Solved

Can't Resolve/Join Domain From Rermote Subnet

Posted on 2013-12-16
2
439 Views
Last Modified: 2014-07-22
Hello,
Have segment 101 which has DC's and DNS. Have Segment 102 which has clients.
DNS cannot resolve domain requests from segment 102. Able to ping DC's and DNS. Does subnet have to be created in Site and Services or any DNS zones to be created?
Thanks
0
Comment
Question by:broccolini
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39721554
If you have a physical Site that is using DNS and DC authentication from a Hub site then it is recommened that you add this subnet to a Logical Site in Active Directroy Sites and Services. This does not however correct the issue you are encountering.

Sites are services are for managing Replication among domain controllers in your environment and also managing Sites and where they authenticate to. If Sites and Services are not implemeneted for a specific Site, the site will/should continue to function normanlly but users in the site will authenticate to any DC that is available or that they can contact directly. So it could contact a DC that is geographically far away which can create slow logon's, this is why it is recommended to setup subnets in sites and services.

As for your DNS / Authenication issue it appears to me that it might be firewall related. Make sure that you are not blocking port 53 DNS and 88 Kerberos.

Will.
0
 

Author Closing Comment

by:broccolini
ID: 40212263
Although was a valid solution, figured it out that the routes were not correct. Client could reach dc but not other way around. Added static route to DC and problem solved.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question