Share via

RRAS client not able to join the domain

Anonymous
2024-05-06T16:19:26+00:00

I have RRAS configured on a Windows 2022 server with a static IP pool, and a Windows 10 Pro 22H2 client connecting via VPN. I am able to successfully connect to the VPN, but I am not able to join the domain. I keep receiving the error "An Active Directory Domain Controller (AD DC) for the domain xyz.com could not be contacted. I am wondering if there is a static route or anything I need to configure on the RRAS server or the client to get this to work. Please share your ideas. Thanks

Windows for business | Windows Server | Networking | Network connectivity and file sharing

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments
Accepted answer
  1. Anonymous
    2024-05-09T01:45:53+00:00

    Hi Friends,

    Thank you for providing detailed information about your current configuration and the issues you're facing with DNS resolution over your PPP adapter and RRAS settings. Let’s address each of your points to help resolve the issue:

    1. DNS and PPP Adapter Configuration:

    • The subnet mask set to 255.255.255.255 on your PPP adapter indicates a point-to-point connection, which is common in PPP setups. However, if this configuration is causing issues with network services, adjusting it might be necessary. You should ensure that your RRAS is configured to assign the correct subnet mask according to your network design. This might require modifying the DHCP settings in RRAS to ensure the correct subnet mask is assigned.

    2. RRAS DNS Forwarding:

    • You've got the general setup correct with IPv4 forwarding and broadcast name resolution enabled. If you're looking for DNS forwarding specifically, this setting isn't directly labeled as "DNS Forwarding" in RRAS. However, you can ensure that DNS queries are correctly forwarded by configuring your RRAS server to use a specific DNS server under the DHCP relay agent settings, if your network design requires this.

    3. Static Routes Configuration:

    • The need for static routes depends on your specific network topology. For instance, if your RRAS server is meant to connect isolated subnets or route traffic between different network segments, you might need to configure static routes. Typically, you’d configure a static route to ensure that all traffic destined for a particular subnet is routed through a specific gateway.

    4. Firewall and Security Settings:

    • It sounds like your firewall settings are appropriately configured. Since the client firewall is disabled and necessary ports are open, we can rule out firewall issues at this stage.

    5. VPN Settings:

    • For VPN settings related to the gateway, ensure that the VPN client is configured to use the default gateway on the remote network. This setting is often found in the properties of the VPN connection under the networking or IPv4 settings.

    6. Issue with nslookup:

    • If nslookup is not resolving, it indicates a DNS resolution issue on the client connected via VPN. Ensure that the DNS server assigned to the VPN clients is reachable and capable of resolving names correctly. You might want to explicitly set a DNS server on the PPP adapter’s settings.

    7. Credential Issues:

    • Using Domain Admin permissions should provide sufficient rights, assuming there are no policy restrictions in place affecting network services.

    If you continue experiencing issues, I recommend checking the event logs on your RRAS server and the client machine for any specific errors related to DNS or network connectivity and ensuring that your domain controller is correctly handling DNS requests.

    Feel free to provide more specifics or any error messages you see in the logs, and we can dig deeper into this issue.

    Best regards,

    Rosy

    0 comments
Accepted answer
  1. Anonymous
    2024-05-06T23:45:00+00:00

    Hello chabango,

    Hope you have a lovely day!

    To troubleshoot the issue where your RRAS client is not able to join the domain, you can check and consider the following steps:

    1. DNS Configuration:

    Ensure that the DNS settings on the client machine are configured to use the DNS server of the domain you are trying to join. This is crucial for the client to find the AD DC. You might need to manually set the DNS server on the client’s VPN connection settings to the IP address of the domain’s DNS server.

    2. RRAS DNS Forwarding:

    On the RRAS server, check if you have configured DNS forwarding. This allows DNS queries from the client to be forwarded correctly to the internal DNS servers that can resolve domain names in your Active Directory.

    3. Static Routes:

    If the client is connected but can't see the AD DC, it might be a routing issue where the network packets aren't being routed correctly between the client and the server. Check if you need to set up static routes in RRAS to ensure proper routing of traffic from the VPN clients to the network where the AD DC resides.

    4. Firewall and Security Settings:

    Verify that there are no firewalls blocking the essential ports required for domain joining operations. Typical ports include 53 (DNS), 88 (Kerberos), 389 (LDAP), 445 (SMB), among others. Ensure these ports are open in both the client’s firewall and any network firewalls.

    5. Client VPN Settings:

    Sometimes, the VPN client configuration might not be set up to allow LAN access. Ensure that the VPN connection on the client machine allows for gateway and network access.

    6. Credential Issues:

    Verify that the credentials being used to join the domain are correct and have the necessary permissions to add computers to the domain.

    7. Test with nslookup:

    On the client machine, try using nslookup to resolve the domain name and see if it correctly resolves to the AD DC’s IP address. This can help confirm if DNS settings are correct.

    8. Check Event Viewer:

    Look at the Event Viewer on both the client and the RRAS server for any warnings or errors that might give more insight into what is failing.

    By systematically checking these aspects, you should be able to identify why the RRAS client is unable to join the domain and take appropriate action to resolve it. If you continue to experience issues, providing more detailed configuration details might help in diagnosing the problem further.

    Best regards

    Rosy

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-05-07T14:15:13+00:00

    Hi Rosy,

    DNS - The PPP adapter is configured for the IP of the Domain Controller. The IP is the correct IP give out by the RRAS static address pool, however, the subnet mask is 255.255.255.255 instead of 255.255.240.0.

    RRAS DNS Forwarding - Which setting are you referring to here?? The LAN and demand-dial routing radio button is configured on the General tab of the RRAS server, and on the IP tab, the Enable IPv4 Forwarding check box is checked and the Enable broadcast name resolution is checked. Is there another setting you are referring to?

    Static Routes - I have not configured any static routes on the RRAS server, can you give guidance on what route I should configure?

    Firewall and Security Settings - those ports are open in the firewall and the client firewall is disabled.

    Client VPN Settings - What configuration are you referring to regarding the gateway and network access?

    Credential Issues - I am using the Domain Admin permissions

    ISSUE - Test with nslookup - doing an nslookup does not resolve which I know is a probelm but not sure how to fix it:

    Check Event Viewer - I am not seeing anything in Event Logs that is revealing

    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more