Background:
We recently set up Azure Active Directory Domain Services for several Azure Virtual Machines. The domain name we used is mycompany.com and the virtual machines are machine01 and machine02. We also have several websites using the same domain such as www.mycompany.com or faq.mycompany.com.
The issue:
There are several scheduled tasks running on these virtual machines which screen scrape the websites with the same domain name. The scheduled tasks running locally are unable to resolve dns for something like www.mycompany.com or faq.mycompany.com.
C:\windows\system32>ping www.mycompany.com
Ping request could not find host www.mycompany.com. Please check the name and try again.
The dns names resolve just fine outside of the virtual machines. Dns names such as machine01.mycompany.com or machine02.mycompany.com also resolve correctly on the virtual machine:
C:\windows\system32>ping machine01.mycompany.com
Pinging machine01.mycompany.com [10.0.3.9] with 32 bytes of data:
Reply from 10.0.3.9: bytes=32 time<1ms TTL=128
I am thinking Active Directory is seeing the mycompany.com and only resolves it internally and does not try to resolve a name such as faq.mycompany.com beyond the domain server. I believe I could normally add a forwarder to Active Directory DNS to solve this issue. But how do I get dns to forward with Azure Active Directory Domain Services?
**** EDIT 2019-02-07 ****
I did find how to administer the Azure AD Domain Services domain for a domain connected virtual machine. This article shows how to add the DNS manager: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-administer-dns
But we should have configured the Azure Active Directory Domain Services domain as something like corp.mycompany.com instead of just mycompany.com.
So the solutions we have are:
Add an alias into dns
Edit the local hosts file
Delegate a sub-domain
Adding an alias into DNS worked for us and is the solution we are going to go with.
While I have no direct answer to your question, you can work around by populating hosts files on the nodes to "skip" dns resolution
Related
I am joining Linux and Windows instances to an AD domain (). The machines are joining fine to the domain and I can use ssh/RDP using the AD credentials to login to the machines post domain join.
I can also get all the computer objects (host names) by running Get-ADComputer -Filter * on a windows server and providing the domain credentials. The issue is that, the host names for Linux based computers are not resolving to an IP address. Whereas all Windows hosts are resolving fine.
nslookup <windows-host> is returning host's FQDN and the IP address.
nslookup <linux-host> is returning Non-existent domain.
P.S: All these resources (windows and Linux hosts) are in the same network, using same DHCP/DNS server and can communicate to each other with no issues. Also I can resolve and connect to the AD domain from all these hosts
Any idea why this could be happening and how to resolve this ?
My use case is to get the IPs of all the computer objects in my AD domain.
Normally when using DHCP Windows will attempt to register its own A and possibly PTR records in the configured DNS, not sure about Linux. You may configure your DHCP server to update DNS for the clients (instead of leaving it to the clients themselves), i.e.:
To configure a DHCP server to register and to update client information with its configured DNS servers, follow these steps:
Open the DHCP properties for the server
Click DNS, click Properties, click to select the Enable DNS dynamic updates according to the settings below check box, and then click Always dynamically update DNS A and PTR records.
Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003
So I'm using Azure domain services with a DNS name of "hde.mydomain.com" (that's not the actual domain). This was successfully created. I can ping the DNS servers that were created as part of this domain but I cannot PING the domain itself using "hde.mydomain.com". I have not added "mydomain.com" as a custom domain in Azure Active directory because this custom domain is already being used as a custom domain in office 365 (it complains that I need to remove it before adding it to the Azure active directory custom domain names).
So the question is this...when using a non "on-microsoft" DNS name when configuring domain services, like I chose to do, does that require the root part of that DNS name be added as a custom domain name in Azure Active directory or should I be able to use whatever DNS name I want without a custom domain and have it be pingable from servers that I would like to domain join from?
You can try pinging the Virtual IP address and see if it reaches. Sometimes it's just finicky about the name.
Also, check your NSG, firewall, and file sharing settings to ensure nothing is blocking this.
See this question to see if the insights here are helpful: https://social.msdn.microsoft.com/Forums/en-US/2ba26393-936d-47f6-90e7-7601c268060f/vm-unable-to-ping-azure-ad-domain-services-this-morning-working-fine-last-night?forum=WAVirtualMachinesforWindows
I feel like I may be trying to sprint before I can even walk here, but I'm getting there! I've got a VM on Azure that I want to be able to access a local fileserver from. We have the following setup:
$COMPANY.net is the local domain, $COMPANY.com is the Azure domain. They are connected using Azure AD Connect, and the VM on Azure is using AADDS; we have a site to site vpn setup between Azure and our local network. I can put in the IP address of the local fileserver and reach it from the Azure VM, but I can't resolve the name if I try that. I believe it is a DNS problem, I need the Azure VM to use my local DNS server to resolve the host name rather than the AADDS addresses. Do I need to set up a DNS server on Azure that will point the requests to my local DNS, or is there another way?
Thank you!
You can specify DNS server for your Azure VM to use. The doc is quite large: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md
Your name resolution needs might go beyond the features provided by Azure. For example, you might need to use Microsoft Windows Server Active Directory domains, resolve DNS names between virtual networks. To cover these scenarios, Azure provides the ability for you to use your own DNS servers.
On Azure (through portal)
Created Virtual Machine with a Static IP, data disk, and opened ports
Then remote desktop - Install IIS and FTP, ports opened in firewall
(can successfully connect via ftp client)
Created a Public Load Balancer with a Static IP with Probes and Rules
(can connect with ftp client through load balancer ip address fine)
(if I enter ip address of load balancer in browser I can view the default iis website fine) (at moment there is only one vm in virtual machine set)
Added a couple of websites in IIS, one a .net app, and the other with just some hello world .html files to test connectivity via domain name. I set bindings to host name for websites with and without www. and IP address set to all (*). restarted websites.
Created a couple of Azure DNZ Zones with A Records pointing to the Load Balancer IP address. Changed name servers on domain register to point to the azure dns servers.
However, this is where it stops. A browser cannot get to either website and I get a '500' error. dns propogation check tools verify that the nameservers are reaching azure for domain names.
There must be something really basic I am missing (???) It is as if DNS resolution is stopping at the virtual machines. Any suggestions.
If you are Configuring multiple websites in a IIS of VM and also you want to map them for different domain name, then you need to Configure Host Header for all websites in IIS (Please find below links for this) and also need to update same A Record for all your websites at you Domain provider setting.
This will work if you have separate Domain Names registered else it will not work.
Without domain name you can deploy websites on different ports in IIS and then configure custom domain in Azure Load Balancer NAT rules.
Links for Host Header config in IIS
https://technet.microsoft.com/en-us/library/cc753195(v=ws.10).aspx
http://support.simpledns.com/kb/a82/virtual-hosting-with-iis-internet-information-services.aspx
This was my fault in some missing hyphens in the zone record. The other .net website was throwing 500 errors sometimes instead of error-name-not_resolved from incomplete nameserver propogation and incomplete .net configuration for the website on VM
The host headers were set correctly including www.xxx.com and .xxx.com variants for both port 80 and port 443, and I did have the 'A' records with both # and www variants in the zone set to the IP of the load balancer correctly.
For anyone else with these issues, when checking for localhost connectivity test on your virtual machine (assuming you are hosting multiple sites), remember to add a virtual directory in IIS manager pointing to the file location along with an alias.
While a learning curve, the whole infrastructure of Azure is quite amazing! Impressed.
I have an Azure virtual machine with multiple web sites on it that I would like to expose to the Internet. The VM has Active Directory and DNS installed on it. I created the forward zone (xxx.cloudapp.net) on my server, and added the two web site names to the zone. On the Networks in the Management Portal, I added a DNS server(xxx.cloudapp.net) and gave it the public IP for my server.
So when I try a nslookup from outside of the VM, the names will not resolve. I set the server in nslookup to either the public IP or the name, and it does not resolve. I have logging turned on in the DNS server, but it does not seem to show any requests from my computer.
I must be doing something wrong. Any suggestions? This server is for a demo next week, and worst case, I can buy a couple of domain names.
Try the instance level public-ip address, you will get an ip address per virtual server: https://azure.microsoft.com/documentation/articles/virtual-networks-instance-level-public-ip/