LDAP Bind Error 8341 on Domain Controller


  • Service Provider

    Having an issue with Active Directory failing when a new device attempts to join the domain. Here is the error that I get when running a dcdiag /v against the main domain controller (to-win-ad1.)

    binderror.png


  • Service Provider

    One obvious issue here is the DNS one. If I ping to-win-ad1 it resolves correctly and can be reached. But when running dcdiag it is attempting to use the 10.x.x.x subnet which is not available to the clients over the VPN.



  • Did you setup the Pertino settings with the DNS info, etc?


  • Service Provider

    Yes, like I said the DNS resolution and pings work fine. It only has the issue when running the diags.



  • @scottalanmiller said:

    Yes, like I said the DNS resolution and pings work fine. It only has the issue when running the diags.

    Ok, what about forcing it to use the Pertino address for that hostname? Try adding that hostname with the Pertino address to the hosts file.



  • It's not an ideal solution but at least for the sake of troubleshooting, might be worth a shot.



  • I wonder if Pertino has tried this at all in their labs?



  • @Dashrender said:

    I wonder if Pertino has tried this at all in their labs?

    Considering Scott is the one who created the initial method for connecting to AD over Pertino, it's a craps shoot.



  • @ajstringham said:

    @Dashrender said:

    I wonder if Pertino has tried this at all in their labs?

    Considering Scott is the one who created the initial method for connecting to AD over Pertino, it's a craps shoot.

    Method?



  • @Dashrender said:

    @ajstringham said:

    @Dashrender said:

    I wonder if Pertino has tried this at all in their labs?

    Considering Scott is the one who created the initial method for connecting to AD over Pertino, it's a craps shoot.

    Method?

    You put Pertino on your DC/DCs and the client machine. On the client machine, you go the the IP settings of the Pertino adapter and set the DNS statically to your DC or DCs. That was the initial process. It may still be the standard.


  • Service Provider

    Tested with a new desktop that is also on Windows 10 and it too has the same failure to join the domain without any further information to tell us what might be wrong.



  • Have you tried a point to point VPN source for connectivity with the Domain to see if that works (instead of Pertino)?


  • Service Provider

    @Dashrender said:

    Have you tried a point to point VPN source for connectivity with the Domain to see if that works (instead of Pertino)?

    It's OpenVPN and IPSec, I've used both a ton. No concerns there at all. But it doesn't do what Pertino does. While both are VPNs, they are completely different things. Pertino is a hosted full mesh. Ubiquiti, like any hardware VPN, is a site to site VPN. There are very few times that both would be an option for the same network.



  • @scottalanmiller said:

    @Dashrender said:

    Have you tried a point to point VPN source for connectivity with the Domain to see if that works (instead of Pertino)?

    It's OpenVPN and IPSec, I've used both a ton. No concerns there at all. But it doesn't do what Pertino does. While both are VPNs, they are completely different things. Pertino is a hosted full mesh. Ubiquiti, like any hardware VPN, is a site to site VPN. There are very few times that both would be an option for the same network.

    I was suggesting that you try to join the domain using another connection method instead of Pertino to see if it is Pertino that is causing the problem of joining the domain. Setup a Site to Site VPN from your home to NTG's network, etc. If that works, you (and hopefully) Pertino now know that Pertino has some work to do to get this working for Windows 10.



  • @scottalanmiller said:

    It's OpenVPN and IPSec, I've used both a ton. No concerns there at all. But it doesn't do what Pertino does. While both are VPNs, they are completely different things. Pertino is a hosted full mesh. Ubiquiti, like any hardware VPN, is a site to site VPN. ** There are very few times that both would be an option for the same network.**

    Really? I could see this being useful in my case where I have 4 remote locations using Site to Site, and for my mobile users they could use Pertino.