无法通过点对点

无法通过点对点

关注
发信
关注(28)粉丝(399)

无法通过点对点(P2S)VPN网关在本地计算机上解析Active Directory域控制器

本文介绍了无法通过点对点(P2S)VPN网关在本地计算机上解析Active Directory域控制器的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

出于开发目的,我正在尝试设置:

For development purposes, I am trying to setup:

  1. Azure云:具有Windows Server 2019的虚拟机充当Active Directory的域控制器.机器还具有DNS和DHCP.
  2. VPN点对站点,以便本地(物理)工作站可以连接到域控制器
  3. 将本地(物理)工作站(Windows 10 Pro)加入Active Directory域.

项目1-完成.我已经安装并运行带有AD DC的Windows Server 2019项目2-完成.从本地计算机(Windows 10 Pro),我可以ping AD DC.项目2a-完成.我有一个Azure VM(Windows Server 2019),它也可以ping AD DC.第3项-不起作用.本地计算机(Win 10Pro)无法加入AD域(addc.local).项目3a-工作.Azure VM(WinSer 2019)加入AD域(addc.local).

Item 1 - done. I have up and running Windows Server 2019 with AD DCItem 2 - done. From local machine (Windows 10 Pro) I can ping AD DC.Item 2a - done. I have one Azure VM (Windows Server 2019) that can also ping AD DC.Item 3 - not working. Local machine (Win 10Pro) can't join AD domain (addc.local).Item 3a - working. Azure VM (WinSer 2019) join AD domain (addc.local).

我尝试了许多教程.终于,我(部分)成功了:

I tried dozen of tutorials. Finally I (partially) succeeded with:

  1. Windows Server 2019 – Active Directory安装入门指南-成功
  2. 如何在Windows Server 2019上安装VPN -失败.无法建立VPN.
  3. Azure-VPN指向站点|逐步教程-成功
  1. Windows Server 2019 – Active Directory Installation Beginners Guide - Success
  2. How to install VPN on windows server 2019 - Fail. Can't establish VPN.
  3. Azure - VPN Point to Site | Step By Step Tutorial - Success

最后,我将其设置为1和3.

Finally I got it up and running with 1 and 3.

  • 考虑到Azure VM可以加入Active Directory,我认为AD DC已正确设置.两台机器都属于同一个VNET.
  • 考虑到本地计算机可以ping通VNET正确设置的AD DC接缝,
  • 我不明白为什么Azure VM可以解析并加入"addc.local"域,而本地计算机却不能.在两台计算机上,在网络适配器中首选的DNS是相同的:域控制器的IP地址.

第一个问题是为什么这不适用于本地?第二个问题是,这样做是否正确(考虑到要求)?

First question is why this doesn't work for local?Second questions is this proper way to do it anyway (taking into account requirements)?

推荐答案

在这种情况下,您可以检查以下内容:

In this case, you may check the followings:

  1. 通常,VPN客户端将继承在Azure VNet上配置的DNS服务器.如果已设置Azure VNet的自定义DNS服务器,则在设置客户端VPN连接后,将其作为AD DC的私有IP地址.您可以从Azure门户重新下载VPN客户端程序包.参见 this1 this2 了解更多详情.
  2. 您能否 ping nslookup AD DC及其FQDN,例如 dcVM.addc.local ?如果不是,则可能是DNS问题.阅读 https://docs.microsoft.com/zh-cn/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances#name-resolution-使用您自己的DNS服务器
  3. 为了获得最佳性能,当您将Azure VM用作DNS服务器时,应禁用IPv6.
  4. 不确定,但是您可以尝试此解决方案.
  1. Usually the VPN client will inherit the DNS servers configured on the Azure VNet. If you have set the custom DNS server of the Azure VNet is the private IP address of the AD DC after you set up a client VPN connection. You could re-download your VPN client packages from the Azure portal. See this1 and this2 for more details.
  2. Can you ping or nslookup the AD DC with its FQDN like dcVM.addc.local? If not, it might be a DNS issue. Read https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances#name-resolution-that-uses-your-own-dns-server
  3. For best performance, when you are using Azure VMs as DNS servers, IPv6 should be disabled.
  4. Not sure, but you could try this solution.

这篇关于无法通过点对点(P2S)VPN网关在本地计算机上解析Active Directory域控制器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 16:44
Powered by LMLPHP ©2024 无法通过点对点 0.037289