Inter VLAN Can't Join Domain

Unanswered Question
Aug 17th, 2009
User Badges:

Hi All Pros,


I am just wondering if anyone faced this issue before where a host in another VLAN is unable to join Ms Windows domain which is in another VLAN? It does not have any access list because both are connected to the same switch (C3560). InterVLAN routing already enable. We have tested telnet to most of the ports involved in Active Directory from one host VLAN to Server VLAN. Server team checked that the Domain Controller and DNS is running FINE. Now we are stucked in between, not knowing what is the problem.


Host in VLAN 211 just unable to join domain to Server in VLAN 214. But host is able to join when in same VLAN 214.


Your help is very much appreciated.



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 08/17/2009 - 07:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Chow,


try the following


int vlan 214


ip helper-address AD-server-ip-address


the difference when in the same ip subnet is that server can be discovered with a broadcast


Hope to help

Giuseppe


derict Mon, 08/17/2009 - 18:10
User Badges:

Hi Giuseppe,


The DHCP server is actually not in the Domain Controller. There is one WLC in the network working as DHCP for the entire network.


We have tried setting all IP in VLAN 214 or 211 manually to host but still not able to join domain.

Hitesh Vinzoda Mon, 08/17/2009 - 23:19
User Badges:
  • Silver, 250 points or more

Are the hosts in Vlan 211 are WLAN clients or connected on switches..??


derict Tue, 08/18/2009 - 00:46
User Badges:

All connected through LAN... There isn't any client in VLAN 214 ...We only did it for testing purpose..

derict Tue, 08/18/2009 - 08:17
User Badges:

yes, PING and TELNET is working from VLAN 211 to VLAN 214..

Mohamed Sobair Tue, 08/18/2009 - 08:46
User Badges:
  • Gold, 750 points or more

Hi,


If hosts on vlan 211 able to ping hosts on vlan 214, then this is probably LDAP Protocol issue.


Could you confirm that port 389 TCP is not blocked any where?




HTH

Mohamed

derict Tue, 08/18/2009 - 19:36
User Badges:

Hi,


There isn't any access-list that block inter Vlan communication. However, I will try to do a telnet from VLAN 211 to DC through TCP 389 ... but i think if the DC is listening to this port, it shouldn't be any problem.

derict Tue, 08/18/2009 - 22:41
User Badges:

ok, i've tested and we are able to telnet from 211 to DC through TCP 389 ...

derict Thu, 09/03/2009 - 06:40
User Badges:

I have finally solved this issue. It is not due to any routing or configuration problem. The problem is from the Domain Controller's end.. It is due to "Single Label Domain" issue when they created the Domain Controller.


Below links as references;


http://support.microsoft.com/kb/300684


http://www.chicagotech.net/server/singlelabledns1.htm


How do we close or end this topic?

Actions

This Discussion