none
Domain Controller in Azure

    Question

  • I built a domain coltroller in Azure but when i try to domain join a workstation I am getting the below message.

    Ideas?


    Twitter: @dguilloryjr LinkedIn: http://www.linkedin.com/in/dannyjr Facebook: http://www.facebook.com/#!/dguilloryjr

    Monday, September 09, 2013 2:49 PM

All replies

  • Hi,

    I can't even ping the domain name you have keyed in. Have you adjusted the Firewall Rules on Windows Azure? 

    Check out the necessary firewall settings here.

    http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

    Cheers.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Milton Goh

    Tuesday, September 10, 2013 2:41 AM
  • here are my settings, the firewall on the server is actually off for the time being...


    Twitter: @dguilloryjr LinkedIn: http://www.linkedin.com/in/dannyjr Facebook: http://www.facebook.com/#!/dguilloryjr

    Tuesday, September 10, 2013 3:20 AM
  • Hi,

    Narrowed down further,-

    Please fixed this at your DNS controller end and try again.

    Cheers.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Milton Goh

    Tuesday, September 10, 2013 3:24 AM
  • would this be something needing to be done on the DC i created in Azure are at the domain registar lvl (i.e. godaddy)?

    Twitter: @dguilloryjr LinkedIn: http://www.linkedin.com/in/dannyjr Facebook: http://www.facebook.com/#!/dguilloryjr

    Wednesday, September 11, 2013 6:03 AM
  • It will be at your GoDaddy level since we are going via the public link. Is your AD having a public IP too?

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Milton Goh

    Wednesday, September 11, 2013 8:00 AM
  • Yes it has a public ip address

    Twitter: @dguilloryjr LinkedIn: http://www.linkedin.com/in/dannyjr Facebook: http://www.facebook.com/#!/dguilloryjr

    Wednesday, September 11, 2013 8:01 AM
  • Yeap, go ahead and modify via your domain registrar or DNS provider.

    Cheers.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Milton Goh

    Wednesday, September 11, 2013 8:02 AM
  • ok so now i get this message when i try to connect!

    ideas?

    --------------------------------------------------------------

    DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "extechla.com":

    The query was for the SRV record for _ldap._tcp.dc._msdcs.extechla.com

    The following domain controllers were identified by the query:
    extechladc01.extechla.com

    However no domain controllers could be contacted.

    Common causes of this error include:

    - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

    - Domain controllers registered in DNS are not connected to the network or are not running.


    Twitter: @dguilloryjr LinkedIn: http://www.linkedin.com/in/dannyjr Facebook: http://www.facebook.com/#!/dguilloryjr

    Wednesday, September 11, 2013 6:56 PM
  • Did you missed out any A records?

    I can't seems to ping the domain "extechla.com" --> Can you?


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Milton Goh

    Thursday, September 12, 2013 3:25 AM
  • Yeah if you ping it resolves to the correct IP but does not respond to pings. I have the firewall off on the phone but I'm not sure if azure blocks ping. If not how do I open it for pings?

    Twitter: @dguilloryjr LinkedIn: http://www.linkedin.com/in/dannyjr Facebook: http://www.facebook.com/#!/dguilloryjr

    Thursday, September 12, 2013 4:16 AM
  • Hi,

    It seems like a firewall configuration issue. Please see attached image.

    You may want to do the same as me, download the tools to test connectivity to AD.

    http://support.microsoft.com/kb/310456 --> This tell you more about Port Query that tool.

    http://www.microsoft.com/en-sg/download/details.aspx?id=17148 --> This is the Port Query tool

    Cheers.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Milton Goh

    Thursday, September 12, 2013 4:33 AM
  • here are the ports i have open with the Azure Endpoints configuration:


    Twitter: @dguilloryjr LinkedIn: http://www.linkedin.com/in/dannyjr Facebook: http://www.facebook.com/#!/dguilloryjr

    Thursday, September 12, 2013 5:19 AM
  • ok so it looks to be working on tcp but NOT udp?

    If you run that same query in PortQryV2 with tcp you get feedback... using UDP you get NO feedback

    Ideas?


    Twitter: @dguilloryjr LinkedIn: http://www.linkedin.com/in/dannyjr Facebook: http://www.facebook.com/#!/dguilloryjr

    Thursday, September 12, 2013 5:48 AM
  • Looks like WIndowsAzure blokcs ping request to VM's could this be why i am getting this message when i try to domain join a machine?

    DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "extechla.com":

    The query was for the SRV record for _ldap._tcp.dc._msdcs.extechla.com

    The following domain controllers were identified by the query:
    extechladc01.extechla.com


    However no domain controllers could be contacted.

    Common causes of this error include:

    - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

    - Domain controllers registered in DNS are not connected to the network or are not running.


    Twitter: @dguilloryjr LinkedIn: http://www.linkedin.com/in/dannyjr Facebook: http://www.facebook.com/#!/dguilloryjr

    Thursday, September 12, 2013 6:09 AM
  • Hi,

    Sorry, I did some search for you. This is what I have found.

    "You cannot join on-premises computers to a Windows Server AD DS Active Directory domain that is hosted on Windows Azure directly over the Internet. The port requirements for Active Directory and the domain-join operation render it impractical to directly expose the necessary ports, and in effect, an entire DC, to the Internet."

    http://msdn.microsoft.com/en-us/library/jj156090.aspx#BKMK_IPAddressDNS

    Cheers.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Milton Goh

    Thursday, September 12, 2013 6:14 AM
  • Hey Danny,

    I have tested your scenario myself, it is the same as what you have experience. Managed to dig out one video which is really useful. Please kindly watch it.

    http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B300#fbid=_0dGBIyWTgC

    Cheers.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Milton Goh

    Thursday, September 12, 2013 10:55 AM
  • ok so I made another server on Rackspace and its got the exact same issue. so is there something i'm missing? so we assumed it was azure blocking something we could not see. Not I have a se3ver on Rackspace doing the exact same thing...

    ideas?


    Twitter: @dguilloryjr LinkedIn: http://www.linkedin.com/in/dannyjr Facebook: http://www.facebook.com/#!/dguilloryjr

    Friday, September 13, 2013 11:23 PM
  • Hi,

    Referencing to my previous post, I think it is stated clearby Microsoft. So in order for your on-premises computer to join to the domain controller up in the cloud. You may want to consider running VPN from Windows Azure to your on-premises network. 

    Cheers.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Milton Goh

    Sunday, September 15, 2013 1:20 PM