Cannot join Google Cloud VM to Azure AD Domain Services

domain-name-system azure google-cloud-platform azure-active-directory-ds

I have a multicloud setup using Azure VM's and Google Cloud VM's that are connected via a site-to-site VPN (from Azure). VPN connectivity is all working fine, however I'm now trying to join all (both Azure and Google) VM's to the same domain hosted in Azure (AADDS). Azure VM's are joined successfully after peering the Vnets and adjusting the DNS servers to point to the AADDS interal IP's, but I'm stuck at the google VM's.

I have:

  • verified the VPN connectivity from google VM's to the AADDS internal ip's, I get a successfull ping reply on both ip's.
  • used DIG to see the DNS config that the Azure VM's are using and tried to copy those to a Google DNS Zone (private).
  • verified that I can ping the domain(name) from my google VM.

I feel this is a DNS issue, considering the ping is working fine. Initially I got the SVR-record missing error so I added a specific SVR record _ldap._tcp.dc._msdcs svr and also tried the wildcard SVR. But I end up with the following error when trying to join:

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "mydomain.com":

The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain.com

The following domain controllers were identified by the query:
mydomain.com


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

Solution 1:

So I figured it out eventually. I tried using DNS forwarding provided by google's Cloud DNS en manually changing the DNS settings on the VM but didnt help. Eventually what worked was the right (by trial and error) combination of NS, SVR en A-records on a custom Google Cloud DNS-zone. Essentially having both naked domain and wilcard+domain records for A en SVR records. These records were based on the info I got from logging in to the DNS server on the AAD DS-service (on an already joined VM).

Related

Using @Headers with dynamic values in Feign client + Spring Cloud (Brixton RC2)
How to install docker in docker container?
Download python library from Github "requires a different Python"
Printing the exponent in scientific numbers with superscript characters
What is the construction order in a "diamond problem" where a class is derived from three base classes?
Django: How to get parameters used in filter() from a QuerySet?
Eventbridge bus: can't receive messages on custom event bus?
Add a teams-calendar to outlook
MySQL split first and second element from one column to different colmns
Change python mro at runtime
Beego ORM MySQL: default addr for network '...' unknown
Force MessageBox.Show to display on top