Solved
Okay given everything you see here, I found the fix. It's not the best fix in a sense of optimal routing but I added the local DNS server within the DHCP> Custom Nameserver settings and NOT the SD WAN Uplink settings.
Originally it was set to the value of "Proxy to upstream DNS".
Now traffic is flowing and computers at Site 2 are authenticating to the Domain Controller at Site 1.
Hi Bruce,
Yes and I even stumped a Meraki technician tonight who also felt like my settings in Meraki were correct. So it may be the problem lays on my domain controller. I'll explain but first to confirm....
1. From Computer at site 2, yes I can ping the IP address of the DC and it resolves
2. From Computer at site 2, no I cannot ping the DC using the server name or FQDN.
3. Within Meraki MX Gateway under Security & SDWAN>Active Directory, settings are good and status = Green check. Even the LDAP Groups looked good according to Meraki support.
4. DNS settings reviewed on both MX Gateways. Each one reflects the Internet Provider's primary DNS & Google or 8.8.8.8
5. Where I think I'm stuck is about 1/3 of the way down on this link. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...
in the graphic below, I've marked where I was no longer able to follow the instructions. I'm supposed to view a certificate. The graphic after this is what I see.
This is what I see when i view my certificate. This was exported to desktop from my Certificate MMC.msc.
or from within my Certificate MMC.msc which I created based on another Meraki tutorial.
The gist of this is, that I create a certificate trust with LDAPS based on a security update from Microsoft back in 2019 or so I read. So I'm stuck at that point in the tutorial and Meraki technician concurs that it's most likely there I'll find the fix. So the real question is... what am I missing in that part of the tutorial about "Certificate Requirements for TLS"?
Thank you again.
Hi
If the dns server was windows go in dns and create reverse dns zone the reverse bring the FQDN
Try and tell me
Yeah, Domain Controller is there in the reverse lookup zone.
Okay given everything you see here, I found the fix. It's not the best fix in a sense of optimal routing but I added the local DNS server within the DHCP> Custom Nameserver settings and NOT the SD WAN Uplink settings.
Originally it was set to the value of "Proxy to upstream DNS".
Now traffic is flowing and computers at Site 2 are authenticating to the Domain Controller at Site 1.
But for me DC only in this zone dns dhcp, but all is ok then Great !
Good Job
