Joining a Domain over a VPN

I trying to ad users to a domain at a remote site over a VPN connection

error message
---------------------------------
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The domain name "domain" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "domain":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.domain

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

65.32.1.65
65.32.1.70
10.0.0.5

- One or more of the following zones do not include delegation to its child zone:

domain
. (the root zone)
----------------------------------------------------
Have no issues logging into the domain from main office
mfriederAsked:
Who is Participating?
 
mfriederConnect With a Mentor Author Commented:
I've requested that this question be deleted for the following reason:

A new question needs to be posted and the tech assigned to this hasn't responded in awhile.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The DNS server seems to be wrong - it needs to be one of those assigned to the domain. Do you have a domain at remote site? Or is the DNS set up to use a local DNS server, to allow Internet access?
0
 
mfriederAuthor Commented:
The DNS server is the domain server. There is no server at the remote site. Internet is working fine at both the home and remote site with just the server DNS.

My question is at the home location everything works fine, no issues logging into the domain. At the remote site it will not. Could there be an issue with the IP range at the remote site?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
At the remote office you are left to rely on the SRV entries in DNS, and the DNS server list you posted above:
   65.32.1.65
   65.32.1.70
   10.0.0.5
means that all requests go to a public IP (65.32.1.65) instead of the server (10.0.0.5), and that public DNS server cannot know of your domain servers.

If you are in the local subnet of the DC, there are alternative routes to get the DC info, and so DNS might not be that important.
0
 
mfriederAuthor Commented:
I think that the error message is misleading I know that the 10.0.0.5 is the first in the DNS entry and that I also manually configured to only use the 10.0.0.5 and it did not solve the issue.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Try the following command:
nslookup -type=SRV _ldap._tcp.dc._msdcs.«YourDomain».«DomainExtension» 10.0.0.5

Open in new window

Note that you have to provide the DNS name of the domain, not the NetBIOS name.
If that works, use the full domain name for joining.
0
 
mfriederAuthor Commented:
on what computer am I doing this, the server or the remote workstation?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
On the client you want to join. If it fails, you can do the same on the server.
0
 
mfriederAuthor Commented:
I ran the command
Screenshot
and try to join the domain and got this error
---------------------------------------
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "xxxxxxxxxxx.local":

The query was for the SRV record for _ldap._tcp.dc._msdcs.xxxxxxxxxxxxxx.local

The following domain controllers were identified by the query:
mm01.xxxxxxxxxxx.local
mmserver.xxxxxxxxxxx.local


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

-----------------------------------------------

it looks like that there is and old domain server that was not removed properly, Is this the root of my problem?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
No, if one DC does not answer, another one is tried. Try to ping both DCs as reported above. One of them should be reachable, but i don't think so, that will be the issue as last reported. You'll then have to find out why no DC replies.
0
 
mfriederAuthor Commented:
the tech in charge does not need this post anymore.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.