Solved

Promoting Server to Domain Controller in the Cloud

Posted on 2014-10-30
3
51 Views
Last Modified: 2015-02-23
Hello Experts,

I am hoping you can help me.

I have a server that is hosted in our cloud that I am trying to promote to a DC.  This is connected to our Active Directory through a ipsec vpn tunnel.  The machine was successfully added to our domain, I can ping both ways and it also resolves.

When I try to dcpromo I get two messages.

1.Warning - a delegation for this dns server cannot be created because the authoritative parent zone...
https://social.technet.microsoft.com/Forums/windowsserver/en-US/437e91bc-9dd1-4cf3-96de-54ea59b34a04/warning-a-delegation-for-this-dns-server-cannot-be-created-because-the-authoritative-parent?forum=winserverDS

it says I can ignore the warning and create it later.  When I look to create it I can only create a sub domain which I don't want to do.  

I hit next but would feel better if that wasn't there.

2. goes through and then at the end errors with RPC is unavailable:http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

I did the report on the above and it appears that port 88 and port 389 where blocked but when I did the report just on those ports they said they were open.

I am at a loss and have been looking at this too long.  

Any help would be appreciated, this is my first time setting up a server and extending my AD.

Thank you,

Karen
0
Comment
Question by:klsphotos
  • 2
3 Comments
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40418914
It sounds like a firewall is blocking access.  There are many more than 2 ports (88 & 389) to open.  Reference link to connectivity requirements for AD:

http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

This article also give OS specific details:

https://support.microsoft.com/kb/179442?wa=wsignin1.0#method3

Dan
0
 

Accepted Solution

by:
klsphotos earned 0 total points
ID: 40616511
This has been resolved, kind of.  The Cloud provider will only subnet ip addresses on a certain subnet that does not match ours.  Without some kind of interception (Vyatta) even with that, I do not see any way to have a domain controller in this cloud since DNS needs to only have 1 ip per system, not 2.  We did get AD authentication to the cloud and since we are small, this is for fine for us at the moment.  Once we grow we will look at other options.  Thank you for your help, please close this ticket.
0
 

Author Closing Comment

by:klsphotos
ID: 40625335
The solution we were told from the provider would work will not work under the configuration they gave us.  This was there error.  The answers are great but they just didn't fit what ended up being the resolution.  We can't do it at this provider.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

My last post dealt with using group policy preferences to set file associations, a very handy usage for a GPP. Today I am going to share another cool GPP trick, this may be a specific scenario but I run into these situations frequently in my activit…
This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now