Connectivity issue between Windows 10 (on-premises) and Windows Server 2016 on Azure

Question

Using Point-to-Site connection, I planned to connect Windows 10 (on-premises) and Windows Server 2016 on Azure so that Windows 10 (on-premises) can join Windows Server 2016 Domain Controller.

I am trying to elaborate steps that I followed:

Step1: Create a Resource Group, say SkyTech with the Region East US.

a). Create an Availability Set, say 1ASet.SkyTech with details as

Resource Group: SkyTech

Region: East US

Fault domains: 2 (default)

Update domains: 5 (default)

Use managed disks: Yes(Aligned) (default)

b). Create a Virtual network, say, 1VNet.East with details as

Address space: 15.0.0.0/25

Resource Group: SkyTech

Location: East US

Subnet: 1SubNet.East

Address range: 15.0.0.0/26

DDoS Protection: Basic (default)

Service endpoints: Disabled (default)

Firewall: Disabled (default)

c). Create Gateway subnet for the virtual network 1VNet.East with details as

Address range: 15.0.0.128/28 (selected automatically)

Network security group: None (default)

Route table: None (default)

Service endpoints: 0 selected (default)

Subnet delegation: None (default)

Step2: Create virtual network gateway with details as

Name: SkyTech.EastUS

Region: East US

Gateway type: VPN

VPN type: Route-based

SKU: Basic

Virtual network: 1VNet.East

Gateway subnet address range: 15.0.0.128/28 (selected automatically)

Public IP address: Create new

Public IP address: SkyTech.Pub.IP

Public IP address SKU: Basic (selected automatically)

Assignment: Dynamic (selected automatically)

Enable active-active mode: Disabled (default)

Configure BGP ASN: Disabled (default)

Step3: Generate and export certificates of the Windows 10 (on premises) computer.

a). Create a self-signed root certificate

b). Generate a client certificate

Step4: Export the root certificate public key (.cer)

Step5: Export the self-signed root certificate and private key to store it

Step6: Configure Point-to-Site Configuration in the Virtual Network Gateway

Added Address Pool like 172.16.25.0/24

Added Root Certificates and Public Certification Data of the desktop computer (on the premises).

Clicked Save and then Download VPN client.

Step7: Installed VPN client in the desktop computer (on premises)

Connected VPN.

In the ipconfig, the desktop computer is showing the address from the Address Pool (172.16.25.0/24) under PPP Adaptor.

Steps8: Create virtual machine

Resource group: SkyTech

Virtual machine name: SkyTech.EastUS

Region: East US

Availability option: Availability set

Availability set: 1ASet.SkyTech

Image: Windows Server 2016 Datacentre

Authentication type: Password

Username: Admin.SkyTech

Password: Admin@123

Confirm password: Admin@123

Public inbound ports: Allow selected ports

Select inbound ports: RDP

Already have a Windows Server license: No

Disk options (OS disk type): Premium SSD

Virtual network: 1VNet.East

Subnet: 1SubNet.East

NIC network security group: Basic

Accelerated networking: Off

Place this virtual machine behind an existing load balancing solution: No

Boot diagnostic: Off

OS guest diagnostics: Off

System assigned managed identity: Off

Enable auto-shutdown: Off

Enable backup: Off

Step9: Static IP the virtual machine

In virtual machine, Settings > Networking

There are NIC Public IP: 40.82.x.x and NIC Private IP: 15.0.0.4

Click 40.82.x.x > Settings > Configuration

Assignment: Static

Then, Save

Steps10: Created DNS Server at the VNet level as follows: Used 15.0.0.4 as a Private IP in Custom.

I tried all above steps about times in the order of Step1 to Step10.

The issue is:

From Windows 10 (on-premises) computer, I am able to connect Windows Server 2016 VM SkyTech.EastUS using RDP with Public IP and with Private IP both.

But both (Windows 10 and Windows Server 2016) are not pinging each other so that I can join Windows 10 to Windows Server 2016 Domain Controller.

Moreover, after all Steps (From Step1 to Step10), I added role of Active Directory Domain Services and promoted Windows Server 2016 as a Domain Controller.

Then, I tried to join Windows 10 to Windows Server 2016 Domain Controller. I see error message as follows:

Please let me know, what I need and where I am wrong.

Regards

TekQ

Answer 1

Two points you have to do:

• Deploy a DNS server. Usually, you could do this via adding a DNS role in the DC VM or another server in the same VNet. Specify the DNS server private IP address in the DNS servers of Azure VNet on the Azure portal.
• Create a Azure VPN gateway to connect between the on-premise network and Azure VNet. In this case, for one or fewer clients, you could use a P2S VPN gateway. For a corp, you could use the S2S VPN gateway. This way needs a VPN device.

Once the VPN gateway set up and you can ping the Azure VM via private IP address, then you could join the desktop to the ADDC domain. Note, once you update the DNS or other settings in the Azure VNet, you have to re-download the VPN client to make the local DNS or route update if you have a P2S gateway.

Answer 2

you need your vm to be able to talk to the domain controller and you vm to be able to resolve the dns name of your domain to one of the domain controllers. Usually you just specify on or more of your domain controllers as dns servers for the vm.

Alternatively you can set them at VNet level, so the settings are applied to all the VMs in the Vnet.

For connectivity you can use Vnet peering or Site-to-Site VPN.