Error joining Windows 10 via S2S VPN to AD

PH_CAN 41 Reputation points
2020-12-08T16:34:52.77+00:00

We have the following Lab scenario.
A Server 2019 VM in Azure with AD and DNS Services. S2S VPN to on-prem. Using WVD in Azure which all works fine. Hosts are joined to the Domain on the Azure VM. No problems! When trying to join a Windows 10 from on-prem to the domain, it joins but after the welcome message to the domain the error message below shows. Windows 10 system has DNS settings from domain and nslookup point to the DC/DNS. We can not login to the domain, the the computer object exists after joining and the DNS name in the AD object is empty.

nltest result from Windows 10
PS C:\Windows\system32> nltest /dsgetdc:xxxxxxxx.local /force
DC: \DOM001.xxxxxx.local
Address: \10.0.0.4
Dom Guid: xxxxxx-xxxxx-xxxxx-xxxxxxx
Dom Name: xxxxxxxx.local
Forest Name: xxxxxxxx.local
Dc Site Name: Azure-DC
Our Site Name: Azure-DC
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10 KEYLIST
The command completed successfully

Does anyone can help. Thanks
46250-errorjointodomain-copy.png

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,456 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,850 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,272 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions
0 comments
Accepted answer
  1. Dave Patrick 426.1K Reputation points MVP
    2020-12-08T16:52:24.523+00:00
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. PH_CAN 41 Reputation points
    2020-12-08T17:26:12.597+00:00

    Thanks for your answer. I run PortQuery.

    Netbios. I checked the DNS on the Azure VM and the name is only dom001 without the domain name.
    Very strange.

    UDP port 137 (netbios-ns service): LISTENING or FILTERED

    Using ephemeral source port
    Attempting NETBIOS adapter status query to UDP port 137...

    NETBIOS name for 10.0.0.4 not found (timeout)
    Adapter status query failed.
    UDP port: FILTERED

    TCP port 42 (nameserver service): NOT LISTENING
    portqry.exe -n 10.0.0.4 -e 42 -p TCP exits with return code 0x00000001.

    0 comments