Re: adding machine to domain with NATed IPs

---

• From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
• Date: Thu, 12 Feb 2009 21:39:53 -0000

---

-What error did you get?
-Did you choose a DC that ISN'T using those NAT address?

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"BlueIT" <bijal.shah@xxxxxxxxxx> wrote in message news:e12407da-d541-4e61-be0a-2b50b811d118@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Feb 11, 12:25 pm, "Jorge Silva" <jorgesilva...@xxxxxxxxxxx> wrote:

Yes, do the following from cmd (install support tools first, can download
from MS web site):

Netdom Join %computername% /Domain:mydomain.local\DCName
/UserD:Mydomain\Administrator /PasswordD:*

Let me know the results :)
--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights."BlueIT" <bijal.s...@xxxxxxxxxx> wrote in message

news:2dbbe660-3c66-49f8-ba5f-003f8062a28c@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Feb 10, 5:38 pm, "Jorge Silva" <jorgesilva...@xxxxxxxxxxx> wrote:





> Hi
> Hum... Time out errors, sounds that the DCs are not reaching the clients
> or
> vice versa? Any errors on the logs for the NAT devices? Any FW > configured
> between them? Can you ping back the clients and servers? Can you ping > the
> domain by its FQDN? can the servers pint the clients by IP and Name? > Since
> that the clients are simulated within the same subnet, will the > broadcast
> request pass the NAT device?

> --
> I hope that the information above helps you.
> Have a Nice day.

> Jorge Silva
> MCSE, MVP Directory Services

> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights."BlueIT" <bijal.s...@xxxxxxxxxx> wrote in message

>news:0160003b-2f78-4aab-8c39-4d48ee0aab49@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

> > Within the domain, there are five DCs for three sites. Subnets are
> > specified within AD Site and Services accordingly. No forest within
> > the domain.

> > We have four remote machines that need to added to the domain. Due to
> > the cost/maintenance we went to a 3rd party hosted solution for
> > connectivity between the main site and remote. The third party is
> > NATing a list of given IPs we provided for within the same subnet
> > (172.31.244.x). Clients will communicate based on the NATed IPs,
> > clients will be accessible by actual IP.

> > The NATed IPs for the DC/DNS on the 172.31.244.x subnet:

> > SRV1 206.13.184.4
> > SRV2 206.13.184.5

> > On the remote clients, we specified these IPs as DNS server within > > TCP/
> > IP properties and the remote subnet within Sites and Services. When
> > attemping to add the machines to the domain, we get this initial
> > error:

> > Note: This information is intended for a network administrator. If
> > you are not your network's administrator, notify the administrator
> > that you received this information, which has been recorded in the
> > file C:\WINDOWS\debug\dcdiag.txt.

> > The following error occurred when DNS was queried for the service
> > location (SRV) resource record used to locate a domain controller for
> > domain bluecapital.local:

> > The error was: "This operation returned because the timeout period
> > expired."
> > (error code 0x000005B4 ERROR_TIMEOUT)

> > The query was for the SRV record for
> > _ldap._tcp.dc._msdcs.bluecapital.local

> > The DNS servers used by this computer for name resolution are not
> > responding. This computer is configured to use DNS servers with the
> > following IP addresses:

> > 206.13.184.4
> > 206.13.184.5

> > Verify that this computer is connected to the network, that these are
> > the correct DNS server IP addresses, and that at least one of the DNS
> > servers is running.

> > For more information on how to correct this problem, click Help.

> > In an effort to determine the issue, we ran a WireShark on the PDC
> > emulator and believe that all five DCs were responding back to the
> > request. And since all five DCs are not NATed, the client was failing
> > to join the domain. WireShark output below:

> > Queries
> > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN
> > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > Type: SRV (Service location)
> > Class: IN (0x0001)

> > Answers
> > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> > weight 100, port 389, target srv5.mydomain.local
> > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > Type: SRV (Service location)
> > Class: IN (0x0001)
> > Time to live: 10 minutes
> > Data length: 33
> > Priority: 0
> > Weight: 100
> > Port: 389
> > Target: srv5.mydomain.local
> > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> > weight 100, port 389, target srv3.mydomain.local
> > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > Type: SRV (Service location)
> > Class: IN (0x0001)
> > Time to live: 10 minutes
> > Data length: 33
> > Priority: 0
> > Weight: 100
> > Port: 389
> > Target: srv3.mydomain.local
> > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> > weight 100, port 389, target srv4.mydomain.local
> > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > Type: SRV (Service location)
> > Class: IN (0x0001)
> > Time to live: 10 minutes
> > Data length: 33
> > Priority: 0
> > Weight: 100
> > Port: 389
> > Target: srv4.mydomain.local
> > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> > weight 100, port 389, target srv1.mydomain.local
> > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > Type: SRV (Service location)
> > Class: IN (0x0001)
> > Time to live: 10 minutes
> > Data length: 33
> > Priority: 0
> > Weight: 100
> > Port: 389
> > Target: srv1.mydomain.local
> > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> > weight 100, port 389, target srv2.mydomain.local
> > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > Type: SRV (Service location)
> > Class: IN (0x0001)
> > Time to live: 10 minutes
> > Data length: 33
> > Priority: 0
> > Weight: 100
> > Port: 389
> > Target: srv2.mydomain.local

> > My first attempt was changing the priority for each of the _ldap(SRV)
> > within DNS and failed. Second attempt was to changed the client local
> > LMHOST file and failed. My searches are leading to a dead end. We
> > basically want only the two NATed DCs to respond back if that is the
> > problem.

> > Thanks in advance- Hide quoted text -

> - Show quoted text -

I failed to mentioned that PING is being blocked by the 3rd party
hosted solution for connectivity. I am able to telnet to open ports
on the remote DCs. I enter the NATed IP of the two DCs within the
client TCP/IP properities. The machines do register within DNS
(forward and reverse) as well and when I do a nslookup, one of the two
NATed servers displays as a result with the NATed IP:

c:\>nslookup
Default Server: srv1.mydomain.com
Address: 206.13.184.5

Looking at Event Viewer, there are no obvious errors found. All we
can really tell is when a request by the client is being made, all our
DCs seem to replying based on our WireShark findings. Although SRV3,
SRV4, SRV5 are on different subnets and associated with different
sites they seem to be answering request. And since they are not NATes
as SRV1 and SRV2, I believe that is causing the failure on the client
portion.

Is there a way to specify what DCs answer request for when a machine
is added to the domain?- Hide quoted text -

- Show quoted text -

I attempted NETDOM, but it failed. Viewing the result with WireShark
state the same. All DCs are anwsering the query for
_ldap._tcp.dc._msdcs.mydomain.com

net join clienthostname /domain:mydomain.com\srv1 /userd:mydomain.com
\administrator /password:password.

.

---

• Follow-Ups:
  • Re: adding machine to domain with NATed IPs
    • From: BlueIT

• References:
  • adding machine to domain with NATed IPs
    • From: BlueIT
  • Re: adding machine to domain with NATed IPs
    • From: Jorge Silva
  • Re: adding machine to domain with NATed IPs
    • From: BlueIT
  • Re: adding machine to domain with NATed IPs
    • From: Jorge Silva
  • Re: adding machine to domain with NATed IPs
    • From: BlueIT

• Prev by Date: Re: DC Upgrade
• Next by Date: Re: GPO when no domain controller available
• Previous by thread: Re: adding machine to domain with NATed IPs
• Next by thread: Re: adding machine to domain with NATed IPs
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Help with setting up Sites. ... Site A - respresenting physical site B ... servers is increasing by the day. ... Do you have any DCs at SiteB? ... clients servers in the relevant sites to authenticate against them. ... (microsoft.public.windows.server.active_directory) Re: adding machine to domain with NATed IPs ... sounds that the DCs are not reaching the>> clients ... can the servers pint the clients by IP and Name? ... we specified these IPs as DNS server within ... (microsoft.public.windows.server.active_directory) Re: adding machine to domain with NATed IPs ... Can you ping back the clients and servers? ... can the servers pint the clients by IP and Name? ... there are five DCs for three sites. ... > Type: SRV (Service location) ... (microsoft.public.windows.server.active_directory) Re: Permissions ... Required: Dynamic DNS, ... servers AND clients configured to use ... > servers available to service the logon request. ... >>any of the DCs within the forst, ... (microsoft.public.win2000.security) Re: adding machine to domain with NATed IPs ... sounds that the DCs are not reaching the clients ... Type: SRV (Service location) ... weight 100, port 389, target srv5.mydomain.local ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2009-02