Forum Discussion
Error joining Azure VM AD to on_prem AD through VPN
Good morning,
I am trying to extend AD to Azure. I did this, starting in Azure, by creating a Virtual Network, a class 16 subnet (10.0.0.0/16), a virtual Gateway, a local Gateway, an Azure Public IP Address, a connection, and a VM with a NIC in the Azure Platform (to be used for an ADDS server in the cloud).
I created a Hyper-V lab with AD01 and WS01 with domain.com. I also did the following:
- Configured AD Sites and Services for Azure Site wtih Azure Subnet (10.0.0.0/24)
- I then added RRAS to my AD01.
- I configured all the Azure resources I needed and assigned the GW its own subnet (10.0.1.0/24)
- I created a new interface in RRAS to connect the VPN tunnel and connected both of them.
THAT part worked just fine.
- Once the VPN was connected, I created a VM in Azure for AD, called AD02.
I set AD02 to have a DNS Address to match AD01.
- I added ADDS to AD02 and went to promote the DC, but it failed to join the domain, because of the
error:
"Active Directory Installation Wizard
The wizard cannot access the list of domains in the forest. The error is:
The network path was not found."
I can resolve out to the on_prem DNS Server from inside Azure. I joined the local WS01 to the domain on_prem, so I know the SRV records are correct and the domain join functionality is present. It almost seems like there are ports being blocked or packets being dropped.
Only other bit of info is that this is on a home network, behind a modem/router/firewall, with 192.168.0.60 in the DMZ on the firewall and the VPN connection is not terminated at the modem/router/firewall/but at the RRAS Server (AD01).
Abstract of network attached.
Anyone have any thoughts?
Hi Kurt,
Having said you created AD Sites and services. Did you put the Azure AD01 into another site you created on-prem.?
- Sunit PatilBrass Contributor
Hi Kurt,
can you please check if you able to Telnet 53 port and 137 Port?
Best
Sunit Patil
- Kurt JohnsonCopper Contributor
I can telent to port 53 from Azure AD01 to on_prem DC01. I cannot telnet to port 137.
- Kurt JohnsonCopper Contributor
However, I turned off NetBIOS in the NIC on DC01 per some instructions I read.
Let me turn it back on and see if that resolves the telnet to 137 issue.
- JIDE-JIMOHBrass Contributor
Hi Kurt,
Having said you created AD Sites and services. Did you put the Azure AD01 into another site you created on-prem.?