• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 63
  • Last Modified:

Promoting Server to Domain Controller in the Cloud

Hello Experts,

I am hoping you can help me.

I have a server that is hosted in our cloud that I am trying to promote to a DC.  This is connected to our Active Directory through a ipsec vpn tunnel.  The machine was successfully added to our domain, I can ping both ways and it also resolves.

When I try to dcpromo I get two messages.

1.Warning - a delegation for this dns server cannot be created because the authoritative parent zone...
https://social.technet.microsoft.com/Forums/windowsserver/en-US/437e91bc-9dd1-4cf3-96de-54ea59b34a04/warning-a-delegation-for-this-dns-server-cannot-be-created-because-the-authoritative-parent?forum=winserverDS

it says I can ignore the warning and create it later.  When I look to create it I can only create a sub domain which I don't want to do.  

I hit next but would feel better if that wasn't there.

2. goes through and then at the end errors with RPC is unavailable:http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

I did the report on the above and it appears that port 88 and port 389 where blocked but when I did the report just on those ports they said they were open.

I am at a loss and have been looking at this too long.  

Any help would be appreciated, this is my first time setting up a server and extending my AD.

Thank you,

Karen
0
klsphotos
Asked:
klsphotos
  • 2
1 Solution
 
Dan McFaddenSystems EngineerCommented:
It sounds like a firewall is blocking access.  There are many more than 2 ports (88 & 389) to open.  Reference link to connectivity requirements for AD:

http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

This article also give OS specific details:

https://support.microsoft.com/kb/179442?wa=wsignin1.0#method3

Dan
0
 
klsphotosAuthor Commented:
This has been resolved, kind of.  The Cloud provider will only subnet ip addresses on a certain subnet that does not match ours.  Without some kind of interception (Vyatta) even with that, I do not see any way to have a domain controller in this cloud since DNS needs to only have 1 ip per system, not 2.  We did get AD authentication to the cloud and since we are small, this is for fine for us at the moment.  Once we grow we will look at other options.  Thank you for your help, please close this ticket.
0
 
klsphotosAuthor Commented:
The solution we were told from the provider would work will not work under the configuration they gave us.  This was there error.  The answers are great but they just didn't fit what ended up being the resolution.  We can't do it at this provider.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now