Solved

Joining a Domain over a VPN

Posted on 2013-12-16
12
533 Views
Last Modified: 2014-03-18
I trying to ad users to a domain at a remote site over a VPN connection

error message
---------------------------------
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The domain name "domain" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "domain":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.domain

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

65.32.1.65
65.32.1.70
10.0.0.5

- One or more of the following zones do not include delegation to its child zone:

domain
. (the root zone)
----------------------------------------------------
Have no issues logging into the domain from main office
0
Comment
Question by:mfrieder
  • 6
  • 5
12 Comments
 
LVL 69

Expert Comment

by:Qlemo
ID: 39722877
The DNS server seems to be wrong - it needs to be one of those assigned to the domain. Do you have a domain at remote site? Or is the DNS set up to use a local DNS server, to allow Internet access?
0
 

Author Comment

by:mfrieder
ID: 39724134
The DNS server is the domain server. There is no server at the remote site. Internet is working fine at both the home and remote site with just the server DNS.

My question is at the home location everything works fine, no issues logging into the domain. At the remote site it will not. Could there be an issue with the IP range at the remote site?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39724152
At the remote office you are left to rely on the SRV entries in DNS, and the DNS server list you posted above:
   65.32.1.65
   65.32.1.70
   10.0.0.5
means that all requests go to a public IP (65.32.1.65) instead of the server (10.0.0.5), and that public DNS server cannot know of your domain servers.

If you are in the local subnet of the DC, there are alternative routes to get the DC info, and so DNS might not be that important.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:mfrieder
ID: 39724188
I think that the error message is misleading I know that the 10.0.0.5 is the first in the DNS entry and that I also manually configured to only use the 10.0.0.5 and it did not solve the issue.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39724242
Try the following command:
nslookup -type=SRV _ldap._tcp.dc._msdcs.«YourDomain».«DomainExtension» 10.0.0.5

Open in new window

Note that you have to provide the DNS name of the domain, not the NetBIOS name.
If that works, use the full domain name for joining.
0
 

Author Comment

by:mfrieder
ID: 39724274
on what computer am I doing this, the server or the remote workstation?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39724339
On the client you want to join. If it fails, you can do the same on the server.
0
 

Author Comment

by:mfrieder
ID: 39725140
I ran the command
Screenshot
and try to join the domain and got this error
---------------------------------------
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "xxxxxxxxxxx.local":

The query was for the SRV record for _ldap._tcp.dc._msdcs.xxxxxxxxxxxxxx.local

The following domain controllers were identified by the query:
mm01.xxxxxxxxxxx.local
mmserver.xxxxxxxxxxx.local


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

-----------------------------------------------

it looks like that there is and old domain server that was not removed properly, Is this the root of my problem?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39725284
No, if one DC does not answer, another one is tried. Try to ping both DCs as reported above. One of them should be reachable, but i don't think so, that will be the issue as last reported. You'll then have to find out why no DC replies.
0
 

Accepted Solution

by:
mfrieder earned 0 total points
ID: 39845017
I've requested that this question be deleted for the following reason:

A new question needs to be posted and the tech assigned to this hasn't responded in awhile.
0
 

Author Closing Comment

by:mfrieder
ID: 39936334
the tech in charge does not need this post anymore.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question