Joining client to natted domain server

Home Forums Microsoft Networking and Management Services Active Directory Joining client to natted domain server

This topic contains 6 replies, has 5 voices, and was last updated by Avatar kgoering 4 years, 8 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • Avatar
    Anishk
    Participant
    #165366

    [SIZE=16px]Please let us know if we have to make any changes while joining a client machines to a domain where the domain controller is natted to some other private ip address. ie, the physical ip address of the machine is different from the natted ip(which is also a private ip). The clients can only communicate with the natted ip and not the physical ip address.

    Regards,
    Anishk[/SIZE]

    Avatar
    biggles77
    Spectator
    #213835

    Maybe it’s me, but I do not understand what you have typed. A diagram of the network, with appropriate sample IPs, would be of help. Thanks.

    Avatar
    kgoering
    Member
    #386590

    Our AD server is 10.20.30.40 which has been now natted to 10.20.50.50. The client machines which are in a different network say, 10.30.40.100 are now not able to join to domain which were previously joining.

    Regards,
    Anishk

    Avatar
    Ossian
    Moderator
    #190682

    Can the clients ping the DC by IP, NetBIOS name and fqdn?
    If so, try joining using domain.com (fqdn syntax) rather than DOMAIN (NetBIOS syntax)

    Avatar
    kgoering
    Member
    #386591
    Ossian;n490506 wrote:
    Can the clients ping the DC by IP, NetBIOS name and fqdn?
    If so, try joining using domain.com (fqdn syntax) rather than DOMAIN (NetBIOS syntax)

    We are able to ping by ip (natted – 10.20.50.50) but not to netbios name or fqdn.. Saw some posts by microsoft that joining client machines to domain under natted environment is not recommended and tested. ! but don’t know whether it is possiblr or not ..

    Avatar
    Ossian
    Moderator
    #190683

    You need to get DNS sorted first – without that, there is no way you can join the domain
    Can you post an IPCONFIG/ALL from client and from DC

    Avatar
    Anonymous
    #371825

    Wherever you do your routing between your address ranges, make sure you have ‘ip helper-address’ commands on the vlan gateways which point to the NAT address of the DC. Also, make sure your NAT device (router/firewall?) isn’t blocking any ports between the client ranges and the DC when it does the NAT.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.