Announcement

Collapse
No announcement yet.

Join a laptop to domain issues Firewall and DNS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Join a laptop to domain issues Firewall and DNS

    Hi all,
    I am having some issues while joining a laptop to a domain, I hope someone can clarify those issues.

    So far what I`ve done on the DC:
    I`ve created a user account
    I`ve created a computer account, named the object with the same name of my laptop (for some reasons it wasn’t working with a different name).

    So far what I`ve done on the DNS:
    I`ve created a (NS) record to the DC
    I`ve created (A) record for the DC
    I`ve associated (PTR) record to the above A record
    I`ve created (A) record for the laptop
    I`ve associated (PTR) record to the above A record


    Is it all this necessary? Without all this I could not join the laptop to domain…
    So far what I`ve done on the laptop:
    I `ve disabled Windows Firewall on both laptop and DC, for some reasons they did not ping each others.
    After succesful joining to the DC I could enable the firewall again with exception of File and Printer Sharing (TCP 139,445,UDP137,13, without this exception it does not work…

    Thanks for the replies.

  • #2
    Re: Join a laptop to domain issues Firewall and DNS

    You have to add exemptions to rpc ports 135,137,138,139,445 in order to communicate to DC's

    Comment


    • #3
      Re: Join a laptop to domain issues Firewall and DNS

      Thanks for the reply.
      I`ve opened all those ports 137,138,139,445 only enabling File and Printer Sharing at the Windows Firewall; but I `m not sure about port 135, maybe it `s been already opened with another exception .

      What can you tell me about the configuration done at the DNS and DC?
      So far what I`ve done on the DC:
      So far what I`ve done on the DNS:
      I am not sure if I done more than I had to, or maybe I am still missing some more configuration to do at the servers…
      Thanks!

      Comment


      • #4
        Re: Join a laptop to domain issues Firewall and DNS

        Hi

        Can you post the following infos: (if mod's permitted)

        DC (TCP/IP config)
        DNS (configs)
        Laptop (TCP/IP Config)

        telnet dns 53
        telnet dc 389
        telnet dc 135
        telnet dc 137
        telnet dc 138
        telnet dc 139
        tenet dc 445
        telnet dc 3269

        check if \\%userdnsdomain%\sysvol is exist?
        nslookup %userdnsdomain%



        Thanks
        Last edited by totoy bato; 15th April 2010, 03:13. Reason: typo error

        Comment


        • #5
          Re: Join a laptop to domain issues Firewall and DNS

          HI Totoy Bato,

          DC % DNS are on the same server :
          IP 192.168.1.100
          SM 255.255.255.0
          DG 198.168.1.254 (IP of the router)
          Primary DNS 127.0.0.1

          Laptop:
          IP 192.168.1.82
          SM 255.255.255.0
          DG 192.168.1.254
          Primary DNS 192.168.1.100

          I can telnet all ports but ports 137 138, and Im pretty sure I`ve opened those ports on the Server firewall.

          Im not too sure how to check this:
          check if \\%userdnsdomain%\sysvol is exist?
          nslookup %userdnsdomain%

          Please let me know, Im learning and I know Im missing alot
          Thanks

          Comment


          • #6
            Re: Join a laptop to domain issues Firewall and DNS

            \\%userdnsdomain%\sysvol ===> must be run from Start, Run. nslookup
            %userdnsdomain% ===> must run from command line.
            What are the results?

            Also please check event logs for errors.



            Thanks
            Last edited by totoy bato; 16th April 2010, 01:54. Reason: Typo Error

            Comment


            • #7
              Re: Join a laptop to domain issues Firewall and DNS

              Those are the results:
              from nslookup:
              \\%userdnsdomain%\sysvol
              Unrecognized command


              from CMD:
              %userdnsdomain%
              'boyd.com' is not recognized as an internal or external command,
              operable program or batch file.

              (boyd.com is the name of the domain)

              Comment


              • #8
                Re: Join a laptop to domain issues Firewall and DNS

                Ops there's a correction.

                Please try again.
                \\%userdnsdomain%\sysvol ===> must be run from Start, Run.

                nslookup %userdnsdomain% ===> must run from command line.

                What are the results?

                Comment


                • #9
                  Re: Join a laptop to domain issues Firewall and DNS

                  Going back a level -- there should be absolutely NO problems joining a client to a domain, certainly no need to open ports everywhere.
                  I recommend:
                  You join a different client to check that is OK and therefore there are no domain wide issues. If necessary, disjoin one, rename it and rejoin

                  Also you disable any AV and 3rd party firewall on the client
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: Join a laptop to domain issues Firewall and DNS

                    Yes I can access SYSVOL on the DC server and nslookup %userdnsdomain% gives me:

                    Server: d-2k3.boyd.com
                    Address: 192.168.1.100
                    Name: BOYD.COM
                    Address: 192.168.1.100

                    (I think it all point to the correct IPs).
                    I think the problem is all releted to the AV installed, if I disable it I can join with no problems.
                    Thanks to both replies! Now I guess I probably need to close some ports at the client and server firewalls, which I opened for the only porpouse to join the computer, or are all necessary to be kept opened?

                    Thanks

                    Comment


                    • #11
                      Re: Join a laptop to domain issues Firewall and DNS

                      Also please exclude the sysvol folder and ntds on you AV.

                      Comment


                      • #12
                        Re: Join a laptop to domain issues Firewall and DNS

                        Thanks for the infos.
                        Summing up, can you please tell me what ports exactly has to be enabled in my Server Firewall? I am not sure whether I have opened the right ports or still needed to open others?
                        Please have a look and let me know:
                        135 tcp RPC
                        135udp RPC
                        137tcp NetBIOS
                        137udp NetBIOS
                        138udp NetBIOS
                        139tcp NetBIOS
                        1024tcp RPC
                        65535tcp RPC
                        445tcp SMB
                        445udp SMB
                        389tcp LDAP
                        389udp LDAP ping
                        636tcp LDAP SSL
                        3268tcp Global Catalog LDAP
                        3269tcp Global Catalog LDAP SSL
                        88tcp Kerberos
                        88udp Kerberos

                        53tcp DNS
                        53udp DNS

                        Thanks a lot!

                        Comment


                        • #13
                          Re: Join a laptop to domain issues Firewall and DNS

                          I'm with Ossian on this one.

                          Is there something we're missing here, the laptop should join the domain without an issue (unless of course it's XP home?) Please tell us whats different about this one.
                          The Univurse is still winning!

                          W2K AD, WSUS, RIS 2003. ISA also AVG Server
                          ** If contributors help you, recognise them and give reputation points where appropriate **

                          Comment


                          • #14
                            Re: Join a laptop to domain issues Firewall and DNS

                            Thanks, I did manage to join the computer to the domain.
                            Because Im not too sure about security I`d like to know whether I`ve opened too few or too many ports on the Server firewall...

                            Comment


                            • #15
                              Re: Join a laptop to domain issues Firewall and DNS

                              I personally don't like firewalls on my servers as there are too many ports that need opened for exactly this reason.

                              Comment

                              Working...
                              X