Join a Virtual Machine to Domain in Microsoft Azure

Domain ControllerTerminal ServerIP Property in Win2008Domain JoinHi,
  I have set up two virtual machines in my Microsoft AZure account and I am trying to join W2008 VM to W2012 Domain Controller.

 Here is information with Windows 2012 Serve/DC:
   IPv4 Address. . . . . . . . . . . : 100.79.50.31
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 100.79.50.1
 Host Name . . . . . . . . . . . . : KN1
 Primary Dns Suffix  . . . . . . . : KN-Cloud.com
 Node Type . . . . . . . . . . . . : Peer-Peer
 IP Routing Enabled. . . . . . . . : No
 WINS Proxy Enabled. . . . . . . . : No
 DNS Suffix Search List. . . . . . : KN-Cloud.com

Here is information about Windows 2008 that I like to join the DC above.

 Ipconfig /all >
   Connection-specific DNS Suffix  . : KN3.j2.internal.cloudapp.net
   Link-local IPv6 Address . . . . . : fe80::1b:dfe7:40c2:f136%11
   IPv4 Address. . . . . . . . . . . : 100.79.164.104
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 100.79.164.1
     DHCP Server . . . . . . . . . . . : 10.102.215.82
   DNS Servers . . . . . . . . . . . : 100.79.50.31

  I have already entered IP address (100.79.50.31 ) of DC/W2012 in the TCP/IP properties of Windows 2008 Server (please see the screenshot). When I tried to join the domain, I get an error "An Active directory Domain Controller for the domain "kn-cloud.com" could not be contacted. I entered kn-cloud.com in the Domain field on Domain Change screen (please see the screenshot)

Can you help?
LVL 1
sgleeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Based on your IPconfig and subnet masks, it looks like you have not put both machines on the same azure network. You need to do this in the azure portal. Otherwise the two machines are completely logically separate.
0
sgleeAuthor Commented:
I logged into my Azure account and simply spun up 2nd VM.
How should I have done it differently?
0
Cliff GaliherCommented:
Each VM in azure is isolated. After all, do you want just anyone to be axle to access your VM? Think of how many customers and how many VMs run in just one datacenter. It'd be insane if every VM could see every other VM for any customer.

It isn't that you have to do something differently, it is that you have to do more. Think of it just like an on-premises network. Can you simply buy two servers and plug them into a wall outlet, install the OS, and have them domain joined? No. You have to buy (at the very least) a switch and some network cables.

Azure is no different. If you want your machines networked, you have to *create* that network. In the azure portal, there is an option on the left for creating and configuring networks.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

sgleeAuthor Commented:
I sent you a private email. Can you respond?
0
sgleeAuthor Commented:
" there is an option on the left for creating and configuring networks. "  ---> I got it. I created a virtual network based on 10.0.0.0.
When I created a DC1 (Domain Controller), it actually has the following IP.

 IPv4 Address. . . . . . . . . . . : 10.0.1.4
 Subnet Mask . . . . . . . . . . . : 255.255.255.224
 Default Gateway . . . . . . . . . : 10.0.1.1

I am going to promote this to Domain Controller and create a 2nd VM with Windows 2008 to see if I can join it to DC1.

I will post the result.
0
sgleeAuthor Commented:
Virtual Network - VN1DNS Servers in Virtual NetworkDHCP Server in DC1Cliff,
 I made some progress.
 I created a virtual network.(please see the screenshot) and entered public DNS addresses and  I set up DC1 s domain controller.

   Host Name . . . . . . . . . . . . : DC1
  Primary Dns Suffix  . . . . . . . : abc.com
  IPv4 Address. . . . . . . . . . . : 10.0.1.4
  Subnet Mask . . . . . . . . . . . : 255.255.255.224
  Default Gateway . . . . . . . . . : 10.0.1.1
  DNS Suffix Search List. . . . . . : abc.com

 Also created DHCP server in DC1 (please see the screenshot)

  Then I created another VM "TS1" (for the purpose of Terminal Server).

Windows IP Configuration

   Host Name . . . . . . . . . . . . : TS1
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Peer-Peer

   DNS Suffix Search List. . . . . . : KN1.j3.internal.cloudapp.net
   IPv4 Address. . . . . . . . . . . : 10.0.1.5
   Subnet Mask . . . . . . . . . . . : 255.255.255.224
   Default Gateway . . . . . . . . . : 10.0.1.1
   DHCP Server . . . . . . . . . . . : 168.63.129.16
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                                  208.67.222.220

  From TS1, I can ping 10.0.1.4, but when I ping "DC1", no replies. I can see why.
  Because DNS server addresses are not pointing to DC1 IP address.
  How can I make TS1 receive IP information from DC1 DHCP server?
  Then I think I can join TS1 to the domain.
0
Cliff GaliherCommented:
This is, again, not unique to azure. If you set up a DHCP server on an on-premises network and set up DNS to be openDNS servers, that's what would be given out to clients. And that is exactly what you defined in your network settings.

Most on-premises networks would instead only have DHCP give out the DCs as DNS servers, and the DCs would be configured with forwarders or use root hints.

You can do the *same thing* in azure. You would configure your virtual network to use one or more of your VMs for DNS. And then you'd configure the DNS role in the VM to use forwarders or root hints.

But right now things are working exactly as they should. You specified third-party DNS servers in your virtual network settings so, of course, that is what is being handed to the VM. As an aside, there is no reason you have to use DHCP on either VM. You can, within the VM, use static addressing. That is fully supported.

I also notice one mistake, which is why you got the "this gate way was not created" issue in your first screengrab. In your "configure point to point connectivity" screenshot, the network is clearly identified as a 10.0.0.0/24 network. And yet your VMs are all clearly being specified with a 10.0.1.0 address space, which is NOT in the 10.0.0.0/24 subnet. You definitely have some misconfiguration going on there (and again, subnetting, subnet masks, and routing is not unique to azure.)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
One additional note: DHCP is *NOT* supported on Azure. Microsoft's list of supported and non-supported windows roles is here. Because Azure needs to be able to dynamically manage the network, DHCP simply can't work in this scenario.

http://support.microsoft.com/kb/2721672
0
sgleeAuthor Commented:
Thanks for comments and corrections. I will make changes in the morning and post the results.
0
sgleeAuthor Commented:
Virtual Network - RevisedDNS Name ServerForwarders in DC1(1) "Most on-premises networks would instead only have DHCP give out the DCs as DNS servers, and the DCs would be configured with forwarders or use root hints." --> Makes perfect sense. That is normally how I set up DNS on local LAN and I did not think about it in Azure. I changed it. Please see the screenshot.

(2) "As an aside, there is no reason you have to use DHCP on either VM. You can, within the VM, use static addressing" --> Come to think of it, I am not setting up workstation PCs in Azure. I am only setting up Servers here, so I can assign static IP information on these servers because they will be only handful of them. I removed DHCP from DC1 VM and populated static IP information on both DC1 and TS1 TCP/IP properties.

(3) "you'd configure the DNS role in the VM to use forwarders or root hints." --> I added 8.8.8.8 to Forwarders tab in DC1 Properties. Please see attached screenshot.

So far so good?
0
sgleeAuthor Commented:
Error in Joining TS1 to DomainTS1 - Joined to DomainDNS Manager with TS1 showneI was able to join TS1 (Terminal Server) to the Domain after the changes made above.
During joining process, there was an error, but I continued and now TS1 is showing up in DC1 DNS Manager.
 
Is the error message something I should be concerned about?
0
Cliff GaliherCommented:
Doesn't look like it. I didn't witness the actual domain join process, but all appears well.
0
sgleeAuthor Commented:
I was successfully able to RDP into TS1 (Terminal Server) using various user accounts that I created in DC1.
I will look into "this gate way was not created" issue that you mentioned later.

Thank you for your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cloud Computing

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.