Solved

Promoting Server to Domain Controller in the Cloud

Posted on 2014-10-30
3
54 Views
Last Modified: 2015-02-23
Hello Experts,

I am hoping you can help me.

I have a server that is hosted in our cloud that I am trying to promote to a DC.  This is connected to our Active Directory through a ipsec vpn tunnel.  The machine was successfully added to our domain, I can ping both ways and it also resolves.

When I try to dcpromo I get two messages.

1.Warning - a delegation for this dns server cannot be created because the authoritative parent zone...
https://social.technet.microsoft.com/Forums/windowsserver/en-US/437e91bc-9dd1-4cf3-96de-54ea59b34a04/warning-a-delegation-for-this-dns-server-cannot-be-created-because-the-authoritative-parent?forum=winserverDS

it says I can ignore the warning and create it later.  When I look to create it I can only create a sub domain which I don't want to do.  

I hit next but would feel better if that wasn't there.

2. goes through and then at the end errors with RPC is unavailable:http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

I did the report on the above and it appears that port 88 and port 389 where blocked but when I did the report just on those ports they said they were open.

I am at a loss and have been looking at this too long.  

Any help would be appreciated, this is my first time setting up a server and extending my AD.

Thank you,

Karen
0
Comment
Question by:klsphotos
  • 2
3 Comments
 
LVL 27

Expert Comment

by:Dan McFadden
ID: 40418914
It sounds like a firewall is blocking access.  There are many more than 2 ports (88 & 389) to open.  Reference link to connectivity requirements for AD:

http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

This article also give OS specific details:

https://support.microsoft.com/kb/179442?wa=wsignin1.0#method3

Dan
0
 

Accepted Solution

by:
klsphotos earned 0 total points
ID: 40616511
This has been resolved, kind of.  The Cloud provider will only subnet ip addresses on a certain subnet that does not match ours.  Without some kind of interception (Vyatta) even with that, I do not see any way to have a domain controller in this cloud since DNS needs to only have 1 ip per system, not 2.  We did get AD authentication to the cloud and since we are small, this is for fine for us at the moment.  Once we grow we will look at other options.  Thank you for your help, please close this ticket.
0
 

Author Closing Comment

by:klsphotos
ID: 40625335
The solution we were told from the provider would work will not work under the configuration they gave us.  This was there error.  The answers are great but they just didn't fit what ended up being the resolution.  We can't do it at this provider.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question