jmchristy
asked on
RD Gateway 2016 NPS issue no domain controller available
I'm trying to roll-out a new RD Gateway server and I have been unable to do so because my NETBIOS name contains a period. My DNS domain name is CORP.DOMAIN.COM and my NETBIOS name is DOMAIN.COM.
When I try to connect, I receive Event ID 4402 with the message "There is no domain controller available for domain DOMAIN.COM"
I have tried what some have said worked for them by adding a registry key but this does not work. I also created a forward lookup zone named DOMAIN.COM and the Domain Controllers are listed there.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\ControlProtocols\BuiltIn\
Type: REG SZ
Name: Default Domain
Value: DOMAIN.COM
Short of renaming my domain with a NETBIOS that does not contain a period, what other options are there? This seems like there's got to be a way to make NPS locate the domain.
When I try to connect, I receive Event ID 4402 with the message "There is no domain controller available for domain DOMAIN.COM"
I have tried what some have said worked for them by adding a registry key but this does not work. I also created a forward lookup zone named DOMAIN.COM and the Domain Controllers are listed there.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\ControlProtocols\BuiltIn\
Type: REG SZ
Name: Default Domain
Value: DOMAIN.COM
Short of renaming my domain with a NETBIOS that does not contain a period, what other options are there? This seems like there's got to be a way to make NPS locate the domain.
ASKER
Thanks for the quick response! This seems crazy to me that there is not an easier solution other than renaming your domain to resolving a configuration issue with NETBIOS from 20 years ago.
Is this just a case where Microsoft can issue a patch or hotfix to this?
Are there any other solutions or 3rd party plugins to allow connecting via RD Gateway with a username/password? Similar to Duo App?
Is this just a case where Microsoft can issue a patch or hotfix to this?
Are there any other solutions or 3rd party plugins to allow connecting via RD Gateway with a username/password? Similar to Duo App?
Users should also be able to connect using their email address rather than domain\username. Not sure if there are any specific problems with NPS though when using this logon method.
ASKER
I have tried mailto:account@domain.com vs. domain.com\account and it behaves the same.
At least what Microsoft wrote is, that the change was with WIN 2008 to 2008 R2 to make NPS able to work with FQDN. And this pushes now NPS to interpret your Netbios domain as a FQDN.
So a possible work arounf would be (not a solution) to use a Win 2008 server, which is out of support.
As special characters inside NetBIOS names have a very long history for errors (NPS is just one of them), I would expect that the topic is just not in the focus anymore as most of the company decided in the meanwhile to correct their NetBios names. So there it not really a big motivation for MS to fix this. And at the end, you never can make sure, that you will not run into the next issue, earlier or later.
So a possible work arounf would be (not a solution) to use a Win 2008 server, which is out of support.
As special characters inside NetBIOS names have a very long history for errors (NPS is just one of them), I would expect that the topic is just not in the focus anymore as most of the company decided in the meanwhile to correct their NetBios names. So there it not really a big motivation for MS to fix this. And at the end, you never can make sure, that you will not run into the next issue, earlier or later.
ASKER
Unfortunately for me, I inherited a network with the NETBIOS name with a period. I also did not come across this issue until trying to remove my old WIN2008 server running the NPS service. To explain to executive leadership the reason why this massive network change must occur all because of a period, is tough to relay.
Maybe I'll open a ticket with Microsoft and ask them to provide a hotfix/patch for this.
Maybe I'll open a ticket with Microsoft and ask them to provide a hotfix/patch for this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
While this did not solve my problem, it gave me guidance on which direction I should head. I'll need to rename by Netbios or standup a new domain with a Netbios name without a period.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/b6b80ab1-a3ee-48eb-b45c-3eb0be27aec7/nps-and-windows-server-2008-r2-dc
But possibly you already have seen it.