0

I am new to Azure. Trying to setup DC in Azure. Created a vm and when, I try to perform dc promo I get the error An Active Directory domain controller could not be contacted. I tried to ping from Azure to on premise 192.168.x.x - Ping failed. I tried the same from on premise to azure 10.0.x.x - Ping successful. I have setup Site to Site connection and it is connected. Why dc promo is not working - no clue. I checked nsg and created in and out bound rule to allow traffic from on premise to azure and from azure to on premise. Still struggling to complete dc promo. Appreciate your input.

Thanks

Ram

Screen shot

Ram Lan
  • 3
  • 3
  • Start with a tracert to see where the network is dropping. You might have a VPN connection but no route. Make sure your VPN advertises a route to the remote network. DCpromo isn't working because your Azure AD server and on-prem AD server cannot talk to each other. This isn't a DC issue, it's a network issue. Once the two networks can cross communicate, you should be on your way to dcpromo. – Jarrod L. J. Gibson Sep 24 '20 at 20:45
  • Hi Jarrod - It is all good now. Massimo helped me with the problem. DC promo done and WVD setup working great. – Ram Lan Sep 25 '20 at 16:12

1 Answers1

0

You obviously have connectivity issues with your VPN, if the servers can't even ping each othet. If you are sure that traffic is allowed by Azure NSGs, then it's probably blocked by the firewall on your side.

Massimo
  • 70,200
  • 57
  • 200
  • 323
  • I have turned off firewall on RRAS server and on premises DC as well. Yet cannot ping from either end. – Ram Lan Sep 23 '20 at 14:08
  • I can ping from On Premise to Azure DC VM. I can't ping from Azure to On Premise. NSG - Inbound and Outbound rule is created for ANY traffic to allow. I know it is not the right way to do. Since, I am testing I created this rule. – Ram Lan Sep 23 '20 at 14:25
  • You are using RRAS for your VPN connection... is it doing NAT, too? – Massimo Sep 23 '20 at 14:30
  • I am not using NAT. From RRAS server, I can rdp azure vm. I can ping azure vm. The other way ping from azure vm to on premises is failing. Do, I need to change anything in NSG? – Ram Lan Sep 23 '20 at 14:32
  • Your NSGs are ok if they are configured to allow any traffic; you could also remove them, if you want to be absolutely sure they are not the problem. This looks more like a routing problem. Very likely, if the RRAS server is not the default gateway for your network. – Massimo Sep 23 '20 at 14:35
  • The default gateway for on premise is 192.168.0.1 which is my home router. The IP for RRAS is 192.168.0.15. – Ram Lan Sep 23 '20 at 14:38
  • You need to add static routes, either on the router (if you can) or on all machines in your network, to tell them they can reach the Azure network through the RRAS server. – Massimo Sep 23 '20 at 14:40
  • Checked Cisco Router DPC3825 to add static route of RRAS pointing to Azure 10.0.0.0. Unfortunately, I don't have the option within this home router provided by ISP Rogers. How can, I do this on DC and RRAS so, I can ping from Azure and proceed with dc promo? – Ram Lan Sep 23 '20 at 14:53
  • On the DC, do `route -p add 10.0.0.0 mask 255.0.0.0 192.168.0.15`; this should allow the two DCs to talk to each other. – Massimo Sep 23 '20 at 14:56
  • So creating above route should allow me to ping from Azure to On Premises DC? – Ram Lan Sep 23 '20 at 15:00
  • You are simply amazing. Thanks for the help. I can ping from both ends. – Ram Lan Sep 23 '20 at 15:01
  • Going to take a screenshot of this conversation for future reference. – Ram Lan Sep 23 '20 at 15:02
  • You can also upvote and accept the answer, you know ;) – Massimo Sep 23 '20 at 15:22
  • Upvote done and selected above as the answer for the Q. Thanks! – Ram Lan Sep 23 '20 at 16:12
  • @RamLan Uhm, no, you didn't, actually. – Massimo Sep 24 '20 at 15:35
  • OK I accept your answer with GREEN tick. Not sure where is upvote? – Ram Lan Sep 25 '20 at 16:11
  • Above the green tick there are a number (0 now) and and up and a down arrow; the arrows are upvote and downvote, the number is the score of the answer. – Massimo Sep 26 '20 at 16:07
  • Done. This was the message Thanks for the feedback! Votes cast by those with less than 15 reputation are recorded, but do not change the publicly displayed post score. – Ram Lan Sep 27 '20 at 17:13