This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Microsoft is unable to reach the domain controllers for this managed domain. This may happen if a network security group (NSG) configured on your virtual network blocks access to the managed domain. Another possible reason is if there is a user defined route that blocks incoming traffic from the internet.
Note: NSG is configured as suggest
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/alert-nsg#aadds104-network-error
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
@samrat ,
This error could come for 4 reasons mainly. It could be subnet nsg associated in incorrect, VNET from a subscription in different tenant is used to connect to AAD DS instance , problematic DNS pointing on the VNET or some issue from the backend. To start with, can you check if the subnet you have configured for the managed domain in the portal is associated with the proper NSG ? You would have a Virtual Network which was created to connect with the Azure AD domain services network . Its for enabling management VMs within that VNET . the VNet would have subnets defined and you may see the subnet to be associated with a particular NSG . Can you provide a screenshot of the Azure AD domain services subnet and the network associated with it . Please let us know more and we will continue to help you on this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 60%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
We had this issue due to "deny" rule in the NSG which we explicitly created and got to know deny rule will override the default NSG settings.
Though it was replication error between peering DCs, you may have a check if not already.