RRAS client not able to join the domain

Hello chabango,

Hope you have a lovely day!

To troubleshoot the issue where your RRAS client is not able to join the domain, you can check and consider the following steps:

1. DNS Configuration:

Ensure that the DNS settings on the client machine are configured to use the DNS server of the domain you are trying to join. This is crucial for the client to find the AD DC. You might need to manually set the DNS server on the client’s VPN connection settings to the IP address of the domain’s DNS server.

2. RRAS DNS Forwarding:

On the RRAS server, check if you have configured DNS forwarding. This allows DNS queries from the client to be forwarded correctly to the internal DNS servers that can resolve domain names in your Active Directory.

3. Static Routes:

If the client is connected but can't see the AD DC, it might be a routing issue where the network packets aren't being routed correctly between the client and the server. Check if you need to set up static routes in RRAS to ensure proper routing of traffic from the VPN clients to the network where the AD DC resides.

4. Firewall and Security Settings:

Verify that there are no firewalls blocking the essential ports required for domain joining operations. Typical ports include 53 (DNS), 88 (Kerberos), 389 (LDAP), 445 (SMB), among others. Ensure these ports are open in both the client’s firewall and any network firewalls.

5. Client VPN Settings:

Sometimes, the VPN client configuration might not be set up to allow LAN access. Ensure that the VPN connection on the client machine allows for gateway and network access.

6. Credential Issues:

Verify that the credentials being used to join the domain are correct and have the necessary permissions to add computers to the domain.

7. Test with nslookup:

On the client machine, try using `nslookup` to resolve the domain name and see if it correctly resolves to the AD DC’s IP address. This can help confirm if DNS settings are correct.

8. Check Event Viewer:

Look at the Event Viewer on both the client and the RRAS server for any warnings or errors that might give more insight into what is failing.

By systematically checking these aspects, you should be able to identify why the RRAS client is unable to join the domain and take appropriate action to resolve it. If you continue to experience issues, providing more detailed configuration details might help in diagnosing the problem further.

Best regards

Rosy

Hi Rosy,

DNS - The PPP adapter is configured for the IP of the Domain Controller. The IP is the correct IP give out by the RRAS static address pool, however, the subnet mask is 255.255.255.255 instead of 255.255.240.0.

RRAS DNS Forwarding - Which setting are you referring to here?? The LAN and demand-dial routing radio button is configured on the General tab of the RRAS server, and on the IP tab, the Enable IPv4 Forwarding check box is checked and the Enable broadcast name resolution is checked. Is there another setting you are referring to?

Static Routes - I have not configured any static routes on the RRAS server, can you give guidance on what route I should configure?

Firewall and Security Settings - those ports are open in the firewall and the client firewall is disabled.

Client VPN Settings - What configuration are you referring to regarding the gateway and network access?

Credential Issues - I am using the Domain Admin permissions

ISSUE - Test with nslookup - doing an nslookup does not resolve which I know is a probelm but not sure how to fix it:

Check Event Viewer - I am not seeing anything in Event Logs that is revealing

Hi Friends,

Thank you for providing detailed information about your current configuration and the issues you're facing with DNS resolution over your PPP adapter and RRAS settings. Let’s address each of your points to help resolve the issue:

1. DNS and PPP Adapter Configuration:

- The subnet mask set to 255.255.255.255 on your PPP adapter indicates a point-to-point connection, which is common in PPP setups. However, if this configuration is causing issues with network services, adjusting it might be necessary. You should ensure that your RRAS is configured to assign the correct subnet mask according to your network design. This might require modifying the DHCP settings in RRAS to ensure the correct subnet mask is assigned.

2. RRAS DNS Forwarding:

- You've got the general setup correct with IPv4 forwarding and broadcast name resolution enabled. If you're looking for DNS forwarding specifically, this setting isn't directly labeled as "DNS Forwarding" in RRAS. However, you can ensure that DNS queries are correctly forwarded by configuring your RRAS server to use a specific DNS server under the DHCP relay agent settings, if your network design requires this.

3. Static Routes Configuration:

- The need for static routes depends on your specific network topology. For instance, if your RRAS server is meant to connect isolated subnets or route traffic between different network segments, you might need to configure static routes. Typically, you’d configure a static route to ensure that all traffic destined for a particular subnet is routed through a specific gateway.

4. Firewall and Security Settings:

- It sounds like your firewall settings are appropriately configured. Since the client firewall is disabled and necessary ports are open, we can rule out firewall issues at this stage.

5. VPN Settings:

- For VPN settings related to the gateway, ensure that the VPN client is configured to use the default gateway on the remote network. This setting is often found in the properties of the VPN connection under the networking or IPv4 settings.

6. Issue with nslookup:

- If nslookup is not resolving, it indicates a DNS resolution issue on the client connected via VPN. Ensure that the DNS server assigned to the VPN clients is reachable and capable of resolving names correctly. You might want to explicitly set a DNS server on the PPP adapter’s settings.

7. Credential Issues:

- Using Domain Admin permissions should provide sufficient rights, assuming there are no policy restrictions in place affecting network services.

If you continue experiencing issues, I recommend checking the event logs on your RRAS server and the client machine for any specific errors related to DNS or network connectivity and ensuring that your domain controller is correctly handling DNS requests.

Feel free to provide more specifics or any error messages you see in the logs, and we can dig deeper into this issue.

Best regards,

Rosy