Configuring second DC on Microsoft Azure - azure

I try to configure a platform for our developers on Microsoft Azure.
I have to configure a new domain with a one way trust relationship with my main domain.
I created a Virtual Network with a VPN Tunnel, and successfully created my first DC and the new forest : rd.consoso.com (with my main domain beinf contoso.com)
When I try to add my second DC, I run into the famous DCPROMO Creating the NTDS Settings object error.
I tried the steps described here : https://support.microsoft.com/en-us/kb/2737935?wa=wsignin1.0 but couldn't solve the problem.
The local admin of the second DC is different from my Domain Admin.
I also tried to open the firewall as described here : https://technet.microsoft.com/en-us/library/hh472161.aspx?f=255&MSPPError=-2147217396#BKMK_KnownIssues
I tried to rename the second DC and change its IP
My VNet is configured with only the first DC as DNS server.
Both servers are WS2012R2 Datacenter
I can ping the servers from one another.
Any idea on this ?
Thanks.

Ok someone gave me a solution on another forum :
Deactivate IPV6 from both machines on network connection
Deactivate 6to4 adapter if active :netsh interface 6to4 set state disabled
And that's it !

Related

Join Active Directory on a DC VM in azure

I'd like to set up a small lab in Azure.
Two vm's, one is the domain controller and the other is the Windows 10 client.
Both are in the same subnet IP 10.0.0.1 /24.
My problem is , my client can't join the ad on my dc. And the client get always "AD with name ifa.local can't contacted".
I've some picture from the window, ip config and dns suffix I added.
Has anyone an idea why it's not working and could help me.
Thank you guys
You have to make sure Windows 10 VM can reach the DC. Just because there in the same subnet doesn't mean that, you need to update the DNS server on the 'Azure Network interface' for the Windows 10 machine or on the VNet to point to the DC IP.
That will allow you to join the domain.
Example
Hope this helps.

Active directory with external DNS

As a training purpose for school I would like to install an Active Directory with an external DNS.
Serveur A : WS2k16 - Role: DNS
Serveur B : WS2k16 - Role: ADS
Is it possible to do it this way?
Thanks in advance for your help
Hosting DNS somewhere other than a domain controller (DC) is a valid configuration - one that is not uncommon in large enterprise environments. I often use ISC BIND to provide DNS for our Active Directory environment, and I've occasionally used stand-alone Windows DNS servers to host the DNS service. You lose some of the "magic" that Microsoft has added to their AD/DNS integration (e.g. AD-integrated DNS has hostnames replicated to all domain controllers for redundancy), but both DNS and AD function properly.
Provided the DC can made dynamic updates in the appropriate zones (e.g. _msdcs.domain.ccTLD), all of the host records AD needs get set up for you when you're using an external DNS server.
Even if the zones are not set up to allow the DC to make dynamic updates, the DC has a file in %systemroot%\system32\config\netlogon.dns which contains the records that need to be manually created. Clients won't be able to use the domain until the DNS records are manually created, you've got the potential for something to change on the DC and require a manual update, and IIRC there are event log entries on the DC every reboot complaining about the failure to auto-register records. The configuration is not ideal, but it does work.
Using netlogon file solved the problem, many thanks.
I can now register new computers on the ADS.
Anyway the ne computer are not inserted in the DNS entries, any clue how to solve it?

Accessing Azure Virtual machine behind proxy / firewwall

I have created a Windows 2016 data center on Microsoft Azure cloud. I also downloaded its RDP file. However, when I am trying to access it from my Organization I get below error. (of course, organization uses proxy/firewall). When I access it from my home internet, I can access the VM successfully.
Currently the networking of the VM has below setting:
Please help to access the azure VM via proxy.
Edit:
Got few great answers. However, being a trainer, I need to keep creating and deleting the VMs on day to day basis, hence requesting network admin to add a particular VM IP to exception list won't help. Is there any other way possible?
Go with Jason's suggestion. Your network admin needs to configure the corresponding rules for the firewall or proxy. What you need to tell the network admin depends on your setup:
If you are dealing with one VM only, then you could either configure the public IP that is assigned to the VM as static and ask the network admin to allow rdp to that IP address, or, alternatively,
if you would like to save costs for the public IP and your organisation's proxy/firewall is capable of working with DNS names, then you could assign a DNS name to the public IP and let the network admin know the DNS name. The DNS name would be something similar to this: myazurevmname.azurelocation.cloudapp.azure.com
If you are planning to access several VM's in Azure, you can either repeat above steps for each of the VM's, however, may want to think about establishing a point-to-site VPN from your local computer which would remove the need for assigning public IP addresses to each of the VM's. The network setup in Azure will be more complex upfront, but it may be worth the effort. However, this will be a separate discussion.
You could set up teamviewer as a service(!) on your VM and then connect to it with teamviewer from your company pc. it'll be a bit laggy but you'll get used to it
Use this tutorial to set up teamviewer
It seems your organization network block it, you should contact your network admin to add it to firewall/proxy.

How do I connect to an AD domain controller in Azure?

I'm working through an Azure tutorial on MSDN as suggested by #BrentDaCodeMonkey. Basically, I'm trying to learn how to set up a Windows domain, so I can use it for a some other SQL Server tutorials. See my previous question here.
I'm running into a problem where I cannot connect my servers to my Active Directory Name Controller. When I try to add my domain name to the server in System Properties, I get an error message instead of the Windows Security popup dialog.
An Active Directory Name Controller (AD DC) for the domain "corp.ejm.com" could not be contacted. Ensure that the domain name is typed correctly. [...] The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Name Controller (AD NC) for domain "corp.ejm.com"; The error was: "This operation returned because the timeout period expired."
Note that I am able to verify the DC's IP address, with nslookup in the command prompt.
Complicating this issue is that the tutorial instructions don't exactly match what I'm seeing in Azure. For example, I'm not allowed to use Windows Server 2008 R2 SP1 when setting up SQL Server virtual machines. I had to use Windows Server 2012 for those, but still used 2008 for the DC. I thought that the problem might be a conflicting operating systems, so I tried running the tutorial again using Windows Server 2012 for everything. Same error message.
Also note: the tutorial says that I should use the example domain, corp.contoso.com. I used my own example domain instead, corp.ejm.com. I'm wondering if this has something to do with it. My example domain is not registered on the Internet.
Connect to the DC VM and find out its IPAddress (10.*).
Go to the virtual network configuration and set the DNS server IP Address to that.
Also make sure you use this IP Address during step #8 in install SQL VMs section.
Now try joining the SQL VMs to the domain.
Hope this helps.

Statically configured NIC's loose all settings when I turn Azure machines back on

I configured two AD controllers and a WINS server in Azure each with static IP's and then turned them off for the weekend. Now that I turn the machines back on, all of the NIC's are setup to obtain an IP automatically.
When I go back into the NIC and reconfigure it for a static IP, I get an error message that the IP address I entered for the network adapter is already assigned to another adopter which is no longer present in the computer. Then it asks me if I want to remove the static IP configuration for the absent adapter.
What is happening here? Is there something I am configuring incorrectly that forces my configured static NIC's to change? Do I want to answer yes and reconfigure the card yet again, or is there a better way to go about this.
Thanks.
I'm going to answer my own question just in case someone is doing a network search looking for an answer and winds up here.
The issue centers on, for me at least, the differences between what is required for setting up bare metal AD environments as opposed to AD environments in Azure. In bare metal we are used to configuring inside of the NIC. In Azure, you work in two places. You create your AD's with DNS and then you use the Azure powershell to configure the AD controller's static IP and then you go back to your virtual network and register the DNS servers that were created.
There are some things happening behind the scenes in Azure that make this work. So, just create your AD's with DNS. Get the IP that was assigned by DHCP and register it with the Azure powershell and then list the name of the AD and it's IP in the virtual network and you are done.
Hope this helps.

Resources