Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Promoting Server to Domain Controller in the Cloud

Posted on 2014-10-30
3
Medium Priority
?
61 Views
Last Modified: 2015-02-23
Hello Experts,

I am hoping you can help me.

I have a server that is hosted in our cloud that I am trying to promote to a DC.  This is connected to our Active Directory through a ipsec vpn tunnel.  The machine was successfully added to our domain, I can ping both ways and it also resolves.

When I try to dcpromo I get two messages.

1.Warning - a delegation for this dns server cannot be created because the authoritative parent zone...
https://social.technet.microsoft.com/Forums/windowsserver/en-US/437e91bc-9dd1-4cf3-96de-54ea59b34a04/warning-a-delegation-for-this-dns-server-cannot-be-created-because-the-authoritative-parent?forum=winserverDS

it says I can ignore the warning and create it later.  When I look to create it I can only create a sub domain which I don't want to do.  

I hit next but would feel better if that wasn't there.

2. goes through and then at the end errors with RPC is unavailable:http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

I did the report on the above and it appears that port 88 and port 389 where blocked but when I did the report just on those ports they said they were open.

I am at a loss and have been looking at this too long.  

Any help would be appreciated, this is my first time setting up a server and extending my AD.

Thank you,

Karen
0
Comment
Question by:klsphotos
  • 2
3 Comments
 
LVL 29

Expert Comment

by:Dan McFadden
ID: 40418914
It sounds like a firewall is blocking access.  There are many more than 2 ports (88 & 389) to open.  Reference link to connectivity requirements for AD:

http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

This article also give OS specific details:

https://support.microsoft.com/kb/179442?wa=wsignin1.0#method3

Dan
0
 

Accepted Solution

by:
klsphotos earned 0 total points
ID: 40616511
This has been resolved, kind of.  The Cloud provider will only subnet ip addresses on a certain subnet that does not match ours.  Without some kind of interception (Vyatta) even with that, I do not see any way to have a domain controller in this cloud since DNS needs to only have 1 ip per system, not 2.  We did get AD authentication to the cloud and since we are small, this is for fine for us at the moment.  Once we grow we will look at other options.  Thank you for your help, please close this ticket.
0
 

Author Closing Comment

by:klsphotos
ID: 40625335
The solution we were told from the provider would work will not work under the configuration they gave us.  This was there error.  The answers are great but they just didn't fit what ended up being the resolution.  We can't do it at this provider.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question