Forum Discussion
Creating Secondary Domain Controller
Assalamualaikum Everyone,
I hope all are doing great.I need help in troubleshooting the issue which I faced.I have on my premises Windows2016 AD and pfsense firewall where I configure OpenVPN and created user for my cloud windows server 2019 it's VPS hosted in Contabo with public ip,I installed OpenVPN configuration and it's working.My cloud VPS Server2019 can ping my local network my firewall etc.but it cannot ping my AD server and also it cannot fetchs my primary domain Controller name when I try to add it to existing server,I also can take RDP of my local AD server from my VPS but can't resolve DNS.can somebody suggest me accurate steps to troubleshoot my issue.
Thankyou
Your Windows Server 2019 VPS must use the on-premises Active Directory (AD) server as its primary DNS server.
Open ncpa.cpl → Right-click VPN interface (or main interface) → Properties → TCP/IPv4 → Properties.
Set the DNS to your AD server's IP address, e.g., 192.168.1.10 (your AD DNS server's IP address).
Remove all public DNS like 8.8.8.8 or 1.1.1.1 while testing domain join.
On pfSense:
- Go to Firewall → Rules → OpenVPN tab
- Make sure there is a rule that allows traffic from the VPN client to the on-prem DNS server (port 53 UDP and TCP)
On your Windows Server 2016 AD server, open Windows Defender Firewall with Advanced Security. Make sure that inbound rules for the DNS Server (TCP/UDP 53) are enabled.
You may run the following PowerShell commands:
Get-NetFirewallRule -DisplayName "*DNS*" | where {$_.Enabled -eq "True"}
Or temporarily test with:
cmd
CopyEdit
netsh advfirewall set allprofiles state off
2 Replies
Hi Mam,
JazakAllah and thanks always got exact cause and feedback from your side.
Yes,after updating DNS of OpenVPN adapter and adding rules,Allowing ports in firewall I got ping replay from server now successfully configured backup DC and all things are smoothly up.
Your Windows Server 2019 VPS must use the on-premises Active Directory (AD) server as its primary DNS server.
Open ncpa.cpl → Right-click VPN interface (or main interface) → Properties → TCP/IPv4 → Properties.
Set the DNS to your AD server's IP address, e.g., 192.168.1.10 (your AD DNS server's IP address).
Remove all public DNS like 8.8.8.8 or 1.1.1.1 while testing domain join.
On pfSense:
- Go to Firewall → Rules → OpenVPN tab
- Make sure there is a rule that allows traffic from the VPN client to the on-prem DNS server (port 53 UDP and TCP)
On your Windows Server 2016 AD server, open Windows Defender Firewall with Advanced Security. Make sure that inbound rules for the DNS Server (TCP/UDP 53) are enabled.
You may run the following PowerShell commands:
Get-NetFirewallRule -DisplayName "*DNS*" | where {$_.Enabled -eq "True"}
Or temporarily test with:
cmd
CopyEdit
netsh advfirewall set allprofiles state off
