Thomas Jacoberger
asked on
Unable to Join Domain over VPN
I have cisco ASA's in 2 locations. I setup VPN access so they can talk to eachother. I am able to ping across both networks using IP and FQDN without issue.
When I try and join a PC to the domain on the remote network, I get the password box asking me to authenticate, I put in my credentials and hit ok.
After about 3 minutes I get this error.
Unable to joing specified domain, the network name is no longer available.
Any ideas?
When I try and join a PC to the domain on the remote network, I get the password box asking me to authenticate, I put in my credentials and hit ok.
After about 3 minutes I get this error.
Unable to joing specified domain, the network name is no longer available.
Any ideas?
ensure on the group policy on the asa for the vpn you have inherit dns checked. This should allow for named server access, which it sounds is missing.
If you do not have a netbios server listed in the tunnel group, this could be the problem as well.
When you type in your credentials, are you putting <domain>\<username>?
On the PC you're trying to add, open the command line and enter:
nslookup
set type=srv
<domain>
(make sure the results match your domain settings)
set type=ns
<domain>
(make sure the nameservers for your domain appear)
set type=a
<enter each one of the results for the ns query>
(make sure you can ping these guys)
On the PC you're trying to add, open the command line and enter:
nslookup
set type=srv
<domain>
(make sure the results match your domain settings)
set type=ns
<domain>
(make sure the nameservers for your domain appear)
set type=a
<enter each one of the results for the ns query>
(make sure you can ping these guys)
ASKER
I get the password box that prompts me to authenticate, and I use domain\username but I get the same error.
Do you think something is missing from the confiig?
Do you think something is missing from the confiig?
Please check the two things I named above using ASDM on the ASA.
ASKER
The remote ASA or the on where my domain controler is located?
The one where the domain controler is located that you are connecting to.
ASKER
I don t see where either of those are listed in ASDM on the DC. I checked remote access vpn and site to site vpn.
What type of vpn do you have setup? SSL, ipsec, etc.
ASKER
IPSEC
if you go to the configuration tab, click remote access vpn in the left pane. Under network client access, there is an option for group policies. Select the group policy that pertains to your vpn and click edit. On the left pane there is a server option. Ensure your dns server is listed.
ASKER
Yes I already had it listed by IP.
ASKER
Any other ideas?
DNS is already pointing correctly, when I ping the FQDN from the remote machine I get a reply back from the IP of my DC.
It just wont join.
DNS is already pointing correctly, when I ping the FQDN from the remote machine I get a reply back from the IP of my DC.
It just wont join.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Figured it out myself.