connecting a windows 2008 r2 server to a domain controller through a vpn

I have a VPN tunnel with a domain controller on one side and another server that has Remote Desktop Services running on the other side. I want to add that server to the domain and use other services on the side that has the domain controller. Currently I can ping the IP's of the other servers but I cannot connect to the domain controller. What is the most reliable and stable setup?
aks17Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Thomas WheelerCommented:
Is this a router to router vpn? The best is to have the vpn on the routers and add the routes for the two subnets. At that point you can access the servers as if they were on the same physical network.
0
aks17Author Commented:
Yes there is a VPN tunnel between two routers. I can ping the servers from either side but UNC doesn't resolve.
0
Thomas WheelerCommented:
Are you pinging by name? What dose a tracer out say
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

aks17Author Commented:
I ping the static IP address of the server and I get replys. I ping by name and it says host cannot by found. Run the tracert by IP and it shows 1 hop.
0
aks17Author Commented:
also shows the name that I was trying to ping.
0
Thomas WheelerCommented:
What dns servers are you using the dc? Also when you browse to the server via uncle are you using the ip? Dose it work with the ip?
0
aks17Author Commented:
The dns servers are on the dc and secondary dc on one side of the vpn. Can browse to the server on the other side using the IP. Tried to setup the dns server on the server I'm trying to connect to the dc and could not resolve. Made a manual entry on the dc of the other server and it was no help.
0
Thomas WheelerCommented:
What type of routers do you have? Is there firewalling happening? What happens if you do an ns lookup against the server on the other side?
nslookup google.Com server ip
0
aks17Author Commented:
I get server unknown and the ip address of server I'm searching from. The same for google.com.
The routers are Cisco asa 5510's. The VPN tunnel should not be blocking any inside traffic.
0
Thomas WheelerCommented:
Can you rdp to the dc from the rds server?
0
Thomas WheelerCommented:
we need a little network info attached is a visio document showing what I think your setup looks like. From the RDS server you can ping the DC correct? From the DC you can ping the RDS right? if you do a tracert from rds to dc it completes and if you do a tracert from dc to rds it completes. Please post an ipconfig /all from both servers. Also on the ASA did you use the VPN wizard to set the vpn up? if so post the info for the setup.
Facke-network.vsd
0
aks17Author Commented:
The visio document is correct. I can ping and run a tracert from either location. I can also rdp from either location to the servers. Below is the ip config all for both servers.

Location 1
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : TS1FS
   Primary Dns Suffix  . . . . . . . : test.org
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : test.org
Ethernet adapter Local Area Connection 2:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82575EB Gigabit Network Connection #2
   Physical Address. . . . . . . . . : 00-1D-15-EA-C6-4D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82575EB Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-13-17-ED-C8-6C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ec14:24a7:58a5:c1fd%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.121(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 234886423
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-F5-D2-10-00-15-17-EA-C4-8C
   DNS Servers . . . . . . . . . . . : ::1
                                       127.0.0.1
   Primary WINS Server . . . . . . . : 192.168.1.126
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{B07CC62E-98A5-4FF7-95F0-CCFD726FFB31}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{DF9E069E-EDB0-4FBF-A6C4-D117D5753FBF}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
C:\Users\Administrator>

Location 2
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
C:\Users\Administrator>ipconfig /all

Windows IP Configuration
   Host Name . . . . . . . . . . . . : TS2FS
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-1D-37-47-B4-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-1C-68-35-B4-FC
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::25c5:97af:514e:48b3%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.254
   DHCPv6 IAID . . . . . . . . . . . : 234888807
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8F-33-EA-00-1D-47-47-A4-FC
   DNS Servers . . . . . . . . . . . : 192.168.2.101
                                                   192.168.2.100
                                                   192.168.1.121
   Primary WINS Server . . . . . . . : 192.168.2.101
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{8AA06BD2-D225-4AD7-8C01-0B9975BEA8EC}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{0E4D5960-6F5B-4526-9641-42D188803B32}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d15:4abd:ce:1ba0:1f55:fd9a(Preferred)
   Link-local IPv6 Address . . . . . : fe80::cb:1ac0:3e53:fd9a%18(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
C:\Users\Administrator>

For the ASA it's the site to site wizard that was used.
0
compdigit44Commented:
I the RDS server the server you want to add to the domain have you make checked to see if the Windows firewall is enabled.

I assume your router/VPN is allowing the following ports which are needed to add a workstation to the domain..

UDP Port 88 for Kerberos authentication

UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.

TCP Port 139 and UDP 138 for File Replication Service between domain controllers.

UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.

TCP and UDP Port 445 for File Replication Service

TCP and UDP Port 464 for Kerberos Password Change

TCP Port 3268 and 3269 for Global Catalog from client to domain controller.

TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
aks17Author Commented:
I checked the router vpn traffic and verified that the requests for the ports is going from one side to the other. When testing from the server that we want to connect to the domain. But the domain controller does no respond back to the requests.
0
aks17Author Commented:
Should I connect through the vpn to the domain controller using the IP address and then try to run the join domain process?
0
compdigit44Commented:
The fact you are not getting any return traffic is a problem... Have you check both router/firewall rules???

Are you able to monitor traffic live on both the source and destination routers??
0
aks17Author Commented:
Yes I am able to monitor traffic live at both destinations. I can see the requests come through and then no answer in return.
Also checked the rules on the firewall as well. I think it's the server not responding to the IP address that's allowed through the vpn but not in the same pool.
0
compdigit44Commented:
What do you mean by "not on same pool"

Have you tried to run Network Monitor on the target server to see traffic is reaching the server and "if" it is making any attempt to respond?
0
aks17Author Commented:
By meaning not in the same pool I meant one side is 192.168.1.x and the other is 192.168.2.x. I ran wireshark to capture the port request traffic and did see the requests but no response.

Also I did finally get the server to join the domain. Only problem I'm not sure if it was everything that was done before or the final step or all of the above.

The last step when I was finally able to connect was I opened the run command and typed \\192.168.1.126 of the dc and clicked run. It opened windows explorer with the file folders from the dc. Then I proceeded to follow to join to the domain process and it connected. Restarted and everything is as expected.

Thanks for everyone's help.
0
aks17Author Commented:
Also I did finally get the server to join the domain. Only problem I'm not sure if it was everything that was done before or the final step or all of the above.

The last step when I was finally able to connect was I opened the run command and typed \\192.168.1.126 of the dc and clicked run. It opened windows explorer with the file folders from the dc. Then I proceeded to follow to join to the domain process and it connected. Restarted and everything is as expected.
0
aks17Author Commented:
The last step is the point that everything worked as expected.
0
aks17Author Commented:
The last step when I was finally able to connect was I opened the run command and typed \\192.168.1.126 of the dc and clicked run. It opened windows explorer with the file folders from the dc. Then I proceeded to follow to join to the domain process and it connected. Restarted and everything is as expected.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.