# Solved: join workstation to remote domain



## mayer (Feb 26, 2007)

Okay, 
Sorry if this is a pretty basic question, but I am really new to this (installing my very first server) and haved tried all the tutorials and google searches I could find.

So, 
I have installed Windows Server 2003 R2 sp2 and have installed the DSN server, the AD and have created a new domain (which is also a new forest). (no other servers on the domain and no other domains on the server)

I have various machines running XP pro sp2/sp3 which should serve as workstations (clients) on this domain.

I had no problem hooking up all the computers on the lan. I just right-clicked "My Computer", went to the "Computer Name" tab, clicked the "Network ID" button and filled in the details, which created a new user on the xp-machine. (The preferred DNS on these machines is configuered using the server's internal ip on the lan.)

When I tried doing this with a off site xp machine, I received following error.

```
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate
 a domain controller for domain [subdomain].[domain].COM:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.[subdomain].[domain].COM

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

[subdomain].[domain].COM
[domain].COM
COM
. (the root zone)

For information about correcting this problem, click Help.
```
I have tried the following to help troubleshooting.

Pinging the domain-name from a client on the lan returns the server's internal ip on the lan.
Pinging the domain-name from a client on the wan returns the lan's public ip.

If I get this right, everything seems to work fine, except that the router on my lan doesn't seem to be forwarding the packets to my server.

I configuered the router to see the local ip of the server as the DMZ.
I also forwarded following ports to the server:








I have asked the ISP of the server to open up all the ports in the above list.

I still cannot sign in with the remote client.
Any help would be greatly apreciated.


----------



## peterh40 (Apr 15, 2007)

I suggest you do not open all those ports over a remote connection. What you need to do is set up RRAS to allow secure VPN connections to allow authorised computers access to the domain and join it if you wish, otherwise your new domain will be open to all and sundry on the internet - NOT a good idea.


----------



## srhoades (May 15, 2003)

I agree with the above post.


----------



## mayer (Feb 26, 2007)

Thanks a lot for your promt replies.

I have googled a bit a think I'll manage. If I need more help I know now where to get it.:up:


----------



## mayer (Feb 26, 2007)

Thanks for your help so far. I have continued this discussion over here


----------

