We help IT Professionals succeed at work.

How do I configure SonicWall TZ 180 Firewall to allow domain access

5,049 Views
Last Modified: 2010-04-21
I bought a SonicWall Firewall TZ 180 and everything seems to be working fine...internet access, firewall config portal etc ...except when I try to join computers to the domain.  I'm getting the Mgs " The following error occured attempting to join the domain ADS. The network path  was not found"  I can ping the domain by name ( Netbios) and by the IP address from anywhere in the LAN, but I can't join any computer to the domain.  All the necessary ports on the firewall are open..  
Netbios 136 tcp/udp, 138 udp, 139 tcp
DNS 42, 53 tcp/udp
LDAP 389 tcp
LDAPS 636 tcp
Kerberos 88, 464, 749, 750 tcp/udp
microsoft-DS 445 tcp/udp
Wins 1512 tcp/udp
But, I can't find the solution.  Any suggestions\ideas will greatly help.  post a question if need be.
P/S:  Network enviroment is AD 2003.
Comment
Watch Question

Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
timnjohnsonInformation Security Engineer

Author

Commented:

Here is my network physical connection:
>Using the standard network cable I'm connecting
>the WAN port of the Sonicwall to my> cable/DSL>
and the connecting to
>Lynksys 8-port HUB/switch to the LAN. A solid Link/ACT  light indicating  a connection is present between two devices.
Question:
- Do you have DNS sever set up on SonicWall? Yes
- DHCP server set up?  Not on  SonicWALL  but AD acting as a local DNS and DHCP SERVER.
- Did you check the firewall log to see there is error?
The logs seem normal-no errors.. only network traffic..here are the logs files..........
 2007/12/07 16:31:24.716 Administrator login allowed 192.168.168.65, 0, LAN, AIRFORCEONE (sysadmin) 192.168.168.168, 80, LAN sysadmin, TCP Web (HTTP)  
2 2007/12/07 16:31:10.733 Web management request allowed 192.168.168.65, 2007, LAN, AIRFORCEONE 192.168.168.168, 80, LAN TCP Web (HTTP)  
3 2007/12/07 16:30:41.000 IP spoof dropped 75.48.48.235, 138, LAN 75.148.31.255, 138, OPT MAC address: 00:b0:d0:e1:43:a2  
4 2007/12/07 16:25:52.866 Smurf Amplification attack dropped 217.171.129.65, 8, WAN 75.148.28.224, 8, WAN    
5 2007/12/07 16:21:55.583 UDP packet from LAN dropped 192.168.168.62, 68, LAN, TIMJLAPTOP 255.255.255.255, 67, LAN UDP DHCP Server  
6 2007/12/07 16:21:52.450 IP spoof dropped 75.148.28.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
7 2007/12/07 16:20:42.400 IP spoof dropped 75.148.28.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
8 2007/12/07 16:17:34.433 IP spoof dropped 75.148.28.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
9 2007/12/07 16:15:41.166 IP spoof dropped 75.48.48.225, 138, LAN 75.148.31.255, 138, OPT MAC address: 00:b0:d0:e1:43:a2  
10 2007/12/07 16:14:07.450 UDP packet dropped 204.212.170.105, 2257, WAN 10.1.10.32, 2257, WAN UDP Port: 2257  
11 2007/12/07 16:09:47.866 IP spoof dropped 75.148.28.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
12 2007/12/07 16:08:37.816 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
13 2007/12/07 16:02:29.850 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
14 2007/12/07 16:00:41.066 IP spoof dropped 75.48.48.225, 138, LAN 75.148.31.255, 138, OPT MAC address: 00:b0:d0:e1:43:a2  
15 2007/12/07 15:57:43.300 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
16 2007/12/07 15:56:33.250 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
17 2007/12/07 15:47:25.250 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
18 2007/12/07 15:45:38.733 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
19 2007/12/07 15:44:28.666 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
20 2007/12/07 15:33:34.150 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
21 2007/12/07 15:32:20.666 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
22 2007/12/07 15:30:36.833 IP spoof dropped 75.48.48.225, 138, LAN 75.148.31.255, 138, OPT MAC address: 00:b0:d0:e1:43:a2  
23 2007/12/07 15:21:29.816 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
24 2007/12/07 15:20:19.766 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
25 2007/12/07 15:17:16.300 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
26 2007/12/07 15:15:36.983 IP spoof dropped 75.48.48.225, 138, LAN 75.148.31.255, 138, OPT MAC address: 00:b0:d0:e1:43:a2  
27 2007/12/07 15:09:25.233 IP spoof dropped 75.48.48.225 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
28 2007/12/07 15:08:15.183 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
29 2007/12/07 15:06:35.533 UDP packet from LAN dropped 192.168.168.62, 68, LAN, TIMJLAPTOP 255.255.255.255, 67, LAN UDP DHCP Server  
30 2007/12/07 15:02:11.716 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
31 2007/12/07 15:00:36.883 IP spoof dropped 75.48.48.225, 138, LAN 75.148.31.255, 138, OPT MAC address: 00:b0:d0:e1:43:a2  
32 2007/12/07 14:57:20.666 IP spoof dropped 75.48.48.225, 137, LAN 75.148.31.255, 137, OPT MAC address: 00:b0:d0:e1:43:a2  
Let me know what you think................
Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
timnjohnsonInformation Security Engineer

Author

Commented:


I go through same old My Computer Properties>Computer Name>Change >Click on the Radio button Domain......type in the name DOM ADS> admin account and password> Welcome to ADS DOMAIN and finally reboot done.
I have not read any Microsoft text recommending of maually creating a computer on the domain before adding to it.
One thing you mentioned was the DNS on the SonicWall is not a local DNS,  but it's a public dns provided by my ISP.  My local DNS is on my AD.   Could there be  a conflict between the local dns and the public dns ??  
Let me know what you think..
Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
timnjohnsonInformation Security Engineer

Author

Commented:


C:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : airforceOne
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect
ion
        Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.168.72
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.168.168
        DHCP Server . . . . . . . . . . . : 192.168.168.63
        DNS Servers . . . . . . . . . . . : 77.130
                                                      72.130
        Lease Obtained. . . . . . . . . . : Saturday, December 08, 2007 2:42:21
PM
        Lease Expires . . . . . . . . . . : Sunday, December 16, 2007 2:42:21 PM


C:\>
Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
timnjohnsonInformation Security Engineer

Author

Commented:

It was a very simple problem that I overlooked.  The File and print services on the DC was disabled.  After enabling the service the DC is accessible and joining the domain takes  seconds.
Thanks.  
timnjohnsonInformation Security Engineer

Author

Commented:

none
timnjohnsonInformation Security Engineer

Author

Commented:
none
timnjohnsonInformation Security Engineer

Author

Commented:
none
timnjohnsonInformation Security Engineer

Author

Commented:
none
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.