Can not join to active directory - windows

I installed ws2016 server as a domain controller on virtualbox using internal network .
Everything was successfully installed about active directory and i created domain name as 'stark.local'
Also i created another ws2016 on virtualbox using internal network and I want to join new virtual machine to my domain controller.
Can ping dns server(which is my domain controller) and also Firewall off, no anti-virus installed.
However when i try to join dc it gives below error;
what i realized that i can not make nslookup to my dns server ip.
Even if on domain controller can not nslookup its self.
ipconfig of Domain Controller
ipconfig of node1;
I had no hair now and need your help.

Finally solved!
The problem was using internal network. I changed to host-only network and it worked.

AC DC
Using public IP addresses will always get you in trouble, try changing them to something like:
192.168.1.10 & 192.168.1.20
(Please read entire answer before modifying)
Also, i would recommend checking this link on the official microsoft forum. I know it's from windows 7, but i think the main problem you have is with the DNS configuration and it's very well explained there.
I'll summarise the link above here:
#Meinolf Weber's answer
If domain machines contain public DNS servers as 200.88.127.23 and 196.3.81.5 you will always have trouble.
Remove them on ALL domain machines and run ipconfig /flushdns and ipconfig /registerdns and reboot clients and domain member servers and restart the netlogon service on DCs instead reboot.
For internet access please configure the FORWARDERS in the DNS server properties in the DNS management console with the public DNS servers.
Explanation:
You can't join a machine to the domain using public IP because it is trying to locate your domain to the public IP which has not information of the private build domain.
Use only local IP in the clients NIC.
Hope it helps, if not please give more detailed information of the issue as well as the DNS configuration (screenshot or whatever you can).
EDIT 1: also check "time settings" on both machines, i know it might seem silly, but that sometimes gives DNS and DC issues. Check IPv6, could be another probable cause of the issues you're having (Go to the network and sharing center, modify the properties of the NIC and unselect TCP/IPv6).
I'd check first IPv6, that'll save you work if it's only that.
EDIT 2: again, i would recommend changing the IPs (if possible) to another network, as long as the 169.254.x.x is used (assigned) when there's no DHCP server, but as you say they can ping to each other, it may not be necessary the problem.
I can see there's no router in the network but, a Windows Server should be providing DHCP, otherwise things like DNS suffix don't work.
So check that:
- You have the DNS role installed and configured to support AD.
SOLVED on answer below
The explanation i would give for this is that "secure communication" is an often requirement, thing that internal network doesn't provide.

Related

how to access xampp server from internet using dynamic ip address

I have installed xampp server on my windows 7.
I am connecting internet using HUAWEI Dongle.
I don't have any static IP address.i Want to access my php file from internet example I have connected to internet now I have dynamic IP address like 100.101.73.240 if some one enter 100.101.73.240/home.php in his browser address bar then my home.php page should open in his browser.
What should I do for this give me step by step guide.
Local Ip can't work over the internet. It's your intranet network. If you have dynamic internet IP, then you simply configure the Dynamic DNS service. Which you can configure your Internet Router with the following settings (provided by the Dynamic DNS service providers).
dyn.com
noip.com
dynu.com
many more.
Thanks
If you want to share IP with someone from your local area network:
Go to cmd, run ipconfig command, and find your local IP, which should be like 192.168.xxx.yyy. You can easily share it with no worries it will change each time you reset your network.
If it's someone from external network:
You have no power to share your external IP if you have dynamic one, it will change too often, but still it should work for a short connection sessions. To obtain a stable address you would have to register a domain

How to specify DNS server for a VPN Connection by PowerShell?

I am fairly new to PowerShell so please forgive me if the question looks stupid.
I am trying to configure VPN Connections using PowerShell. With the help of PowerShell ISE, I have no trouble creating a VPN connection and configuring VPN specifics. However I also need to set the DNS server of this VPN to 8.8.8.8, a task of which none of the cmdlets in VpnClient module is capable. I figured that all the settings in "Networking" tab is not accessed by VpnClient module so I tried DnsClient, NetAdapter,NetTCPIP and NetConnection, but the commands in these module all need a parameter called either Name or InterfaceAlias.
I successfully changed the DNS Configuration of my Ethernet Adapter by Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 8.8.8.8,8.8.4.4. However, if I give my vpn name to -InterfaceAlias option then PowerShell gives out an error, saying it cannot find such InterfaceAlias.
I listed all interfaces on my Windows but there's no sign of any vpn connection.
All helps are appreciated, thank you!
Thanks to #DavidBrabant, it seems that it is a bug that Microsoft has not fixed since Windows Vista. I then followed one of the solutions on that kb article: using .Net Class.
The result is still the same as before: no sign of any vpn connection. My input and output look like this:
PS C:\WINDOWS\system32> [System.Net.NetworkInformation.NetworkInterface]::GetAllNetworkInterfaces().NetworkInterfaceType
Wireless80211
Wireless80211
Ethernet
Loopback
Tunnel
Tunnel
I haven't tried the second resolution which is "Use the GetAdaptersAddresses API" because I don't know how. Anyone knows? Or did I miss something from the .Net framework?
Since I can't comment and/or +1 anything because of switching to new account. I want to mention that above Antonio's solution works just fine. You have to use common sense and understand things a little more. I will elaborate on Antonio's message. Understand that the people who are answering you are either coding professionals or IT professionals. So they answer in assumption you are one as well. Please do not -1 anything if you haven't tried it and don't understand it. ASK they will help you and explain more if needed.
Set-DnsClientServerAddress -InterfaceAlias Corporate -ServerAddresses 8.8.8.8
Let's break this down. So what is this saying?
Set-DnsClientServerAddress
This is assuming you're already connected to the VPN. as Antonio actually mentioned.
you have to connect to the VPN first
Ok now that we have the understanding that this command through powershell assumes we're connected to the VPN (Only 1 by the way not more than 1).
Let's tackle the rest of the command.
-InterfaceAlias Corporate
Ok so those who code undestand that -InterfaceAlias is a Parameter to the Set-DnsClientServerAddress command. Then following that parameter you have attributes. Now that attribute can either be TEXT (aka a String) or a boolean value (aka $True or $False). So in this case he is saying that his vpn is called Corporate. Now with most Windows stuff. Windows will accept strings un quoted if it's all 1 word. However if your VPN Name has a space in it then it will not accept it. you would have to encapsulate your string with quotes. for example.
-InterfaceAlias "My VPN"
So in this case you need to know what your VPN Name is. If you don't know what your VPN Name is, please go to the following location.
Control Panel -> Netwok and Sharing Center -> Change Adapter Settings (left hand side) -> net find your VPN Adapter.
Alright so the last bit.
-ServerAddresses 8.8.8.8
So this ServerAddresses property is already strictly data typed to an IP address or multiple IP addreseses. So in this case you would need to know the DNS Server you wish to request DNS resolution from and replace it (8.8.8.8 = Google outside DNS server). So for example
-ServerAddresses 10.1.10.254
Now this will set the DNS server to be 10.1.10.254 for this VPN Adapter.
Kill the VPN and then start it up again. Open a command prompt and type the following
ipconfig/all
This will show you all your current adapters. For your VPN adapter it should show your updated DNS. If you still can't resolve DNS names it possibly has to do with your Type of DNS server and you will have to probably specify a DNS suffix manually as well. See the following article for more details.
https://superuser.com/questions/966832/windows-10-dns-resolution-via-vpn-connection-not-working
Hope this helped. Sometimes us Senior IT guys just don't have the time to type it all out for business owners and/or new to the trade IT personnel.
-Grafix
To be able to change the interface DNS of a windows VPN you have to connect to the VPN first then use the PS command
Set-DnsClientServerAddress -InterfaceAlias Corporate -ServerAddresses 8.8.8.8
I did it and after that I was able to join the windows 10 to the domain; also first you have to create the VPN using the PS command
Add-VpnConnection -Name "My VPN" -ServerAddress "x.x.x.x" -TunnelType Pptp -EncryptionLevel Required -AuthenticationMethod MSChapv2 -AllUserConnection -RememberCredential -PassThru

NETGEAR Router: DNS Server Not Responding

I'm running Windows 7 64-bit Professional edition and I've been using NETGEAR Router WNR612v3 for a while now. I'm not a professional in networking, but apparently the DNS server all of my computers in this house use is not responding. All the computers network card settings are set to automatic, both in resolving an IP address and resolving a DNS server.
I've had this issue all morning and fixed it by making my main computers DNS server static listening to one of GOOGLEs public DNS server (208.67.222.222) and that works perfectly. I then put my computer back to automatically resolve a DNS server and went to NETGEARs control panel by accessing my default gateway address (192.168.x.x) and configured the DNS address settings. I set it to automatically get one from my ISP (Bahnhof SE). That didn't work, so I've set it to static and tested three addresses at a time using all of these:
213.80.98.2
213.80.101.3
208.67.222.222
8.8.8.8
8.8.4.4
with no avail. It seems that my computers just won't resolve the DNS server given by NETGEAR, or I'm just understanding this wrong. But the end result is that my computer is obviously not receiving the Public GOOGLE DNS server that I've set on the NETGEAR DNS Addresses configuration. Here are a few screen shots:
Screenshot #1
Screenshot #2
Screenshot #3
Screenshot #4
Any suggestions are greatly appreciated! Thank you in advance.
with the limited information you provided all I can do is speculate that the firmware on your router is outdated or faulty, try updating the firmware or connect to an open Wi-fi network to ensure that the router is the problem. You will have to find where the problem is to fix it. My bet is on the router based on the fact that several computers within your house are having the same issue, and when adding the dns server address statically on the computers it works. So update the firmware, if that doesn't work go buy another router.

amazon ec2 - name server issue

i have created new instance in amazon ec2, and assigned the elastic ip for instance. But i need to know how to get ip for name server (ns1.abc.com, ns2,abc.com).
I have installed whm in amazon instance. Only domain cannot point to the correct name server. That is because ip cannot load.
Now, my problem is that how i get new ip. Can i add another two elastic ip in amazon? But i configured two elastic ip for name server in dns zone within whm. The name server is not working. And i cannot open the elastic ip in browser. I am confuse for it. Please anyone help me.
There are lots of things that can go wrong here. I'll try to troubleshoot step by-step:
I'll assume the goal is "You want to type 'whm.foo.com' and see your WHM"
1) Go to your domain registrar and make an entry that points "whm.foo.com" to your EIP. (Depending on what you want, maybe you should setup a "*.foo.com" wildcard for that EIP.
2) Test that step #1 worked by typing "ping whm.foo.com" or "dig whm.foo.com" (one linux/mac, not sure about Windows). This should return your EIP. If not, go back to step 1.
3) Check that WMH is acually running. Read the docs to find what port it's running on. (Usually 2083, or 2082 for insecure access)
On your instance, run "curl -v localhost:2083" (or whatever port. It should return a login screen. If it says "couldn't connect to host", then you have the wrong port or it's not running.
4) run "netstat -na | grep :2083" (or whatever port). It should say "0.0.0.0:*". If it says "127.0.0.1:*", then you need to configure it to allow outside access.
5) Make sure your WHM port is enabled in the AWS firewall. Go to the AWS control panel and find the security group for your box. Make sure that port is allowed. Ideally, you'd only add your personal IP instead of opening it up to the world. (If there is a bug in WHM, people will scan all IPs trying to exploit it. They can't exploit your server if the AWS firewall denies them access.)
6) Now type "https://whm.foo.com:2083" (or whatever port) in your browser. (or http://whm.foo.com:2082 for insecure access). It should work!
i need to know how to get ip for name server (ns1.abc.com, ns2,abc.com).
As rdrey said, you need to go to your DNS provider (most registrars also do DNS) and tell them what boxes should point to your EIP.
That is because ip cannot load.
There is no such thing as "ip cannot load". Either "DNS is giving the wrong IP" or "some IP operations (TCP ports) were blocked by a firewall somewhere".
Now, my problem is that how i get new ip
I don't think that should be your goal. You can easily change EIPs, but it won't fix the problem. Nothing works unless everything in between is set up correctly. The goal should be understanding all the steps in the process and verifying that each step was done correctly.
OK, you have two options here:
Use the DNS servers provided by your Domain Registrar OR
Use AWS Route53 to let Amazon provide DNS services for you.
Option 1:
You bought your domain name from a registrar, like one of these: http://lifehacker.com/5683682/five-best-domain-name-registrars
Most, if not all, registrars run a free DNS service for their customers. You should be able to log into some kind of management console and set your domain's DNS zone entries to point at your AWS EIP. (I am using gandi.net and used to use godaddy. You simply leave the DNS Servers as they are and set your AWS EIP as the 'A' record.)
Option 2:
Go to https://console.aws.amazon.com/route53/home and follow instructions. I haven't read up on Route53's pricing, so this option might not be free.
---- EDIT:
Some more help:
The site you've linked to (http://www.intodns.com/xantec.com.sg) states that you've used your EIP (54.251.169.7) as the nameserver for the domain. You don't want that. You're running a cPanel installation, NOT a DNS nameserver.
Put 54.251.169.7 as your site's A record. (Sometimes called the www field.) Remove it from the NS fields and put ns3.thesimpledns.com & ns4.thesimpledns.com into those.

How can I test my DNS and site configuration

I've received a few messages from users of my site that they can not access it from home.
They can access the server from the IP, but not by the domain name.
I think it has something to do with the way my DNS is configured. I setup my own DNS server about 4 years ago on my server, which I probably should not have done, and I'm not sure if everything is configured correctly. There are plenty of people who can access the site without any problems, but some users get 'server can not be found'.
Server Details: Windows 2003 co-located server at a small local hosting company.
Are there good tools or sites that can test and provide configuration recommendations? How do I test this problem when it works fine for me and so many other users? What type of questions should I ask users that can't access the site?
Can I provide / point to another DNS server that can be used if the first server isn't working?
Thanks!
Nevertheless here some pointers:
Questions that you can ask the users:
Run the following command: nslookup test.company.com. The result should be the IP they could access by IP. If it's a wrong IP or no IP, then this hostname A / CNAME record isn't propagated correctly to the outside world.
It could be a ipv4/v6 problem. Maybe the DNS resolves to a ipv6 IP by AAAA record and your ISP (or any provider inbetween) doesn't support ipv6 correctly yet. Under windows, you can ping -6 or ping -4 to see if it resolves to anything at all.
Possible workaround:
Tell your users to hardcode the IP of your server into their HOSTS file...
DNS problems are usually lying at the companies infrastructure though (e.g. not propagating the DNS notifications correctly, wrong DNS servers at your registrar, wrong DNS configuration on your DNS server...)
There's an excellent on-line resource to verify your DNS settings: intoDNS.com
If you think the problem is in your DNS server and you don't need it this way anyway, you can just turn your DNS to any DNS hosting - see my biased list. Setup your DNS records from scratch with any DNS provider and tell your domain registrar to use that provider nameservers. Often registrars themselves provide DNS servers as well.
As for questions to ask users, Khoi explained everything.

Resources