Troubleshooting

I will be adding to this section as I come across active or potential issues. Currently, these may include:

  • DNS Leases

In addition, if you are encountering issues with an attack, check your spelling and DNS leases. However, there is a possibility that it could also be due to differences how we have set up DHCP/DNS Forwarders, to work in a Proxmox/pfSense environment, compared to TCM’s VirtualLab/VMware environment:

  • TCM’s method to join machines to the Domain
  • TCM’s method to attach the DNS setting to the DC

DNS Leases

REMEMBER! You enabled the DNS service on the Domain Controller. It is now the Start of Authority (SOA) for the MARVEL.local domain. If you are having trouble resolving computer hostnames to IP addresses, compare what is in DNS with what is in the DHCP pool.

Open the DNS app from the Start Menu tro1

Choose the Forward Lookup Zone for your domain ie. MARVEL.local

  • Double Click MARVEL.local
  • You should see a list of records that are generated when the host joins the domain tro2

Open the DHCP app from the Start Menu tro3

Drill down to Address Leases and compare the IP addresses with your DNS records

  • You can then begin troubleshooting ie. DNS vs DHCP issues tro4

#TCM: Different Method for Joining Machines to the Domain

THEPUNISHER

Start > Search “Domain” > Access work or School > Connect > Join this device to a local Active Directory domain > Enter “MARVEL.local” > Enter administrator credentials tro5 tro6 tro7 tro8

It will ask if you want to Add an account.

  • TCM added an Administrator account from the drop down
  • Reboot tro9

Repeat for SPIDERMAN

Check Computers on Domain Controller

Log into DC with MARVEL\Administrator

  • Check Active Directory both machines have successfully joined

Tools > Active Directory Users and Computers > MARVEL.local > Computers tro10

TCM: Different method for DNS setting

Network & Internet > Change adapter options > Ethernet > Properties > Enter administrative credentials > Internet Protocol Version 4 (TCP/IPv4) tro11 tro12 tro13 tro14 tro15

Here, TCM enters the IP address for the DC, which is also our DNS server. This will create a direction connection from the Client to DC, which will be important for some attacks.

  • I think our DHCP/DNS Forwarder implementation does the same thing.
  • Just keep this in mind if some attacks fail. tro16

EOF