Join Active Directory on a DC VM in azure - azure

I'd like to set up a small lab in Azure.
Two vm's, one is the domain controller and the other is the Windows 10 client.
Both are in the same subnet IP 10.0.0.1 /24.
My problem is , my client can't join the ad on my dc. And the client get always "AD with name ifa.local can't contacted".
I've some picture from the window, ip config and dns suffix I added.
Has anyone an idea why it's not working and could help me.
Thank you guys

You have to make sure Windows 10 VM can reach the DC. Just because there in the same subnet doesn't mean that, you need to update the DNS server on the 'Azure Network interface' for the Windows 10 machine or on the VNet to point to the DC IP.
That will allow you to join the domain.
Example
Hope this helps.

Related

Chicken or the egg?

I am not quite sure how to approach this and appreciate everyone's input.
I need to make a vnet and provision a windows server. No big deal so far. But after the windows server is provisioned, I will be elevating it to a domain controller.
I then need to go back to the vnet and set DNS to the IP of the windows server that I provisioned after the vnet.
How do I set the DNS server for the vnet if the server isn't setup yet? I can't setup the server w/out the vnet up first.
How do you approach this?
thank you much
If anyone runs into this in the future, the answer is assign a static IP to the server so you can assign that same IP to the DNS in the vnet. doh!

Two VMs connected through VNet-to-VNet not pinging each other

Again, I tried to create a VNet-to-VNet connection.
Briefly, I created
Gateway Subnet at East US Region
Gateway Subnet at West US Region
Virtual Network Gateway for East US Region and
Virtual Network Gateway for West US Region
Using Connection type VNet-to-VNet, I connected both Virtual Network Gateway from both sides.
I created connection between both Virtual Network Gateway.
The status of both connections says, Connected.
Windows Server Domain Controller is set up at East US and Windows 10 is installed at West US.
Windows 10 is unable to ping and join the Windows Server Domain Controller.
While joining the Domain Controller, the error message is
The issue is
I am able to connect both VMs which is at two different VNets using RDP with Public IP.
Both VMs’ virtual network gateways are also connected to each other through Connections.
I am able to connect one VM from another using RDP with Private IP.
But I am not able to join Windows 10 VM to Windows Server 2016 Domain Controller.
I request please go through the link https://1drv.ms/u/s!Ail_S1qZOKPmlgBU5fLviInoisrx?e=ImrqpL and help me to fix the issue related to VNet-to-Vnet Connection so that Windows 10 VM from one VNet can join the Windows Server 2016 Domain Controller VM which is at another VNet.
I hope you'll consider it positively.
Regards
TekQ
You might have to create routes, you are not using recommended private address space so routes are not created for you.
Azure automatically creates default routes
for the following address prefixes: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16: Reserved for private use in RFC 1918.
100.64.0.0/10: Reserved in RFC 6598.
Check the effective routes to seen next hop for traffic in the peering address space.
https://learn.microsoft.com/en-us/azure/virtual-network/diagnose-network-routing-problem
Additional Information on VNet Routing
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
Instead of rely on Vnet Gateway and VPN S2S, you could as well using Vnet Peering between region.
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
I agree with the other answers. Global VNet Peering would remove the necessity of using a VPN GW, which greatly simplifies the environment and removes the monthly cost of hosting a pair of GWs. Assuming you need those GWs for other connections to VPN devices on-premises, then you can still use this design.
As Hannel pointed out, you're using public ranges for your private networks. That is also okay, but routing would be affected for VMs in those subnets if they attempted to go to actual public IPs in those ranges. Note that Hewlett Packard owns large parts of those ranges, so if your VM needed to get info from an HP website, you would have to create manual UDRs to route that traffic to Next Hop Internet.
So, please do check your Effective Routes on your NICs. You can check this from the NIC and also from Network Watcher. This should help you identify if another route is taking precedence or even if you have a route sending traffic to a virtual appliance.
Do make sure that you chose VNet-to-VNet when you set up your connection. If you chose IPSec, then you would need to have correctly configured your local network gateways.

Unable to join to domain hosted on Azure VM

So I've created a VM Win Server 2016 on Azure. I've created a VPN connection between Azure VM (Which is AD DC) and a test windows machine. I can ping AD IP (but not domain, only IP), RDP into machine etc.. however when I try to join domain it's not recognized. So it's probably DNS issue on Azure but I've been unable to resolve it? What to do? How to proceed? The idea is to be able to connect remote machines via Point to Site VPN to AD DC on Azure.
Thanks
You need to have your DC listed as a DNS server if you are doing AD integrated DNS Or have a public record so that the Azure DNS servers can advertise it. Make sure you have done the step - Reset the DNS server for the Azure virtual network. You can also refer to http://msdn.microsoft.com/en-us/library/azure/jj156090.aspx for guidance and http://azure.microsoft.com/en-us/documentation/articles/virtual-networks-install-replica-active-directory-domain-controller/ for steps.
I've created a VPN connection between Azure VM (Which is AD DC) and a
test windows machine.
Could you please tell me which kind VPN do you deployed?
If you select S2S VPN, we can change the test windows machine's DNS to Azure VM's private IP address, then try to ping the domain name, if we can ping it, we can join this test vm to the AD DC.
If your VPN is P2S, we should change the test windows machine's DNS to the Azure VM P2S virtual IP address(get from p2s), then try to ping the domain name, and join to it.

Configuring second DC on Microsoft Azure

I try to configure a platform for our developers on Microsoft Azure.
I have to configure a new domain with a one way trust relationship with my main domain.
I created a Virtual Network with a VPN Tunnel, and successfully created my first DC and the new forest : rd.consoso.com (with my main domain beinf contoso.com)
When I try to add my second DC, I run into the famous DCPROMO Creating the NTDS Settings object error.
I tried the steps described here : https://support.microsoft.com/en-us/kb/2737935?wa=wsignin1.0 but couldn't solve the problem.
The local admin of the second DC is different from my Domain Admin.
I also tried to open the firewall as described here : https://technet.microsoft.com/en-us/library/hh472161.aspx?f=255&MSPPError=-2147217396#BKMK_KnownIssues
I tried to rename the second DC and change its IP
My VNet is configured with only the first DC as DNS server.
Both servers are WS2012R2 Datacenter
I can ping the servers from one another.
Any idea on this ?
Thanks.
Ok someone gave me a solution on another forum :
Deactivate IPV6 from both machines on network connection
Deactivate 6to4 adapter if active :netsh interface 6to4 set state disabled
And that's it !

Windows Azure VM cannot access microsoft.com

I have 2 VM's on Windows Azure, connected with a virtual network, including the "DNS" component linked to the virtual network.
The first machine is an AD controller (with DNS), and the DNS from the virtual network (in Azure) is pointed to this machine (10.0.0.4).
The 2 vm's can talk to each other, and the second VM is also domain joined with the AD controller on the first machine.
The problem is, on both VM's, I cannot access/browse to anything related to microsoft.com (like visualstudio.com, etc). All other sites (even bing.com) work without any problem.
What could be the reason. Do I need to change some DNS settings on my first VM so that microsoft.com is "excluded" or something. As I suppose that this is "internal" microsoft traffic?
Thanks!
Solved! You need to add the Google DNS to the list of DNS servers in the management portal, and link it to your Virtual Network.
To do so, add one or both of Google's DNS IP addresses (8.8.8.8 or 8.8.4.4) to the list of DNS servers associated with an Azure virtual network. In the Azure management portal, go to 'Virtual Networks > [Your virtual network] > DNS Servers', then add the addresses to the list and click Save.

Resources