question

TaiebY-1038 avatar image
0 Votes"
TaiebY-1038 asked 58390441 commented

Can't join Azure DC VM

Hi, I have my on-premise computer which is connected to an Azure Virtual Network with a VPN Gateway.

I can ping with the private IP an Azure VM which is a Domain Controller, and even access to its file share.

But I can't join my W10 to the domain.(DNS Name doesn't exist).

The DNS IP of my W10 : 8.8.8.8 10.0.1.5 (Azure VM DC) Regards.

azure-virtual-machinesazure-virtual-networkazure-ad-domain-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered

Hi @TaiebY-1038 ,

which DNS Server is configured in the DC VM? It should be itself. In the DNS Server console of the DC VM you can see the records of the domain?

If the ping on IP is working it's half way done. But you need a proper DNS name resolution or it won't work.

Here the setup in my environment is:

  • DNS Server installed on DC VM

  • Forwarder to 8.8.8.8 in the DNS Server of DC VM

  • On the Virtual Network the DNS server is Custom -> IP of DC VM (if you change the setting all VMs in Azure needs to be restarted to get this setting affected)

Make sure the DNS Server on DC VM is configured as the primary DNS Server in the computer network settings. For Azure VMs it's done automatically depending on the DNS settings of the related vNet. But on all "other computers" you have to verify the primary DNS is point to the IP of the DC VM.

From there all computers using the DC VM as a DNS server are able to resolve the computer names and the domain name.


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
1 Vote"
AndreasBaumgarten answered

Hi @TaiebY-1038 ,

you could try this:

  • Add a DNS forwarder to 8.8.8.8 in the DNS server on your Azure VM DC.

  • Change the order of the DNS servers in your Win10 client: Primary DNS = Azure VM DC, secondary DNS server 8.8.8.8)

  • When done, try to ping the domain name of your AD from your Win10 client. For instance ping mydomain.local

If it's working the domain name will be resolved with the IP of the AD VM DC.
As long as the domain name can't be resolved on your W10 client it's not possible to join the AD domain.


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TaiebY-1038 avatar image
0 Votes"
TaiebY-1038 answered TaiebY-1038 edited

Hi @AndreasBaumgarten ,

Everything is done but I can't ping the domain name. But I can ping the DC private IP (10.0.1.5)

The W10 Network configuration :

81113-01.png


An Google NSLOOKUP : (the DC is responding)


81067-02.png


A DC NSLookup :

81123-03.png


But a ping :

81124-04.png




My on premise routeur is in NAT


01.png (12.1 KiB)
02.png (6.7 KiB)
03.png (5.8 KiB)
04.png (4.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TaiebY-1038 avatar image
0 Votes"
TaiebY-1038 answered

Hi @AndreasBaumgarten

I don't understand, it doesn't work but eveything seems ok. Maybe my routeur (very cheap).

I think I'll try with an on-premise DC.

Thank you for your answer. It's supposed to work everywhere.

Regards.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

58390441 avatar image
0 Votes"
58390441 answered 58390441 commented

Hi @AndreasBaumgarten ,

I found the problem. In fact, even if the DNS server on the Win 10 was the private IP of the DC, I had to modify the DNS server in the Virtual Network (where the VPN GW is).

Everything works fine now.

Regards.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the feedback.

so basically this step I described in my answer was missing?


On the Virtual Network the DNS server is Custom -> IP of DC VM (if you change the setting all VMs in Azure needs to be restarted to get this setting affected)


Kind regards
Andreas Baumgarten

0 Votes 0 ·

@AndreasBaumgarten

I thought it was only for Azure VMs which were supposed to be in the domain, not for my on-premise workstations, that's why I didn't do it. It was my fault.

Regards.

0 Votes 0 ·