This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 40%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Hi everyone.
I'm trying to create an AD lab environment with two VM I have available. It's a must to use this two VMs unfortunately.
The first one is a windows server 2019 (lets call it dc1)
The second on is a windows server 2022 (lets call it srv1)
Both of them are hosted on cloud and have static public ip addresses.
I've started creating a domain (lets call it mydomain.com) on dc1 and I promoted it as Domain Controller. I've installed and configured the DNS server either. For those steps I've followed microsoft official guides so I'm pretty confident that the configs are ok.
Now I want to join srv1 to mydomain.com so I setted the primary dns of srv1 to the static ip of dc1
Here comes the troubles... when I try to join srv1 I get "network path not found error" so I started the troubleshooting. Here my checks:
05/23/2023 16:19:43:917 NetUseAdd to \dc1.mydomain.com\IPC$ returned 53
05/23/2023 16:19:43:917 NetpJoinDomainOnDs: status of connecting to dc '\dc1.mydomain.com': 0x35
05/23/2023 16:19:43:917 NetpJoinDomainOnDs: Function exits with status of: 0x35
05/23/2023 16:19:43:917 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'mydomain.com' returned 0x0
05/23/2023 16:19:43:917 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'mydomain.com': 0x0
05/23/2023 16:19:43:917 NetpDoDomainJoin: status: 0x35
Reading these lines I feel like there is something wrong accessing dc1's shares so I've tried to access from the explorer with the path "\dc1.mydomain.com\C$" and here I get "Windows cannot access \dc1.mydomain.com\C$"
To be sure I've tried the same connection from my personal pc but this time I'm prompted to insert my domain credentials. By providing my credentials I'm able to access the C$ share. At least now I'm sure that the problem is on srv1!
Test-NetConnection -ComputerName dc1.mydomain.com -Port 389
Test-NetConnection -ComputerName dc1.mydomain.com -Port 53
I've noticed that the only two ports that result in a failure of the test are 135 and 445. With these two ports the test fails from dc1 to srv1 and from srv1 to dc1 either.
If I repeat the same tests but from my local machine all the ports responds to test both on srv1 and dc1.
To be sure I've checked the ports with netstat and all necessary ports result on listening state including 135 and 445
Now I'm drowning in forums posts that "explain" how to solve this problem and I've probably read every single post on this topic so... here I am. Hoping someone know how to help
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Unfortunately the VMs are not on Azure.
I'd ask the cloud provider about routing and firewalls.
checked dcdiag and readmin outputs looking for errors but nothing...
Not much to go on but also check the system and replication event logs for clues.
--please don't forget to upvote and Accept as answer if the reply is helpful--
No clues on system or replication logs.
I'll ask to cloud provider so.
Thank you for the support.
Ok, sounds good, you're welcome.
I'd check the domain controller and problem members are not multi-homed and also that they both use the static ip address of DC listed for DNS and no others such as router or public DNS. Also confirm the required ports are flowing between networks.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Hi @Anonymous
Both the dc1 and srv1 are not multihomed and both have the static ip address of the dc1 as DNS.
Here are the "ipconfig /all" outputs from dc1 and srv1
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc1
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com
Ethernet adapter Lan 1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter #3
Physical Address. . . . . . . . . : 05-52-26-9F-16-C5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 127.51.56.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 127.51.56.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Windows IP Configuration
Host Name . . . . . . . . . . . . : srv1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Lan 1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-9E-7A-2C
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 127.51.48.121(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 127.51.48.1
DNS Servers . . . . . . . . . . . : 127.51.56.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Regarding the required ports, as I said, the connection test fails with ports 135 and 445 if I try from dc1 to srv1 or from srv1 to dc1. If I try from another machine, for example my local machine, I can reach both servers on those ports.
DC1 should also have own static ip address (127.51.56.2) listed for DNS The event logs may also provide some clues. A guess is some sort of blocking between networks or possibly the domain controller is not operational.
--please don't forget to upvote and Accept as answer if the reply is helpful--
I've changed the DNS entry of dc1 to 127.51.56.2 (even if it was set to 127.0.0.1) and nothing changed.
Is like there is something blocking traffic but just between the two servers... In both of them the windows firewall and defender are disabled.
I really can't figure out what can be, they are just two stand alone servers hosted in cloud without particular network configurations...
What do you mean with "domain controller is not operational"? Something I could check?
Is like there is something blocking traffic but just between the two servers...
I would 100% agree. You could close this thread by marking answer and open a new thread here about routing the required ports between the networks.
https://learn.microsoft.com/en-us/answers/tags/143/azure-virtual-network
What do you mean with "domain controller is not operational"? Something I could check?
You could check the system and dfs replication event logs for errors since last boot, also check dcdiag, and repadmin output for errors.
Another option may be to create the VMs for testing on a hypervisor on your local network so as not to worry about the routing / firewall issues.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Unfortunately the VMs are not on Azure.
I've checked dcdiag and readmin outputs for errors but nothing..
Of course using a local hypervisor would solve all my problems but unfortunately it's a requirement for me to use these two Vms
Unfortunately the VMs are not on Azure.
I've checked dcdiag and readmin outputs looking for errors but nothing...
Of course using a local hypervisor would solve all my problems but it's a requirement for me to use these two VMs.