
> within DNS and failed. Second attempt was to changed the client local
> LMHOST file and failed. My searches are leading to a dead end. We
> basically want only the two NATed DCs to respond back if that is the
> problem.
> Thanks in advance- Hide quoted text -
- Show quoted text -
I failed to mentioned that PING is being blocked by the 3rd party
hosted solution for connectivity. I am able to telnet to open ports
on the remote DCs. I enter the NATed IP of the two DCs within the
client TCP/IP properities. The machines do register within DNS
(forward and reverse) as well and when I do a nslookup, one of the two
NATed servers displays as a result with the NATed IP:
c:\>nslookup
Default Server: srv1.mydomain.com
Address: 206.13.184.5
Looking at Event Viewer, there are no obvious errors found. All we
can really tell is when a request by the client is being made, all our
DCs seem to replying based on our WireShark findings. Although SRV3,
SRV4, SRV5 are on different subnets and associated with different
sites they seem to be answering request. And since they are not NATes
as SRV1 and SRV2, I believe that is causing the failure on the client
portion.
Is there a way to specify what DCs answer request for when a machine
is added to the domain?
.
- Follow-Ups:
- Re: adding machine to domain with NATed IPs
- From: BlueIT
- Re: adding machine to domain with NATed IPs
- References:
- adding machine to domain with NATed IPs
- From: BlueIT
- Re: adding machine to domain with NATed IPs
- From: Jorge Silva
- Re: adding machine to domain with NATed IPs
- From: BlueIT
- adding machine to domain with NATed IPs
- Prev by Date: backing up 2008 DC
- Next by Date: Re: incorrect Src Root Domain Srv entry in registry
- Previous by thread: Re: adding machine to domain with NATed IPs
- Next by thread: Re: adding machine to domain with NATed IPs
- Index(es):
Relevant Pages
|
