Windows Server 2012 R2 Standard located in our DMZ has problems with connection to RoDC

domain-name-system active-directory windows-server-2012-r2 dmz

Solution 1:

The client computer is not able to discover what AD site it is in. When you open up the firewall to a read-write DC, the computer is then able to discover what AD site it is in, and the problem goes away. To avoid having to open up access to a read-write DC, you'll have to tell the computer up front what AD site it's in.

Answer:

  1. Navigate to: HKLM\System\CurrentControlSet\Services\Netlogon\Parameters
  2. In the right pane, create a new String Value titled SiteName and for the Value Name type the name of the site in which the client computer resides.
  3. Close the registry editor and restart the client computer to have registry changes take effect.

Here is where I found the answer: http://social.technet.microsoft.com/forums/windowsserver/en-US/968e5f0f-8dda-4e57-b37f-8d858d568225/perimeter-network-to-rodc-no-logon-servers-available-using-ipsec-tunnel

Here is the official Microsoft reference material. The reg key is mentioned in steps 6-8 in the "To run the join script on the client computer" section. http://technet.microsoft.com/en-us/library/dd728035(WS.10).aspx

Related

OpenSolaris: What is the Dump device for?
WSUS & GPOS - Force restart and disable choosing updates W12R2
How to create a headless JDK on Ubuntu
:Powershell Register-ClusteredScheduledTask from XML
Yum Update Failing mod_ssl and glibc_devel
Mod_rewrite replace underscores with dashes (or hyphens) in Opencart
Using reflection in Powershell with different .NET framework versions
what is the point of return in Ruby?
Center a large image of unknown size inside a smaller div with overflow hidden
How to listen for specific property changes in Redux store after an action is dispatched
Replace service registration in ASP.NET Core built-in DI container?
ASP.net Repeater get current index, pointer, or counter