question

andrew-kennedy-connection-flooring avatar image
0 Votes"
andrew-kennedy-connection-flooring asked andrew-kennedy-connection-flooring commented

Can't connect workstation to domain.

Hello,

I'm currently trying to set up a ADDS network for the company i work for (I've not done anything like this previously). I've followed the documentation and guides to set this up, However, when i go to try to add a test-workstation to the domain the same way i was told to join the VM server to the domain (see below).

File explorer -> Right-click This PC -> Properties -> Change settings (Under computer name section) -> Change (Computer name tab) -> Finally, Member of - Domain.

When i try to do this, it gives me a mix of two errors.

DNS Name does not exist (error code 0x0000232b) & Timeout (error code 0x000005B4 ERROR_TIMEOUT)

I've tried to ping the domain name = Timeout (Same as the IP it's connected to), I've tried to use tracert also times out. I can connect to the VM perfectly fine without any problems, from any computer. but when i'm trying to join another one to the domain it doesn't seem to want to work.

On Azure i've tried to test the connection, but it keeps telling me that the Default_DenyAllInbound rule stops it from connecting, I've added rules on there to see if i can add the IP range on which the computer is on to join but to no avail.

I also know that there is another way of adding a computer to the domain, (Manage accounts -> Access work or school -> Connect) but when i've done that option and after leaving it to sync the computer over it doesn't show up anywhere in GPMC or Administrative centre on the VM server.


azure-active-directoryazure-ad-domain-services
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

After doing some tests I've noticed a few things.

1 - When I've got the DNS Servers (From the azure portal) in as the preferred DNS servers when in the NIC management, nothing loads website wise as well as everything seems to Timeout in power-shell & when trying to connect to the domain.

While having the DNS servers manually inputted, i tried the test-netconnection command via power-shell and got the following output:

Computername : Domain name (This outputs the correct domain name)
RemoteAddress : Blank
InterfaceAlias : Blank
SourceAddress : Blank
PingSucceeded : False

When triyng to ping the domain name the following outputs:

Ping request could not find host "Domain name". Please Check the name and try again.

0 Votes 0 ·

2 - When i've got the DNS servers to be automatically found on the workstation, it comes up with the error of DNS Name Does not exist Even though the Domain name we're using does exist and has propagated to the IP supplied on the azure portal.

While having the DNS servers automatically inputted, i tried the test-netconnection command via power-shell and got the following output:

Computername : Domain name (This outputs the correct domain name)
Remote Address : xx.xxx.xx.xxx (Correct IP outputs)
InterfaceAlias : Ethernet
SourceAddress : xxx.xxx.x.xxx (Correct IP Outputs)
PingSucceeded : False
PingReplyDetails (RTT) : 0 ms

When trying to ping the Domain name and/or IP without manually adding the DNS servers it has the following output:

Pinging "Domain name" [xx.xxx.xx.xxx] with 32 bytes of data:
Request timed out.

Ping statistics for xx.xxx.xx.xxx:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss)

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered andrew-kennedy-connection-flooring commented

I'd check the domain controller and problem member both have the static ip address of DC listed for DNS and no others such as router or public DNS


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,

Thank you for your reply. I was just typing a comment as you replied, to the issue at hand. When i add the DNS server IP's into the Preferred DNS on the Workstation i'm having a issue with nothing works. Webpages, Timeout. Powershell commands, also time out. I'll post the comment soon and it might be able to help to solve the problem.

Many Thanks,
Niall

0 Votes 0 ·
AndrewWealleans-7137 avatar image
0 Votes"
AndrewWealleans-7137 answered andrew-kennedy-connection-flooring commented

Is this workstation in Azure?

If so has the Domains DNS servers been specified in the DNS Servers list on the Vnet the workstation is connected to?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The workstation isn't a VM if that is what you mean.

And the Domains DNS servers have been specified in the Servers list on the VNet (192.168.x.x & 192.168.x.x). I tried testing 8.8.8.8 & 8.8.4.4 but then i can't connect to the VM that hosts the server and i still get the same errors.

Many Thanks,
Niall

0 Votes 0 ·
PhilRice-3758 avatar image
0 Votes"
PhilRice-3758 answered andrew-kennedy-connection-flooring edited

To join a AD domain you will have to have the DNS server setting so that it uses a DNS server that contains the zone file (or a copy of the zonefile) for the AD domain. You seem to have tried that but there is no connectivity between the WS and DNS server, which suggests it is a networking issue.

We dont really have a full picture of the setup from a networking perspective though which could contain the answer and I suspect it is something to do with that such as trying to connect from outside of azure to a non routable domain/ip or the vnet or azure Vm rules not allowing the correct ports through.

If you could specify where each machine is located (Azure, on premises etc) and what the IP config is for each (IP, netmask and gateway), VNET /subnet info etc

Also confirm if this is an Azure Active Directory Domain Services you are trying to join or if it is an Active Directory domain (setup on a VM in Azure or on premises)

Also, more details about the DNS server and the domain name used - you can disguise this of course but for example if you are using mysite.local or mysite.com.

Finally , if you can also all your NSG rules so we can see them.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello Philrice,

Thank you for your reply. Each machine we're going to be connecting to the domain will be on-site, but also on multiple other sites. However, at the moment i'm only trying to connect a test computer as this is going to be our "Guinea Pig" for testing purposes.

I'm trying to connect that computer to AADDS. I've set-up a VM with the Windows server on it for setting up GPO's and such. Our Domain is mysite.co.uk.

I know this isn't much information, but i'm new to this field of work, and i'm unsure on what commands you'd want me to use to provide the information that will help, If possible could you let me know which ones and i'll get back to you with it.

For the NSG's I'll reply to this comment with them as there's not enough characters left within the limit to have it.

0 Votes 0 ·

The NSG rules are as below;

Priority - Name - Port - Protocol - Source - Destination - Action

101 - AllowSyncWithAzureAD - 443 - TCP - AzureActiveDirectoryDomainServices - Any - Allow
201 - AllowRD - 3389 - TCP - CorpNetSaw - Any - Allow
300 - Port_3389 (Test) - 3389 - TCP - Any - Any - Allow (I Created this for a test)
301 - AllowPSRemoting - 5986 - TCP - AzureActiveDirectoryDomainServices - Any - Allow
401 - DNSTCPALLOW - 53 - TCP - Any - Any - Allow (I Created this for a test)
411 - Test - 7 - Any - xx.xxx.xx.xxx - Any - Allow
65000 - AllowVnetInBound - any - Any - VirtualNetwork - Virtual Network - Allow
65001 - AllowAzureLoadBalancerInBound - Any - Any - AzureLoadBalancer - Any - Allow
65500 - DenyAllInBound - Any - Any - Any - Any - Deny

Outbound

65000 - AllowVnetOutBound - Any - Any - VirtualNetwork - VirtualNetwork - Allow
65001 - AllowInternetOutBount - Any - Any - Any - Internet - Allow
65500 - DenyAlloutBound - Any - Any - Any - Any - Deny

0 Votes 0 ·
CaesarKwabenaOware-2990 avatar image
0 Votes"
CaesarKwabenaOware-2990 answered andrew-kennedy-connection-flooring commented

Hello Prince,

Please check the DNS server addresses of the workstation and key in the server’s IP address of the ADDS server and after that check your workstation IP address and the network gateway. when all is done ping the network gateway to see if it will reply if it does then you join the domain but it does not you let your network guys check the flow. Thank you

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,

Thank you for your reply, I've actually tried your suggestion previously to no avail. Currently, we have no team for checking anything like this.

Many Thanks

0 Votes 0 ·