Re: adding machine to domain with NATed IPs
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Mon, 16 Feb 2009 20:18:04 -0000
The command that you posted is different from the command that I posted. Do not remove the variable
%computername%
is PasswordD: and not Password
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"BlueIT" <bijal.shah@xxxxxxxxxx> wrote in message news:a097132b-5e4f-4383-9112-56ee86cdb2f0@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Feb 12, 3:39 pm, "Jorge Silva" <jorgesilva...@xxxxxxxxxxx> wrote:
-What error did you get?
-Did you choose a DC that ISN'T using those NAT address?
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights."BlueIT" <bijal.s...@xxxxxxxxxx> wrote in message
news:e12407da-d541-4e61-be0a-2b50b811d118@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Feb 11, 12:25 pm, "Jorge Silva" <jorgesilva...@xxxxxxxxxxx> wrote:
> Yes, do the following from cmd (install support tools first, can > download
> from MS web site):
> Netdom Join %computername% /Domain:mydomain.local\DCName
> /UserD:Mydomain\Administrator /PasswordD:*
> Let me know the results :)
> --
> I hope that the information above helps you.
> Have a Nice day.
> Jorge Silva
> MCSE, MVP Directory Services
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights."BlueIT" <bijal.s...@xxxxxxxxxx> wrote in message
>news:2dbbe660-3c66-49f8-ba5f-003f8062a28c@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> On Feb 10, 5:38 pm, "Jorge Silva" <jorgesilva...@xxxxxxxxxxx> wrote:
> > Hi
> > Hum... Time out errors, sounds that the DCs are not reaching the > > clients
> > or
> > vice versa? Any errors on the logs for the NAT devices? Any FW
> > configured
> > between them? Can you ping back the clients and servers? Can you ping
> > the
> > domain by its FQDN? can the servers pint the clients by IP and Name?
> > Since
> > that the clients are simulated within the same subnet, will the
> > broadcast
> > request pass the NAT device?
> > --
> > I hope that the information above helps you.
> > Have a Nice day.
> > Jorge Silva
> > MCSE, MVP Directory Services
> > Please no e-mails, any questions should be posted in the NewsGroup
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights."BlueIT" <bijal.s...@xxxxxxxxxx> wrote in message
> >news:0160003b-2f78-4aab-8c39-4d48ee0aab49@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > > Within the domain, there are five DCs for three sites. Subnets are
> > > specified within AD Site and Services accordingly. No forest within
> > > the domain.
> > > We have four remote machines that need to added to the domain. Due > > > to
> > > the cost/maintenance we went to a 3rd party hosted solution for
> > > connectivity between the main site and remote. The third party is
> > > NATing a list of given IPs we provided for within the same subnet
> > > (172.31.244.x). Clients will communicate based on the NATed IPs,
> > > clients will be accessible by actual IP.
> > > The NATed IPs for the DC/DNS on the 172.31.244.x subnet:
> > > SRV1 206.13.184.4
> > > SRV2 206.13.184.5
> > > On the remote clients, we specified these IPs as DNS server within
> > > TCP/
> > > IP properties and the remote subnet within Sites and Services. When
> > > attemping to add the machines to the domain, we get this initial
> > > error:
> > > Note: This information is intended for a network administrator. If
> > > you are not your network's administrator, notify the administrator
> > > that you received this information, which has been recorded in the
> > > file C:\WINDOWS\debug\dcdiag.txt.
> > > The following error occurred when DNS was queried for the service
> > > location (SRV) resource record used to locate a domain controller > > > for
> > > domain bluecapital.local:
> > > The error was: "This operation returned because the timeout period
> > > expired."
> > > (error code 0x000005B4 ERROR_TIMEOUT)
> > > The query was for the SRV record for
> > > _ldap._tcp.dc._msdcs.bluecapital.local
> > > The DNS servers used by this computer for name resolution are not
> > > responding. This computer is configured to use DNS servers with the
> > > following IP addresses:
> > > 206.13.184.4
> > > 206.13.184.5
> > > Verify that this computer is connected to the network, that these > > > are
> > > the correct DNS server IP addresses, and that at least one of the > > > DNS
> > > servers is running.
> > > For more information on how to correct this problem, click Help.
> > > In an effort to determine the issue, we ran a WireShark on the PDC
> > > emulator and believe that all five DCs were responding back to the
> > > request. And since all five DCs are not NATed, the client was > > > failing
> > > to join the domain. WireShark output below:
> > > Queries
> > > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN
> > > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > > Type: SRV (Service location)
> > > Class: IN (0x0001)
> > > Answers
> > > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> > > weight 100, port 389, target srv5.mydomain.local
> > > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > > Type: SRV (Service location)
> > > Class: IN (0x0001)
> > > Time to live: 10 minutes
> > > Data length: 33
> > > Priority: 0
> > > Weight: 100
> > > Port: 389
> > > Target: srv5.mydomain.local
> > > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> > > weight 100, port 389, target srv3.mydomain.local
> > > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > > Type: SRV (Service location)
> > > Class: IN (0x0001)
> > > Time to live: 10 minutes
> > > Data length: 33
> > > Priority: 0
> > > Weight: 100
> > > Port: 389
> > > Target: srv3.mydomain.local
> > > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> > > weight 100, port 389, target srv4.mydomain.local
> > > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > > Type: SRV (Service location)
> > > Class: IN (0x0001)
> > > Time to live: 10 minutes
> > > Data length: 33
> > > Priority: 0
> > > Weight: 100
> > > Port: 389
> > > Target: srv4.mydomain.local
> > > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> > > weight 100, port 389, target srv1.mydomain.local
> > > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > > Type: SRV (Service location)
> > > Class: IN (0x0001)
> > > Time to live: 10 minutes
> > > Data length: 33
> > > Priority: 0
> > > Weight: 100
> > > Port: 389
> > > Target: srv1.mydomain.local
> > > _ldap._tcp.dc._msdcs.mydomain.local: type SRV, class IN, priority 0,
> > > weight 100, port 389, target srv2.mydomain.local
> > > Name: _ldap._tcp.dc._msdcs.mydomain.local
> > > Type: SRV (Service location)
> > > Class: IN (0x0001)
> > > Time to live: 10 minutes
> > > Data length: 33
> > > Priority: 0
> > > Weight: 100
> > > Port: 389
> > > Target: srv2.mydomain.local
> > > My first attempt was changing the priority for each of the > > > _ldap(SRV)
> > > within DNS and failed. Second attempt was to changed the client > > > local
> > > LMHOST file and failed. My searches are leading to a dead end. We
> > > basically want only the two NATed DCs to respond back if that is the
> > > problem.
> > > Thanks in advance- Hide quoted text -
> > - Show quoted text -
> I failed to mentioned that PING is being blocked by the 3rd party
> hosted solution for connectivity. I am able to telnet to open ports
> on the remote DCs. I enter the NATed IP of the two DCs within the
> client TCP/IP properities. The machines do register within DNS
> (forward and reverse) as well and when I do a nslookup, one of the two
> NATed servers displays as a result with the NATed IP:
> c:\>nslookup
> Default Server: srv1.mydomain.com
> Address: 206.13.184.5
> Looking at Event Viewer, there are no obvious errors found. All we
> can really tell is when a request by the client is being made, all our
> DCs seem to replying based on our WireShark findings. Although SRV3,
> SRV4, SRV5 are on different subnets and associated with different
> sites they seem to be answering request. And since they are not NATes
> as SRV1 and SRV2, I believe that is causing the failure on the client
> portion.
> Is there a way to specify what DCs answer request for when a machine
> is added to the domain?- Hide quoted text -
> - Show quoted text -
I attempted NETDOM, but it failed. Viewing the result with WireShark
state the same. All DCs are anwsering the query for
_ldap._tcp.dc._msdcs.mydomain.com
net join clienthostname /domain:mydomain.com\srv1 /userd:mydomain.com
\administrator /password:password.- Hide quoted text -
- Show quoted text -
Error:
The command failed to complete successfully.
I get the results when specifying both NATed DCs.
.
- References:
- adding machine to domain with NATed IPs
- From: BlueIT
- Re: adding machine to domain with NATed IPs
- From: Jorge Silva
- Re: adding machine to domain with NATed IPs
- From: BlueIT
- Re: adding machine to domain with NATed IPs
- From: Jorge Silva
- Re: adding machine to domain with NATed IPs
- From: BlueIT
- Re: adding machine to domain with NATed IPs
- From: Jorge Silva
- Re: adding machine to domain with NATed IPs
- From: BlueIT
- adding machine to domain with NATed IPs
- Prev by Date: Re: Dead AD Domain Controller - please help!
- Next by Date: Re: Newbie domain question
- Previous by thread: Re: adding machine to domain with NATed IPs
- Next by thread: Re: Adding a truted site through GPO
- Index(es):
Relevant Pages
|
