Nukerys
asked on
Join domain over vpn, what firewall ports should be opened?
I have remote office location which i need to join to our main domain. I accually joined pc to the domain, but when i try to login to that domain it says that "The system cannot log you in because domain "mydomain" not available. On my firewall i allowed these ports:
AD replication, DNS, File replication service, Global Catalog LDAP, Kerberos (tcp/udp), LDAP(tcp/udp), NTP. And i still cannot login with the AD account. What am i missing here?
AD replication, DNS, File replication service, Global Catalog LDAP, Kerberos (tcp/udp), LDAP(tcp/udp), NTP. And i still cannot login with the AD account. What am i missing here?
To answer your question:
The netlogon service requires RPC. RPC runs on port 135.
It also requires Netbios/Wins port 137.
NetBIOS Datagram Service
UDP
138
NetBIOS Name Resolution
UDP
137
NetBIOS Session Service
TCP
139
SMB
TCP
445
The netlogon service requires RPC. RPC runs on port 135.
It also requires Netbios/Wins port 137.
NetBIOS Datagram Service
UDP
138
NetBIOS Name Resolution
UDP
137
NetBIOS Session Service
TCP
139
SMB
TCP
445
ASKER
still no luck. i added these ports mentioned, but can't login. I can access domain controller shared directory with domain user/password but cannot login with that account
Ok, so it's not a Netlogon problem.
My guess is the browser service.
Netbios ports 137 and UDP ports 138 and 139.
To go across a VPN, the browser service needs WINS. Netbios broadcasts will not go through a VPN or across NAT.
This article explains the Browser service and you will have to use what I call the WINS/WAN configuration of the Browser service.
http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/chptr3.mspx?mfr=true
NOTE: Don't let the fact that this article is a NT4 article scare you. There is only one small change. NT4 uses the "IsDomainMasterBrowser" registry key while 2003 shortened that up to "IsDomainMaster".
My guess is the browser service.
Netbios ports 137 and UDP ports 138 and 139.
To go across a VPN, the browser service needs WINS. Netbios broadcasts will not go through a VPN or across NAT.
This article explains the Browser service and you will have to use what I call the WINS/WAN configuration of the Browser service.
http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/chptr3.mspx?mfr=true
NOTE: Don't let the fact that this article is a NT4 article scare you. There is only one small change. NT4 uses the "IsDomainMasterBrowser" registry key while 2003 shortened that up to "IsDomainMaster".
Oops, you are stuck at a logon prompt. That's not the master browser service. You will have problems with the master browser service after logging in. So, keep the above handy.
This may be a DNS records problem. Follow the procedures on the below link:
https://www.experts-exchange.com/questions/23356031/There-are-currently-no-logon-servers-available-to-service-the-logon-request.html
This may be a DNS records problem. Follow the procedures on the below link:
https://www.experts-exchange.com/questions/23356031/There-are-currently-no-logon-servers-available-to-service-the-logon-request.html
ASKER
Yes it is dns problem. I forgot to set dns from main dns controller, it was set to local dns :) And question is why is everything working normally, without problems you described earlier?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You know what:
It may have looked like a DNS error, but I really think it was a Netlogon error. I am thinking it is a netlogon error. Monitor this post and you will be able to see what was your problem. I think it took the restart of the NETLOGON service to send out the netbios broadcast saying, "I am here and I am the domain master" .
Nevertheless, it is a good thing to get your DNS records straight with the server.
https://www.experts-exchange.com/questions/23486675/How-to-connect-to-domain-in-same.html
It may have looked like a DNS error, but I really think it was a Netlogon error. I am thinking it is a netlogon error. Monitor this post and you will be able to see what was your problem. I think it took the restart of the NETLOGON service to send out the netbios broadcast saying, "I am here and I am the domain master" .
Nevertheless, it is a good thing to get your DNS records straight with the server.
https://www.experts-exchange.com/questions/23486675/How-to-connect-to-domain-in-same.html
ASKER
Thanks for your answers, i will investigate this and hopefully will find the problem :)
For now, you are up and running right?
ASKER
Yes for now everything is working. So i can close this post? I don't know how things get done here.
There are two buttons under each question. One will say assign multiple solutions, the other will say something like accept this as a solution.
Awarding multiple solutions allows you to split points between experts that helped you or to say that these two or more solutions provided you with the answers you needed.
Accepting one solution defines that as the one answer that helped you and will assign all points to that posting.
Awarding multiple solutions allows you to split points between experts that helped you or to say that these two or more solutions provided you with the answers you needed.
Accepting one solution defines that as the one answer that helped you and will assign all points to that posting.
http://www.microsoft.com/smallbusiness/support/articles/ref_net_ports_ms_prod.mspx