locked
Couldn't find domain RRS feed

  • Question

  • Dear,

    I have an issue with UAG activation, it show that Couldn't find domain 'DOMAINNAME'. GPO will not be modified.

    however, I can ping my domain name, and I already have static route to my internal network.

    please give advice.

    Thursday, September 13, 2012 9:29 AM

Answers

  • Hi,

    Is there any firewalls separating the UAG from the internal networks?

    Do some extra verifications that you can reach all the domaincontrollers.

    * Do a ping to each domaincontroller
    * Verify that you can do a gpupdate /force on the  UAG.
    * Start GPMC on the UAG and verify that you can retarget it to all your domaincontrollers.
    (right click on the domain and select "Change domain controller" to retarget.)

    Best wishes,
    Jonas Blom


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    • Marked as answer by AmirMahouk Wednesday, September 19, 2012 5:32 AM
    Friday, September 14, 2012 8:50 AM
  • Hi again,

    No it should not need access to all domaincontrollers, but sure sounds like it :)

    I did a quick runthrough of the powershell script that you have an alternative to export and apply directly on a domaincontroller.

    It uses the GroupPolicy module in powershell and does not specify a designated domaincontroller anywhere.
    Based on the documentation for the various commands used, it will use the domaincontroller that has the PDC Emulator role if nothing else is specified.
    (As listed in the documentation here, http://technet.microsoft.com/en-us/library/ee461062.aspx)

    Can you check if that role is on one of the servers that are firewalled?

    Best wishes,
    Jonas Blom


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    • Marked as answer by AmirMahouk Wednesday, September 19, 2012 5:32 AM
    Saturday, September 15, 2012 11:47 AM

All replies

  • Hi,

    Is there any firewalls separating the UAG from the internal networks?

    Do some extra verifications that you can reach all the domaincontrollers.

    * Do a ping to each domaincontroller
    * Verify that you can do a gpupdate /force on the  UAG.
    * Start GPMC on the UAG and verify that you can retarget it to all your domaincontrollers.
    (right click on the domain and select "Change domain controller" to retarget.)

    Best wishes,
    Jonas Blom


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    • Marked as answer by AmirMahouk Wednesday, September 19, 2012 5:32 AM
    Friday, September 14, 2012 8:50 AM
  • thanks Jonas for reply..

    Actually I have many DC in my network, and UAG can reach 2 DC only that is located in UAG site, so the question is in mind does UAG need to access to all DC in the network?

    gpupdate /force working successfully


    Saturday, September 15, 2012 7:58 AM
  • Hi again,

    No it should not need access to all domaincontrollers, but sure sounds like it :)

    I did a quick runthrough of the powershell script that you have an alternative to export and apply directly on a domaincontroller.

    It uses the GroupPolicy module in powershell and does not specify a designated domaincontroller anywhere.
    Based on the documentation for the various commands used, it will use the domaincontroller that has the PDC Emulator role if nothing else is specified.
    (As listed in the documentation here, http://technet.microsoft.com/en-us/library/ee461062.aspx)

    Can you check if that role is on one of the servers that are firewalled?

    Best wishes,
    Jonas Blom


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    • Marked as answer by AmirMahouk Wednesday, September 19, 2012 5:32 AM
    Saturday, September 15, 2012 11:47 AM
  • thank Jonas, 

    I correct the route and it is fix the problem, however exporting the script work perfect as well.

    Wednesday, September 19, 2012 5:35 AM