Unable to Manage a Domain Computer from Domain Controller

[[email protected]]

I have installed Active Directory on Virtual Machine with Win2k8 Server, which is a domain controller. I am joining other computers i. e Laptops and Virtual Machines to the Domain.

There are few problems that i am facing,

1) I am able to join all the Laptops to domain, but i am not able to manage them using domain controller. When i right click on computer->Mangage computer, it shows an error

Computer \\Computername.domainname cannot be managed.The Network path was not found.

Surprisingly 1 of the Win 7 laptops is working fine, and i am able to manage it without making any changes. All others show the same error.

Changes that i have made so far are:

i) Under Network and Sharing Center -> Advance settings, I have enabled Network Discovery as well as File and Printer sharing.

ii) Turned windows as well as domain Firewall off.

Still getting the same error.

2) After joining the domain, laptops are not able to connect to other networks other then our local network.

3) I have setup a VPN on Server that is domain controller, I am able to connect to that VPN connection from these laptops but i am not able to ping the server, or any other VMs running under same network.

In case of VMs (all running Win 2k8) i am not having any of above mentioned issues. I am assuming there is some setting particularly in Win 7 that needs to be changes.

[+BudMan MVC]

"2) After joining the domain, laptops are not able to connect to other networks other then our local network."

What does this mean? Makes no sense - do you mean wireless network, plugged into a wire somewhere else and don't get an IP. Can not access the internet, what other networks are you talking about?

Are you windows 7 laptops using dhcp from your DC? Are they static? Where do they point for dns?

So all the VMs are working - how does your VMs connect to your physical network - are you natting the connection or bridging?

Is your pinging issue while they are connected via vpn? So when they connect via vpn they are at another location or on your same network? Why would you connect to vpn if on your local network - and if they are remote I thought you said they can not connect to any other networks?

[majortom1981]

Keep in mind having adomain controller as a virtual machine is a bad idea. you can get time sync errors and other problems that creep up.

Can you ping your domain name?

Also when you remotely connect to a machine it should either be just the "machinename" or "machinename.domain" not "computer\\computer.domain"

[jordanspringer]

Can you ping the workstations by computer name from the domain controller? If not can you ping them by IP? Check your DNS?

[[email protected]]

All Laptops are using DHCP.

Before joining the Domain, I set the Preferred DNS of Laptops to the IP of the Domain Controller. Left the alternate DNS blank. Reverting it back to Auto DNS has solved the issue. Now i am able to connect to other Wifi connections and ping the router after joining VPN.

Other issues are still there.

Yes i am able to ping the workstations using machine name.

[+BudMan MVC]

Dhcp from where?? Your DC? Or your router?

All member machines of a domain need to use the AD for dns - PERIOD!!!! you then need to setup your AD dns to either forward to your router for dns, isp or something outside like google or opendns. Or have it lookup direct from roots.

I could fire up a clean w7 box and join it to domain - there should be NOTHING you have to do on the pc to allow remote admin using the domain admin account. This gets added to local administrators on the box when it joins the domain.

But if the pc is not using your AD dns - it would be possible that it would not be able to verify authentication from the DC when you try and access it.

Your not running any sort of 3rd party firewall/security suite on the PCs are you?

[Obi-Wan Kenobi]

just wondering...could Remote Registry have something to do with it? I know if you disable that service, you cannot manage remote PC's....just curious. And puzzled, lol! At least you have BudMan to help...he is the king! (Y)

[+BudMan MVC]

yes remote registry could be an issue - but why would that be off?

What is more likely is he has basic configuration wrong - ie machines using his router or isp for dns vs his AD dns. This is common problem in the home lab, user has router for dhcp that hands out its own info gateway, dns point to it, it then forwards to ISP

If you want to run AD you should most likely disable router dhcp, turn on dhcp on your server and just point to your router as gateway in the dhcp scope. DNS needs to point to AD DC, and dhcp also helps with the registrations in dns for your member boxes. You then configure AD dns to forward or use root hints.

I would look to this sort of configuration problem before seeing if a default service on multiple machines has been disable - but sure it is quite possible that could be a problem.

There should be a group policy setting that makes sure this is set to automatic - but yeah he could check if for whatever reason this is not set to automatic and starting once you join a domain.

[[email protected]]

Remote Registry was off, But turning it on did not make any difference.

Yes, machines are using DNS provided by router (ISP). Based on the network structure we have, i do not want all the machines to be a part of AD, so i can not turn off the auto DNS function of Router.

To me it does not sounds to be the DNS issue, because i have 2 win 7 computers on my desk, both using same network configuration. After joining them to domain, 1 works perfectly fine, and i face all those issues with the second computer.

[[email protected]]

Issue has been resolved.

I logged in as administrator (default account before joining the domain) and turned off the windows and domain firewall. Now i am able to manage the computer from domain controller.

[+BudMan MVC]

"Yes, machines are using DNS provided by router (ISP).

This is going to cause you NOTHING but ISSUES!!! All members of a domain NEED to point to the AD DNS - if they do not then they can not correctly resolve SRV records, etc..

All machines in your network can point to AD dns - even if they are NOT members of the domain, this is not going to hurt anything. Then your AD dns points to ISP or direct from roots.

Anyone that would point a AD member to non AD dns clearly has not even the most basic understanding of how DNS is integrated into AD.

http://mcpmag.com/articles/2004/05/01/10-dns-errors-that-will-kill-your-network.aspx

10 DNS Errors That Will Kill Your Network

1. TCP/IP Configuration Points to Public DNS Servers

This is by far the most common DNS error. Each network interface has a set of TCP/IP settings that lists the DNS servers used by that interface.

If the TCP/IP settings for a member computer specify the IP address of a public DNS server?perhaps at an ISP or DNS vendor or the company?s public-facing name server?the TCP/IP resolver won?t find Service Locator (SRV) records that advertise domain controller services, LDAP, Kerberos and Global Catalog. Without these records, a member computer can?t authenticate and get the information it needs to operate in the domain. It then acts like a teenager who can?t get the car keys, growing sullen and exhibiting a variety of bad behaviors.