-1

I'm setting up an Active Directory in Windows 2012 for user authentication in Windows 10. Server and client PCs are not in the same area, therefore, it is a Wan connection.

For testing purposes, all firewalls are off. Server's public IP is 34.207.231.151 and a has a local IP 172.31.13.53. DNS in the server is active and correctly points the desired domain adir.school1.com to local IP. Client PCs use the server's public IP as DNS, that works well because if I ping adir.school1.com, I get the servers local IP.

If I try to join the clients to the domain it says Cannot contact with an Active Directory Domain Controller in the domain. In the details it says that the DNS was successfully query and it identified a domain controller but it cannot contact the Domain Controller.Which is expected as it cannot connect to 172.31.13.53 outsdie the LAN. How do I configure my ADDS to be reachable outside the LAN?

TylerH
  • 20,799
  • 66
  • 75
  • 101
Miguel Escalera
  • 31
  • 1
  • 6

2 Answers2

0

It looks like about your network configurations. I draw a basic network configuration.basic network

Also you can see a wan network here. Gateway is very important at this point.enter image description here

Merve Küçük
  • 41
  • 2
  • I appreciate your answer, but I still don't know what to do. I have no control over the routers. I can only configure the server, clients and firewall. – Miguel Escalera May 21 '17 at 20:35
  • Oh! Should I create a virtual network on the server to use a gateway? – Miguel Escalera May 21 '17 at 20:38
  • You don't have to control routers you just need to know their IPs which you can use as gateway. And gateway must be on same network with your ip. Network issues a little bit complicated. – Merve Küçük May 21 '17 at 21:03
  • In a wan network there are lans and every lan has a gateway router. Routers should communicate in wan. If routers can communicate, lans also can communicate – Merve Küçük May 21 '17 at 21:04
0

  1. In order to use ADDS through WAN, you do need a VPN. I could not use this solution, though, because the admins of the network did not want to open the required ports for VPN overt the firewall.

  2. The solution was to change the network configuration of the entire campus so our virtual server became part of the internal nerwork (which is a bunch of LANs with gateways) and voila!, the ADDS was reachable from all other computers. Still, not accesible outside the campus, but inside it works perfectly.

TylerH
  • 20,799
  • 66
  • 75
  • 101
Miguel Escalera
  • 31
  • 1
  • 6