Forum Discussion

Ziamustafa's avatar
Ziamustafa
Copper Contributor
Jul 03, 2025
Solved

Creating Secondary Domain Controller

Assalamualaikum Everyone, I hope all are doing great.I need help in troubleshooting the issue which I faced.I have on my premises Windows2016 AD  and pfsense firewall where I configure OpenVPN and c...
  • GulnazMushtaq's avatar
    GulnazMushtaq
    Jul 07, 2025

    Your Windows Server 2019 VPS must use the on-premises Active Directory (AD) server as its primary DNS server.

    Open ncpa.cpl → Right-click VPN interface (or main interface) → Properties → TCP/IPv4 → Properties.

    Set the DNS to your AD server's IP address, e.g., 192.168.1.10 (your AD DNS server's IP address).

    Remove all public DNS like 8.8.8.8 or 1.1.1.1 while testing domain join.

     

    On pfSense:

    • Go to Firewall → Rules → OpenVPN tab
    • Make sure there is a rule that allows traffic from the VPN client to the on-prem DNS server (port 53 UDP and TCP)

    On your Windows Server 2016 AD server, open Windows Defender Firewall with Advanced Security. Make sure that inbound rules for the DNS Server (TCP/UDP 53) are enabled.

    You may run the following PowerShell commands:

    Get-NetFirewallRule -DisplayName "*DNS*" | where {$_.Enabled -eq "True"}

    Or temporarily test with:

    cmd

    CopyEdit

    netsh advfirewall set allprofiles state off

Ziamustafa's avatar
Ziamustafa
Copper Contributor
Jul 07, 2025

Hi Mam,

JazakAllah and thanks always got exact cause and feedback from your side.

Yes,after updating DNS  of OpenVPN adapter and adding rules,Allowing ports in firewall I got ping replay from server now successfully configured backup DC and all things are smoothly up.