Forum Discussion
Can not access Active Directory Domain Services through Point-to-Site VPN
Hello community,
I'm having some trouble with my Azure deplaoyment. I have a classic VNet (VNet1) (10.0.0.0/16) with Active Directory Domian services on subnet 1. (10.0.0.0/23) and a VNet (VNet2) in Azure Portal with a Windows 2016 Virtual machine. (10.1.0.0/16) VMet2 in Azure portal has a subnet (10.1.0.0/23) and a gateway subnet (10.1.2.0/24). Peering is setup between VNet1 and VNet2 and connected. I also have a Virtual Netowrk Gateway setup for the Point-to-site connections with an address pool of 10.2.0.0/24 and created the root certificates for the VPN Client download.
I can add the Virtual Machine (10.1.0.4) to the domain, but I can not add the computer using the VPN client (10.2.0.2) to the domain. Any help or suggestions would be greatly appreciated. Thanks!
6 Replies
Hi Scott
What is the reasoning behind using 2 VNET's ? if you are just creating a tunnel between the sites anyway, you could have had both those subnet in the same VNET and use NSG's to specifiy how the could talk to each other.
The VPN service adds costs to you deployment.
I'm using Active Directoty Domain Services which can only be enabled in the classic VNet and I want to create instances in the new Azure portal, planning for the future. They are planning to have this feature in the new portal eventually.
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-faqs
- Hi,
Do you have dns Setup right in your vpn client net?
BestI have set the VNet2 DNS server to be the IP address of the Active Directory Domain Services.
- Hi Scott, i thnik the Trouble can be that you are having an other DNS Server on the Client and not all traffic is redirectet thru the VPN Connection - maybe you can try a S2S VPN to join the Client and configure the S2S having only the DNS Services in the Cloud Vnet1? If you are using the P2S constalition i would set the DNS on all Connections to teh VNET1. But first of all check what DNS Servers are listet in the IPCOFNIG of the Client which is connecting thru the VPN. Best Niels
