Can't join domain using Cisco AnyConnect VPN

Posted on 2010-08-19
Medium Priority
Last Modified: 2012-05-10
I got a cisco ASA5505 that uses anyconnect to create a vpn. I'm trying to get a remote laptop to join the domain. I have configured the vpn to start before login, so the computer boots up, the user hits ctrl+alt+del and the cisco vpn box comes up and asks them for the vpn credentials. They enter the credentials then it takes them to the normal login screen, where they are logging on to the local machine at the moment. I try to join the join the laptop to the domain by clccking on computer name on the laptop and clicking on change then entering the domain name. Then I get this error:
A domain controller for the domain *name* could not be contacted. Ensure that the domain name is typed correctly. If the domain name is correct click details for troubleshooting information. So I click details and get this:

The domain name *name* might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain nrsc:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.*name*

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

. (the root zone)

For information about correcting this problem, click Help.

I think the problem may be with the cisco router. Because when I connect to the vpn I get a valid ip address for the network I  am trying to connect to, but I can't ping the router itself or any computers by name, I can ping them by ip address though (except the router I can't ping that at all). Any suggestions?
Question by:FreeRangers
  • 5

Accepted Solution

workga earned 2000 total points
ID: 33477502
As far as I can see, your DNS does not get passed down to the vpn connection.  You might have to open the appropriate port for DNS on the router and make sure your dns settings are getting passed down to the computer.  You can try to add dns server ip to you vpn connection on the laptop to see if you can add the laptop to the domain.  IF that is successful you have to modify your router config to include that dns server.

Author Comment

ID: 33477789
Now I can't ping anything. which means I can't remote access the router, or any other machine on the domain. I can't really go to the physical location of the router as it is several hours away and in an un maned office right now. I s there a way I can fix it remotely?
LVL 10

Expert Comment

by:Casey Herman
ID: 33477878
Were you able to ping before? Cisco generally kills all ICMP traffic to help prevent DoS attacks.

Try setting the DNS on the network interface of the client to the IP of your domain controller as the primary and the local internet or what have you as the secondary. This may get you past joining the domain. You should probably also statically assign the WINS server.
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.


Author Comment

ID: 33477904
I could ping other computers on the domain by ip address, but not by name, and could ping the router at all. Now I can't ping any computer on the domain (by IP address or name)

Author Comment

ID: 33477964
I can't even ping google, but I can get internet. Setting the dns on the client didn't do anything.

Author Comment

ID: 33478130
I can ping google now (just restarted the laptop) but still can't ping any domain computers, meaning can't get to the cisco router to fix whatever I broke.

Author Comment

ID: 33480313
Is there any way to remotely fix the router? I was able to access it earlier, but then I (thought) I opened up the dns port as that may have solved my initial problem, but now I can't get access to any network computer.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question