{"id":265,"date":"2007-09-25T12:15:26","date_gmt":"2007-09-25T15:15:26","guid":{"rendered":"http:\/\/talsoft.com.ar\/weblog\/?p=265"},"modified":"2007-09-29T12:17:23","modified_gmt":"2007-09-29T15:17:23","slug":"conectar-sites-de-active-directory-por-vpn","status":"publish","type":"post","link":"https:\/\/www.talsoft.com.ar\/site\/es\/conectar-sites-de-active-directory-por-vpn\/","title":{"rendered":"Conectar Sites de Active Directory por VPN"},"content":{"rendered":"<p align=\"left\"><font face=\"Arial\" size=\"2\">Aca dejo una soluci\u00c3\u00b3n a un problema que me volvio loco, resulta que quer\u00c3\u00ada agregar un Domain Controller a un Dominio existente\u00c2\u00a0por VPN,\u00c2\u00a0con diferentes subredes\u00c2\u00a0y no\u00c2\u00a0lograba conectarse entre ellos. <\/font><\/p>\n<p align=\"left\"><font face=\"Arial\" size=\"2\">El instalador de Active Directory mostraba un error de que no encontraba el nombre del servidor que contenia el Dominio existente.<\/font><\/p>\n<p align=\"left\"><font face=\"Arial\" size=\"2\">Luego de investigar, ver la configuraci\u00c3\u00b3n del DNS, el Firewall de CISCO, llegue a una soluci\u00c3\u00b3n:<\/font><\/p>\n<p><font face=\"Arial\" size=\"2\" \/><font face=\"Arial\" size=\"2\"><\/p>\n<p align=\"left\"><font face=\"Arial\" size=\"2\">Se debe modificar la siguiente clave del registro en el Servidor de Active Directory:<\/font><\/p>\n<p><font face=\"Arial\" size=\"2\" \/><\/p>\n<p align=\"left\"><font face=\"Arial\" size=\"2\">Setea Kerberos sobre TCP en vez de UDP.<br \/>\n<\/font><span lang=\"EN-US\"><font size=\"2\" \/><font face=\"Arial\">[HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\<br \/>\nControl\\Lsa\\Kerberos\\Parameters]<br \/>\n\u00abMaxPacketSize\u00bb=dword:00000001<\/font><\/span><\/p>\n<p><span lang=\"EN-US\"><font size=\"2\"><font face=\"Arial\" \/><\/font><\/span><font size=\"2\"><\/p>\n<p align=\"left\"><span lang=\"EN-US\"><font size=\"2\" \/><font face=\"Arial\">Esta modificaci\u00c3\u00b3n permite que el servidor que intenta agregarse al Domain Controller a un Dominio existente, lo oblige a conectarse al Kerberos por TCP en vez de UDP. Se ve que la conexion por UDP al pasar por la VPN, se perdia entre la NAT y el firewall de CISCO.<\/font><\/span><\/p>\n<p align=\"left\"><span lang=\"EN-US\"><font face=\"Arial\" size=\"2\">Espero que les haya sido util, esta informaci\u00c3\u00b3n.<\/font><\/span><\/p>\n<p><span lang=\"EN-US\"><font face=\"Arial\" size=\"2\" \/><\/span><\/font><font face=\"Arial\" size=\"2\"><\/p>\n<p align=\"left\"><span lang=\"EN-US\"><font face=\"Arial\" size=\"2\">Mas INFO: <a href=\"http:\/\/www.sfu.ca\/ad\/kerberos\/index.html\">http:\/\/www.sfu.ca\/ad\/kerberos\/index.html<\/a><\/font><\/span><\/p>\n<p align=\"left\"><span lang=\"EN-US\"><font face=\"Arial\" size=\"2\">Saludos,<\/font><\/span><\/p>\n<p align=\"left\"><span lang=\"EN-US\"><font face=\"Arial\" size=\"2\">Leandro Ferrari<\/font><\/span><\/p>\n<p><\/font><\/p>\n<p><\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Aca dejo una soluci\u00c3\u00b3n a un problema que me volvio loco, resulta que quer\u00c3\u00ada agregar un Domain Controller a un Dominio existente\u00c2\u00a0por VPN,\u00c2\u00a0con diferentes subredes\u00c2\u00a0y no\u00c2\u00a0lograba conectarse entre ellos. El instalador de Active Directory mostraba un error de que no encontraba el nombre del servidor que contenia el Dominio existente. Luego de investigar, ver la [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[2,1],"tags":[],"class_list":["post-265","post","type-post","status-publish","format-standard","hentry","category-personales","category-profesional"],"_links":{"self":[{"href":"https:\/\/www.talsoft.com.ar\/site\/wp-json\/wp\/v2\/posts\/265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft.com.ar\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft.com.ar\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft.com.ar\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft.com.ar\/site\/wp-json\/wp\/v2\/comments?post=265"}],"version-history":[{"count":0,"href":"https:\/\/www.talsoft.com.ar\/site\/wp-json\/wp\/v2\/posts\/265\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.talsoft.com.ar\/site\/wp-json\/wp\/v2\/media?parent=265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft.com.ar\/site\/wp-json\/wp\/v2\/categories?post=265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft.com.ar\/site\/wp-json\/wp\/v2\/tags?post=265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}