Joining a server to AD over a VPN site to site link

Hello,
I am tying to connect a server to make it a member of Active Directory.  However, it give me a message "The Network Path Cannot be Found". Everything seems fine until I enter the Username and Passord to join  the server to the domain.  I've try a wrong credential to make sure the issue is not the credentials, it still did not work giving the same message - so it not a credential issue.  The main server is in LA and the remote office is in DC.  It is connected using a site to site VPN. I am using eSoft router which host the VPN. All ports are open between the sites.  LA is the site that have the AD server.  I've try all combination of network card settings, but still no luck.  I am aproaching a deadline so I will really apprecaite if someome can assist me with this ASAP.  Much Thanks, Kris
gangoo_nilcAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wolfcamelCommented:
set the DNS of the new server to the IP of the first server - not the router or your ISP.
0
gangoo_nilcAuthor Commented:
It that way already, not working
0
gangoo_nilcAuthor Commented:
we have tried all different combination of network configurations but still not luck - thanks
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

elawadCommented:
some questions please:

what is the DNS server you are using at the site your trying to join the server from? and if is it an active directory integrated server or not ? and if you do an nslookup of the server does it reply  with the correct ip address, also if you ping -a the ip of the server does it return with the correct name of your DNS server? Do you have other PCs at this site which are joined to the domain? if yes compare their tcp\ip attributes with the server your trying to join to the domain.
0
arnoldCommented:
run the following command on the server you want to join into the AD.
This will confirm whether the DNS is the issue:
nslookup -q=SRV _kpasswd._udp.<AD_DOMAIN_NAME_GOES_HERE>.
nslookup -q=NS _msdcs.<AD_DOMAIN_NAME_GOES_HERE>.
nslookup -q=SRV _gc._tcp.Default-First-Site._sites.<AD_DOMAIN_NAME_GOES_HERE>.

Similar queries exists for the _LDAP and other requests.

Are you able to access resources on the other side of the VPN.  Are there systems at this location that are accessing the AD?  Trying to see whether the VPN is limited/restricted such that it is blocking the requests to windows ports 445/139 etc.
0
gangoo_nilcAuthor Commented:
I cannot get to the server right now, tomorrow I will have someone log on see what is the problem, when I able to get on will write comments if/not the suggestion worked.

Arnold Qs: Yes able to access resources on the VPN.  No, this is the first system, I tried other but same problem. All port are open, but will ckeck.

Elaward Qs: The DNS server is the AD server located at HQ. Not sure if it is intergrated or not it the defauld sbs setup. NSlookup works (will check tomorrow to make sure).  No this is the first host, but I tried few other computers to connect but same problem.  

thank you
0
gangoo_nilcAuthor Commented:
Arnold,  when I tried the commands you give this is what I get:  

The server that i am running the commands are DC1, LA1 is the DC and the internal domail name is dname.local

dc1.dname.local cant find the _kpasswd.udp.la1:none existing domain

dc1.dname.local cant find the __msdcs.la1: none exixting domain

dc1.dname.local cant find the_gc.tcp.Defoult-First-Site._site.la1:non-exixtent domain

Elawad

NSlookup and Ping -a works





0
arnoldCommented:
You should be looking for
_kpasswd.udp.dname.local
AD domain name is not the same as the DC that serves up the domain.
0
gangoo_nilcAuthor Commented:
LA1 is the server name fqdn name is la1.dname.local.  So the name of the domain itself is dname.local.
Not too sure about what you saying, can you please explain again/thanks
0
gangoo_nilcAuthor Commented:
LA1 is the server name fqdn name is la1.dname.local.  So the name of the domain itself is dname.local.
Not too sure about what you saying, can you please explain again/thanks
0
arnoldCommented:
nslookup -q=srv _kpasswd.udp.dname.local
nslookup -q=ns __msdcs.dname.local
etc.

I.e. you used the example of records to look up and replaced the <AD_DOMAIN_NAME_GOES_HERE> with the DC's server name versus dname.local.
0
gangoo_nilcAuthor Commented:
The first 2 worked last command came back with error - nslookup -q=SRV _gc._tcp.Default-First-Site._sites.<AD_DOMAIN_NAME_GOES_HERE>.
Error:
dame.local can't find _gc._tcp.Default-First-Site._sites.dname.local:Non-existent domain
 
0
arnoldCommented:
sorry, type should be nslookup gc._msdcs.dname.local should return A records for All GC servers in the domain.
nslookup -q=srv _ldap._tcp.Default-First-Site._sites.gc._msdcs.dname.local

Actually, this confirms that your system can get the DNS records needed to join the domain. The problem I suspect is the restriction within the VPN that is preventing access to the DCs' to actually complete the transaction.
Get wireshark (formerly Ethereal a network monitoring utility) wireshark.net and setup on the system you want to join into the domain.
Go through the joining the domain process while wireshark is running monitoring/capturing network traffic.  See whether you see responses from the remote DC's.
try connecting to the remote DC using telnet REMOTE_DC_IP 445.
0
arnoldCommented:
Another thought, make sure the time/timezone on this system is correct?

I.e. accounting for the timezone difference, the time must be within a few minutes of each other.
i.e. your LA office can have 8am PDT plus or minus a few minutes while your DC office has 11am EDT plus or minus a few minutes.

Use http://www.pool.ntp.org/en/ to get the DCs to synchronize to an external source while getting this workstation synchronized to the same external source and see if this resolves the problem if the VPN/firewall is not the culprit preventing access to the DCs.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gangoo_nilcAuthor Commented:
Thanks Arnold, that solved the problem.  It was the VPN link being block by the intrusion protection. I added the IP range of the the remote site as a "protected site" and that solved it.  The Intrusion blocks certain  DNS requests as in this case.  I called the router company a few months ago and they told me that everything looks okay with the configuration but this time they pinpointed what was blocking this port.  Not able to telnet 445 was the key to them helping me with this. I Appreciated it
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.