[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Join a Virtual Machine to Domain in Microsoft Azure

Posted on 2014-08-04
13
Medium Priority
?
6,618 Views
Last Modified: 2014-11-12
Domain ControllerTerminal ServerIP Property in Win2008Domain JoinHi,
  I have set up two virtual machines in my Microsoft AZure account and I am trying to join W2008 VM to W2012 Domain Controller.

 Here is information with Windows 2012 Serve/DC:
   IPv4 Address. . . . . . . . . . . : 100.79.50.31
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 100.79.50.1
 Host Name . . . . . . . . . . . . : KN1
 Primary Dns Suffix  . . . . . . . : KN-Cloud.com
 Node Type . . . . . . . . . . . . : Peer-Peer
 IP Routing Enabled. . . . . . . . : No
 WINS Proxy Enabled. . . . . . . . : No
 DNS Suffix Search List. . . . . . : KN-Cloud.com

Here is information about Windows 2008 that I like to join the DC above.

 Ipconfig /all >
   Connection-specific DNS Suffix  . : KN3.j2.internal.cloudapp.net
   Link-local IPv6 Address . . . . . : fe80::1b:dfe7:40c2:f136%11
   IPv4 Address. . . . . . . . . . . : 100.79.164.104
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 100.79.164.1
     DHCP Server . . . . . . . . . . . : 10.102.215.82
   DNS Servers . . . . . . . . . . . : 100.79.50.31

  I have already entered IP address (100.79.50.31 ) of DC/W2012 in the TCP/IP properties of Windows 2008 Server (please see the screenshot). When I tried to join the domain, I get an error "An Active directory Domain Controller for the domain "kn-cloud.com" could not be contacted. I entered kn-cloud.com in the Domain field on Domain Change screen (please see the screenshot)

Can you help?
0
Comment
Question by:sglee
  • 8
  • 5
13 Comments
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 40240378
Based on your IPconfig and subnet masks, it looks like you have not put both machines on the same azure network. You need to do this in the azure portal. Otherwise the two machines are completely logically separate.
0
 

Author Comment

by:sglee
ID: 40240396
I logged into my Azure account and simply spun up 2nd VM.
How should I have done it differently?
0
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 40240402
Each VM in azure is isolated. After all, do you want just anyone to be axle to access your VM? Think of how many customers and how many VMs run in just one datacenter. It'd be insane if every VM could see every other VM for any customer.

It isn't that you have to do something differently, it is that you have to do more. Think of it just like an on-premises network. Can you simply buy two servers and plug them into a wall outlet, install the OS, and have them domain joined? No. You have to buy (at the very least) a switch and some network cables.

Azure is no different. If you want your machines networked, you have to *create* that network. In the azure portal, there is an option on the left for creating and configuring networks.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:sglee
ID: 40240437
I sent you a private email. Can you respond?
0
 

Author Comment

by:sglee
ID: 40240525
" there is an option on the left for creating and configuring networks. "  ---> I got it. I created a virtual network based on 10.0.0.0.
When I created a DC1 (Domain Controller), it actually has the following IP.

 IPv4 Address. . . . . . . . . . . : 10.0.1.4
 Subnet Mask . . . . . . . . . . . : 255.255.255.224
 Default Gateway . . . . . . . . . : 10.0.1.1

I am going to promote this to Domain Controller and create a 2nd VM with Windows 2008 to see if I can join it to DC1.

I will post the result.
0
 

Author Comment

by:sglee
ID: 40240584
Virtual Network - VN1DNS Servers in Virtual NetworkDHCP Server in DC1Cliff,
 I made some progress.
 I created a virtual network.(please see the screenshot) and entered public DNS addresses and  I set up DC1 s domain controller.

   Host Name . . . . . . . . . . . . : DC1
  Primary Dns Suffix  . . . . . . . : abc.com
  IPv4 Address. . . . . . . . . . . : 10.0.1.4
  Subnet Mask . . . . . . . . . . . : 255.255.255.224
  Default Gateway . . . . . . . . . : 10.0.1.1
  DNS Suffix Search List. . . . . . : abc.com

 Also created DHCP server in DC1 (please see the screenshot)

  Then I created another VM "TS1" (for the purpose of Terminal Server).

Windows IP Configuration

   Host Name . . . . . . . . . . . . : TS1
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Peer-Peer

   DNS Suffix Search List. . . . . . : KN1.j3.internal.cloudapp.net
   IPv4 Address. . . . . . . . . . . : 10.0.1.5
   Subnet Mask . . . . . . . . . . . : 255.255.255.224
   Default Gateway . . . . . . . . . : 10.0.1.1
   DHCP Server . . . . . . . . . . . : 168.63.129.16
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                                  208.67.222.220

  From TS1, I can ping 10.0.1.4, but when I ping "DC1", no replies. I can see why.
  Because DNS server addresses are not pointing to DC1 IP address.
  How can I make TS1 receive IP information from DC1 DHCP server?
  Then I think I can join TS1 to the domain.
0
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 40240593
This is, again, not unique to azure. If you set up a DHCP server on an on-premises network and set up DNS to be openDNS servers, that's what would be given out to clients. And that is exactly what you defined in your network settings.

Most on-premises networks would instead only have DHCP give out the DCs as DNS servers, and the DCs would be configured with forwarders or use root hints.

You can do the *same thing* in azure. You would configure your virtual network to use one or more of your VMs for DNS. And then you'd configure the DNS role in the VM to use forwarders or root hints.

But right now things are working exactly as they should. You specified third-party DNS servers in your virtual network settings so, of course, that is what is being handed to the VM. As an aside, there is no reason you have to use DHCP on either VM. You can, within the VM, use static addressing. That is fully supported.

I also notice one mistake, which is why you got the "this gate way was not created" issue in your first screengrab. In your "configure point to point connectivity" screenshot, the network is clearly identified as a 10.0.0.0/24 network. And yet your VMs are all clearly being specified with a 10.0.1.0 address space, which is NOT in the 10.0.0.0/24 subnet. You definitely have some misconfiguration going on there (and again, subnetting, subnet masks, and routing is not unique to azure.)
0
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 40240596
One additional note: DHCP is *NOT* supported on Azure. Microsoft's list of supported and non-supported windows roles is here. Because Azure needs to be able to dynamically manage the network, DHCP simply can't work in this scenario.

http://support.microsoft.com/kb/2721672
0
 

Author Comment

by:sglee
ID: 40240612
Thanks for comments and corrections. I will make changes in the morning and post the results.
0
 

Author Comment

by:sglee
ID: 40241026
Virtual Network - RevisedDNS Name ServerForwarders in DC1(1) "Most on-premises networks would instead only have DHCP give out the DCs as DNS servers, and the DCs would be configured with forwarders or use root hints." --> Makes perfect sense. That is normally how I set up DNS on local LAN and I did not think about it in Azure. I changed it. Please see the screenshot.

(2) "As an aside, there is no reason you have to use DHCP on either VM. You can, within the VM, use static addressing" --> Come to think of it, I am not setting up workstation PCs in Azure. I am only setting up Servers here, so I can assign static IP information on these servers because they will be only handful of them. I removed DHCP from DC1 VM and populated static IP information on both DC1 and TS1 TCP/IP properties.

(3) "you'd configure the DNS role in the VM to use forwarders or root hints." --> I added 8.8.8.8 to Forwarders tab in DC1 Properties. Please see attached screenshot.

So far so good?
0
 

Author Comment

by:sglee
ID: 40241060
Error in Joining TS1 to DomainTS1 - Joined to DomainDNS Manager with TS1 showneI was able to join TS1 (Terminal Server) to the Domain after the changes made above.
During joining process, there was an error, but I continued and now TS1 is showing up in DC1 DNS Manager.
 
Is the error message something I should be concerned about?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40241148
Doesn't look like it. I didn't witness the actual domain join process, but all appears well.
0
 

Author Comment

by:sglee
ID: 40242151
I was successfully able to RDP into TS1 (Terminal Server) using various user accounts that I created in DC1.
I will look into "this gate way was not created" issue that you mentioned later.

Thank you for your help.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
The decision to migrate to the cloud is not a simple one—many factors, such a cost, ease of use, and ongoing maintenance come into play. The goal is always for cloud platforms to make storage and backups more seamless and effective. Here’s a look at…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question