Solved

Promoting Server to Domain Controller in the Cloud

Posted on 2014-10-30
3
55 Views
Last Modified: 2015-02-23
Hello Experts,

I am hoping you can help me.

I have a server that is hosted in our cloud that I am trying to promote to a DC.  This is connected to our Active Directory through a ipsec vpn tunnel.  The machine was successfully added to our domain, I can ping both ways and it also resolves.

When I try to dcpromo I get two messages.

1.Warning - a delegation for this dns server cannot be created because the authoritative parent zone...
https://social.technet.microsoft.com/Forums/windowsserver/en-US/437e91bc-9dd1-4cf3-96de-54ea59b34a04/warning-a-delegation-for-this-dns-server-cannot-be-created-because-the-authoritative-parent?forum=winserverDS

it says I can ignore the warning and create it later.  When I look to create it I can only create a sub domain which I don't want to do.  

I hit next but would feel better if that wasn't there.

2. goes through and then at the end errors with RPC is unavailable:http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

I did the report on the above and it appears that port 88 and port 389 where blocked but when I did the report just on those ports they said they were open.

I am at a loss and have been looking at this too long.  

Any help would be appreciated, this is my first time setting up a server and extending my AD.

Thank you,

Karen
0
Comment
Question by:klsphotos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 27

Expert Comment

by:Dan McFadden
ID: 40418914
It sounds like a firewall is blocking access.  There are many more than 2 ports (88 & 389) to open.  Reference link to connectivity requirements for AD:

http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

This article also give OS specific details:

https://support.microsoft.com/kb/179442?wa=wsignin1.0#method3

Dan
0
 

Accepted Solution

by:
klsphotos earned 0 total points
ID: 40616511
This has been resolved, kind of.  The Cloud provider will only subnet ip addresses on a certain subnet that does not match ours.  Without some kind of interception (Vyatta) even with that, I do not see any way to have a domain controller in this cloud since DNS needs to only have 1 ip per system, not 2.  We did get AD authentication to the cloud and since we are small, this is for fine for us at the moment.  Once we grow we will look at other options.  Thank you for your help, please close this ticket.
0
 

Author Closing Comment

by:klsphotos
ID: 40625335
The solution we were told from the provider would work will not work under the configuration they gave us.  This was there error.  The answers are great but they just didn't fit what ended up being the resolution.  We can't do it at this provider.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question