Unable to join AD domain from DMZ network

Printable View

09-12-2008
Jasonholt

Unable to join AD domain from DMZ network

We are on Windows 2003 AD Domain and want to allow user account authentication from DMZ to 2003 AD internal network. But when we try to join AD domain from the server in DMZ, we get an error message that states "The RPC Server is unavailable". I worked with the network guy and for testing purpose, he allowed any traffic between DMZ to the internal network and no traffic was being denied. So, we moved forward to next solution for setting up Ethernal and captured traffic from the server in DMZ when tried to join AD domain. We got one error in the Etherbak capture log that stated "STATUS_ACCESS_DENIED, Error: STATUS_ACCESS_DENIED". Can anyone tell me what is causing this issue?
09-12-2008
Beter 2 Burn Out

Re: Unable to join AD domain from DMZ network

I have checked some enviroments where this is necessary. Only think of the security, you are are putting a DC into a zone, it can be accessed from outsiders and the internet. You should not go that way. CAn you note the requirements down and see whether you cannot do it with ADAM, now AD-LDS or ADFS. You can try to put a DC into the DMZ which is not a good idea in general.
09-12-2008
dkumar

Re: Unable to join AD domain from DMZ network

Use PortQueryUI.. U will have better Idea.

Kidding.. Ask ur netwok team to open All ports from Untrust to TRUST :)
11-06-2011
dannykor

Well, I’m running the same situation. DC 2008 r2 enterprise in the internal, subnet 10.1.2.0/24. Exchange server in the DMZ on subnet 192.168.10.0/24.
All ports and FW roles setup in accordance with Microsoft recommendation.
Can ping both ways from/to DC to Exchange server. When trying to join the Exchange server to the domain, get message "Network path was not found"
Any ideas?

Thanks,

Danny.
12-06-2011
Expertz

Re: Unable to join AD domain from DMZ network

Quote:

Originally Posted by dannykor

Well, I’m running the same situation. DC 2008 r2 enterprise in the internal, subnet 10.1.2.0/24. Exchange server in the DMZ on subnet 192.168.10.0/24.
All ports and FW roles setup in accordance with Microsoft recommendation.
Can ping both ways from/to DC to Exchange server. When trying to join the Exchange server to the domain, get message "Network path was not found"
Any ideas?

Thanks,

Danny.

First of all you will have to make it sure that your Dns is configured properly and verify your SRV records. After that try disabling the firewall and Antivirus Application for a while on the Windows 2008 server and try. After that perform a Dcdiag and see if you find and errors, if at all you are not able to troubleshoot please post the dcdiag results we will help you. If the above solutions doesnt helps try a clean boot.