No announcement yet.

Joining 2003 domain over sonicwall vpn

  • Filter
  • Time
  • Show
Clear All
new posts

  • Joining 2003 domain over sonicwall vpn

    Good morning all.

    I have a 2003 domain controller which also runs DNS. this server is on my main site and is connected to the internet via a sonicwall tz210. IP range is 192.168.2.x

    I have a remote site that has 3 PC's (windows xp pro) and is connected to the internet via a tz100 which acts as DHCP for the 3 machines on a 192.168.4.x range. I have the 2003 domain controller as primary DNS and the ISP's as secondary.

    the tz210 and tz100 are connected via a site to site vpn. this is all working. I can browse to the main site using FQDN and unc. i can authenticate to shares and copy files etc.

    What i cant do is join the domain. i get the domain controller cannot be found. if i take the PC back to the main office i can join the domain.

    On the remote site i can log onto the machine with any user from AD.

    Could anyone point me in the right direction.

    Thanks for the help

  • #2
    problem joining domain over site 2 site vpn

    i get the following error when trying to join a domain over a site to site vpn

    "The domain name "DOMAIN" might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.
    If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.
    DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "millennium":
    The query was for the SRV record for _ldap._tcp.dc._msdcs.DOMAIN The following domain controllers were identified by the query:

    However no domain controllers could be contacted.
    Common causes of this error include:
    - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.
    - Domain controllers registered in DNS are not connected to the network or are not running."

    I have checked DNS and all looks ok. all a records are present.

    I am using the main site DNS server at the remote site. if i take the PC back to the main office it joins fine. (same dns server)

    from the remote site i can browse via name / unc to the ad server and authenticate to access shares when prompted for password etc.

    the only thing i can think is that the domain has no suffix ie domain.local. its just domain


    • #3
      Re: problem joining domain over site 2 site vpn

      I have fixed it by using the old LMhost file for the #pre #dom line. (WINS)

      i figured it was a netbios / wins issue as the domain has no . local suffix thus not making it a FQDN.





      be good if someone could confirm. since we dont have a wins server i will need to use the LMhost file.


      • #4
        Re: Joining 2003 domain over sonicwall vpn

        I think you need to open a whole bunch of ports on your firewall. Especially 53 for DNS resolution.
        Check this for a concentrated list required for AD communication ports:
        or this for a more complete list of communication ports required if other services are used:

        Also, can you try to not double post:

        Reported to be merged.
        • Mod edit:
          Threads merged. thanks L4ndy.
        Last edited by Rems; 17th March 2011, 10:52. Reason: Added doublepost note!
        Caesar's cipher - 3




        • #5
          Re: problem joining domain over site 2 site vpn

          I have found that, over a vpn, it is far better to use the FQDN than the NETBIOS name e.g.
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd

          ** Remember to give credit where credit is due and leave reputation points where appropriate **


          • #6
            Re: Joining 2003 domain over sonicwall vpn

            It will be a DNS issue that your having.

            How is DHCP being issued and what are you using for youor DNS servers on the remote site???

            How are your firewall rules for VPN -> VPN traffic??? IMHO allow everything and ensure that you have the gateway AV, Anti-Spyware and IPS enabled on the Zone.

            This may not be available on OS Standard, it is for definate on OS Enhanced.