0xBEN’s Troubleshooting Guide

If you’re running into problems, be sure to check out 0xBEN’s Troubleshooting Guide too.

AD Lab VMs can ping each other, and Kali - but cannot resolve names

Possible error is the Domain Controller (DC) DNS does not match the pfSense DHCP Pool/DNS settings.

On your DC, go to your DNS Manager, and look at your Domain network ie. MARVEL.local. My two Windows 10 VMs still had their previous IP addresses: AD Old IP

In pfSense, the two Windows 10 machines have been assigned different IP addresses, as requested, within the desired subnet: AD New IP

SOLUTION:

On your DC, go to:

Start | Settings | Network & Internet | Properties

Note the DNS servers were not updated to our new desired DNS IP. Click Edit AD Wrong DNS

Replace the old DNS IP with 10.80.80.2 and 10.80.80.1 AD New DNS

Test URL resolution with a ping: AD Ping

Domain Controller Does Not Have Internet Access

This appears to be a common issue when an Active Directory setup only has ONE Domain Controller, and it is acting as a DNS.

Solutions include:

  1. Add a second DC as a DNS - whoa - that’s too much effort
  2. Add 8.8.8.8 (Google resolver) as a secondary DNS

Solution #2 is preferred, but it is a bit of a convoluated path to get there, but worked for me:

On your DC, go to Server Manger | DNS AD DC DNS

Right-Click DC | DNS Manager AD DNS Manager

While in DNS Manager | *Right-Click the DC | Properties AD DNS Properties

Click Forwarders | Add 8.8.8.8, OK and Apply AD Google Resolver

Previous Section - Building the Active Directory (AD) Lab

Next Section - Adding An Adapter to pfSense - TBD