Remote computer able to ping DC but unable to join domain

02-27-2007, 03:23 AM

Hi,

I am able to ping the Domain Controller from my remote computer. But the
computer fails to join the domain. Are there any settings or ports that i
should open in the firewall so that joining of domain is possible?

By the way, my remote computer could not access the share folders in the DC
located at HQ.

Thank you.

Regards,
Hong Jin

02-27-2007, 07:06 AM

If you have not locked down the ports used by AD and Windows you´ll end up
having trouble with domaintraffic or end up with a wide open firewall.

For this issue there are a solution to lock down the traffic to fixed ports
to handle firewall configuration and still maintaining high security. Read
this article:

http://www.microsoft.com/technet/pro.../adrepfir.mspx

--
----------------------------------------------------------------------------------------------------------------------------
Johan Engdahl
CCSA, CCSE, CCA, MCP | johan AT firewall1 DOT nu | http://www.firewall1.nu

"Hong Jin" <(E-Mail Removed)> wrote in message
news:F798CB1F-8786-4B92-B2FF-(E-Mail Removed)...
> Hi,
>
> I am able to ping the Domain Controller from my remote computer. But the
> computer fails to join the domain. Are there any settings or ports that i
> should open in the firewall so that joining of domain is possible?
>
> By the way, my remote computer could not access the share folders in the
> DC
> located at HQ.
>
> Thank you.
>
> Regards,
> Hong Jin

03-01-2007, 01:26 PM

You trying to gain access to your internal network from the internet?
If so, that's a very bad idea. You may want to look into a secure
method such as VPN. If the connection is dedicated you could use
port forwarding and do a 1-1 translation for this paticular machine.

"Hong Jin" <(E-Mail Removed)> wrote in message news:..
> Hi,
>
> I am able to ping the Domain Controller from my remote computer. But the
> computer fails to join the domain. Are there any settings or ports that i
> should open in the firewall so that joining of domain is possible?
>
> By the way, my remote computer could not access the share folders in the
> DC
> located at HQ.
>

03-02-2007, 12:35 AM

Hi,

I am using a leased line to access my internal network. Access internal
network through the Internet is not allowed currently. I will try to look
into articles on port forwarding. Actually my remote site has a different set
of IPs and Gateway. I hope this port forwarding technique permits me to
connect the remote gateway and HQ's gateway.

Thanks for the idea.

Regards,
Hong jin

"Michael Giorgio - MS MVP" wrote:

> You trying to gain access to your internal network from the internet?
> If so, that's a very bad idea. You may want to look into a secure
> method such as VPN. If the connection is dedicated you could use
> port forwarding and do a 1-1 translation for this paticular machine.
>
>
> "Hong Jin" <(E-Mail Removed)> wrote in message news:..
> > Hi,
> >
> > I am able to ping the Domain Controller from my remote computer. But the
> > computer fails to join the domain. Are there any settings or ports that i
> > should open in the firewall so that joining of domain is possible?
> >
> > By the way, my remote computer could not access the share folders in the
> > DC
> > located at HQ.
> >
>
>
>

03-02-2007, 01:32 PM

"Hong Jin" <(E-Mail Removed)> wrote in message
news:B25A3B35-E8FE-4DB7-8D02-(E-Mail Removed)...
> I am using a leased line to access my internal network. Access internal
> network through the Internet is not allowed currently. I will try to look
> into articles on port forwarding. Actually my remote site has a different set
> of IPs and Gateway. I hope this port forwarding technique permits me to
> connect the remote gateway and HQ's gateway.

There is no real such thing as Port Forwarding. That is a "non-term" invented by
the SOHO Market that doesn't really mean anything,...the same segment of the
market that calls Broadband NAT Devices "routers" when they are not real
routers. The ports are not having anything done to them and they aren't doing
anything,...the focus of the action is not even the ports,..it is the IP#. The
real terms are either Static NAT (aka Reverse NAT) and 1:1 NAT depending on the
exact method used.

Anyway, none of that matters here. This is a leased line, meaning there is no
internet, meaning these are all private RFC IP#s,...meaning there should not be
any NAT here at all,...meaning there should *not* be any firewall involved in
any way here at all. The most likely cause of this behavor is that the client
is using the wrong DNS Server. Using WINS would also be helpful in this
situation.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.
-----------------------------------------------------

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Unable to join SBS 2003 Domain on XP client	Beterman	Windows Networking	8	07-11-2009 05:15 AM
unable to join computer to domain	=?Utf-8?B?bW1p?=	Windows Networking	10	02-24-2005 06:24 AM
Cannot join computer into domain	BeerBong	Windows Networking	1	11-09-2004 11:44 AM
unable to join domain from remote site	carter	Windows Networking	0	09-02-2004 06:34 AM
Unable to Join a Domain	Carolyn	Windows Networking	4	02-03-2004 04:30 PM