Hi all,
I'm needing some help with troubleshooting a situation where the workstations at a new site cannot find the domain controller.
Preface:
Site 1 = Established domain in another city. Subnet is 192.168.1.0/24. DHCP/Authentication is Domain controller
Site 2 = New site (should be on same domain) Subnet is 192.168.2.0/24 DHCP is MX Router.
Successfully created site to site VPN.
So I set up a workstation that was shipped over yesterday from site 1 to site 2. But when I try to log on today, it flat out tells me that no domain controller can be found to authenticate against.
How/what changes can I make so that computers located at site 2 can communicate with DC at site 1 to do basic authentication?
Thank you in advance and let me know if you need more infomation
Solved! Go to solution.
Okay given everything you see here, I found the fix. It's not the best fix in a sense of optimal routing but I added the local DNS server within the DHCP> Custom Nameserver settings and NOT the SD WAN Uplink settings.
Originally it was set to the value of "Proxy to upstream DNS".
Now traffic is flowing and computers at Site 2 are authenticating to the Domain Controller at Site 1.
I assume you've tried all the basic stuff....
From the computer on Site 2 -
check that you have the DNS nameservers set as the domain controller IP address in the DHCP options
(that's how Windows clients find the Domain Controller)
try pinging the Domain controller by IP address (login with a local account), this will prove you have connectivity
try pinging the Domain controller by hostname, this will prove you have DNS working and DNS suffix or search domains
try pinging the Domain controller by FQDN, this proves DNS is working (even if the suffix/search domains aren't)
Hi Bruce,
Yes and I even stumped a Meraki technician tonight who also felt like my settings in Meraki were correct. So it may be the problem lays on my domain controller. I'll explain but first to confirm....
1. From Computer at site 2, yes I can ping the IP address of the DC and it resolves
2. From Computer at site 2, no I cannot ping the DC using the server name or FQDN.
3. Within Meraki MX Gateway under Security & SDWAN>Active Directory, settings are good and status = Green check. Even the LDAP Groups looked good according to Meraki support.
4. DNS settings reviewed on both MX Gateways. Each one reflects the Internet Provider's primary DNS & Google or 8.8.8.8
5. Where I think I'm stuck is about 1/3 of the way down on this link. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...
in the graphic below, I've marked where I was no longer able to follow the instructions. I'm supposed to view a certificate. The graphic after this is what I see.
This is what I see when i view my certificate. This was exported to desktop from my Certificate MMC.msc.
or from within my Certificate MMC.msc which I created based on another Meraki tutorial.
The gist of this is, that I create a certificate trust with LDAPS based on a security update from Microsoft back in 2019 or so I read. So I'm stuck at that point in the tutorial and Meraki technician concurs that it's most likely there I'll find the fix. So the real question is... what am I missing in that part of the tutorial about "Certificate Requirements for TLS"?
Thank you again.
hello create a reverse in your dns with the good ip
Sorry Francois,
Can you elaborate further? Do I create the reverse dns within one of two Meraki MX Gateways? If yes, I assume it's the gateway that hosts the domain controller?
Thanks.
Hi
If the dns server was windows go in dns and create reverse dns zone the reverse bring the FQDN
Try and tell me
Yeah, Domain Controller is there in the reverse lookup zone.
Okay given everything you see here, I found the fix. It's not the best fix in a sense of optimal routing but I added the local DNS server within the DHCP> Custom Nameserver settings and NOT the SD WAN Uplink settings.
Originally it was set to the value of "Proxy to upstream DNS".
Now traffic is flowing and computers at Site 2 are authenticating to the Domain Controller at Site 1.
Great good job
But for me DC only in this zone dns dhcp, but all is ok then Great !
Good Job