Solved

Joining a Domain over a VPN

Posted on 2013-12-16
12
553 Views
Last Modified: 2014-03-18
I trying to ad users to a domain at a remote site over a VPN connection

error message
---------------------------------
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The domain name "domain" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "domain":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.domain

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

65.32.1.65
65.32.1.70
10.0.0.5

- One or more of the following zones do not include delegation to its child zone:

domain
. (the root zone)
----------------------------------------------------
Have no issues logging into the domain from main office
0
Comment
Question by:mfrieder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 70

Expert Comment

by:Qlemo
ID: 39722877
The DNS server seems to be wrong - it needs to be one of those assigned to the domain. Do you have a domain at remote site? Or is the DNS set up to use a local DNS server, to allow Internet access?
0
 

Author Comment

by:mfrieder
ID: 39724134
The DNS server is the domain server. There is no server at the remote site. Internet is working fine at both the home and remote site with just the server DNS.

My question is at the home location everything works fine, no issues logging into the domain. At the remote site it will not. Could there be an issue with the IP range at the remote site?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39724152
At the remote office you are left to rely on the SRV entries in DNS, and the DNS server list you posted above:
   65.32.1.65
   65.32.1.70
   10.0.0.5
means that all requests go to a public IP (65.32.1.65) instead of the server (10.0.0.5), and that public DNS server cannot know of your domain servers.

If you are in the local subnet of the DC, there are alternative routes to get the DC info, and so DNS might not be that important.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:mfrieder
ID: 39724188
I think that the error message is misleading I know that the 10.0.0.5 is the first in the DNS entry and that I also manually configured to only use the 10.0.0.5 and it did not solve the issue.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39724242
Try the following command:
nslookup -type=SRV _ldap._tcp.dc._msdcs.«YourDomain».«DomainExtension» 10.0.0.5

Open in new window

Note that you have to provide the DNS name of the domain, not the NetBIOS name.
If that works, use the full domain name for joining.
0
 

Author Comment

by:mfrieder
ID: 39724274
on what computer am I doing this, the server or the remote workstation?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39724339
On the client you want to join. If it fails, you can do the same on the server.
0
 

Author Comment

by:mfrieder
ID: 39725140
I ran the command
Screenshot
and try to join the domain and got this error
---------------------------------------
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "xxxxxxxxxxx.local":

The query was for the SRV record for _ldap._tcp.dc._msdcs.xxxxxxxxxxxxxx.local

The following domain controllers were identified by the query:
mm01.xxxxxxxxxxx.local
mmserver.xxxxxxxxxxx.local


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

-----------------------------------------------

it looks like that there is and old domain server that was not removed properly, Is this the root of my problem?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39725284
No, if one DC does not answer, another one is tried. Try to ping both DCs as reported above. One of them should be reachable, but i don't think so, that will be the issue as last reported. You'll then have to find out why no DC replies.
0
 

Accepted Solution

by:
mfrieder earned 0 total points
ID: 39845017
I've requested that this question be deleted for the following reason:

A new question needs to be posted and the tech assigned to this hasn't responded in awhile.
0
 

Author Closing Comment

by:mfrieder
ID: 39936334
the tech in charge does not need this post anymore.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question