0 votes

Hi All,

I have 2 domains (A & B) which do not know of each other and have a firewall between them.

I would like to manage domain B from domain A. I thought the correct route was to setup an Adaxes server in both domains and then connect using the new managed domain on Adaxes with the IP address of the adaxes server. I have opened up the firewall to everything I could find on this page https://www.adaxes.com/questions/20/what-ports-does-adaxes-use and have disabled the windows firewall on both boxes.

Still no luck. Can anyone help?

Edit. If I point Adaxes at the domain controller of domain B I can get to the next screen where it says specify a service account. However after entering credentials I get " 'example.com' is not operational" where example.com is domain B.

Many Thanks

by (1.5k points)
edited by

1 Answer

0 votes
by (177k points)
selected by
Best answer

Hello Anton,

To manage multiple domains in Adaxes you do not need to install an instance of Adaxes service in each of the domains. You just need to register the domains in your existing service instance. For the registration to work, make sure that all the ports specified in the FAQ article you referenced are open.

0

Hi,

Thanks for getting back to me.

I have now taken this off to a development environment in which all windows firewalls are disabled and there is no firewall between the two domains.

From the Adaxes add a managed domain I can add 'dev' which is the domain 'dev.net' however when I try and enter credentials it says that 'dev.net' is not operational.

Is there anything else I can test to try and diagnose this?

image.png

0

Hello Anton,

It looks like some ports used by Adaxes are closed between the computer where Adaxes service is running and domain controllers of the domain you are registering. For details on the ports, have a lok at section Adaxes Service of the following FAQ article: https://www.adaxes.com/questions/20/what-ports-does-adaxes-use. Once all the ports are open, try to register the domain again.

0

If I want to setup a shared configuration as well across seperate domains. Ie. Domain A Adaxes is main and Domain B Adaxes tries to connect to the one in Domain A as a shared configuration.

Do the ports just need to be open between Adaxes servers or do they need access to domain controllers as well?

0

Hello Anton,

You will need to open all the ports used by Adaxes service for both computers. Also, you will need to open the RPC ports for replication between the computers where the instances of Adaxes service will be installed.

0

image.png

Any ideas, firewall disabled on both machines and no firewall between? Trying to connect from dev.net domain to home.net domain. Both users are domain admins.

Note: Adaxes does see the adaxes service when I hit select

0

Hello Anton,

Did you open all the required ports between the computer in dev.net where Adaxes service is installed and a domain controller (DC) of domain home.net? The ports need to be open for outgoing connections on the computer where your Adaxes service is installed, and for incoming connections on the DC that you want Adaxes to connect to.

0

This is how the firewalls are setup on all servers on both domains. Settings the same for domain, private and public profile. Severs can both see each other, DNS lookup resolves okay. Don't know what else I can look into.

image.png

0

Hello Anton,

What about the domain controller (DC) of domain home.net? Did you make sure that all the required ports are open for incoming connections there?

Also, according to your last screenshot, you are attempting to install a new instance of Adaxes service sharing common configuration with an existing one, not to just register a domain. It will not work in your case as such installation requires trust relationships between the domains.

Related questions

0 votes
1 answer

We are looking to use Adaxes to create and manage Managed Service Accounts in the "Managed Service Accounts" OU. Is this possible through Adaxes? Thank you.

asked Nov 14, 2019 by lgibbens (1.4k points)
0 votes
0 answers

You do not need to create a trust between AD domains to manage them with an Adaxes service. When registering an AD domain, an account with administrative permissions ... control the user access to the managed resources, the Adaxes service uses Security Roles.

asked Apr 29, 2009 by Support (215k points)
0 votes
1 answer

We have the 2017 version of ADAXES, and recently decided to deploy the Self-Servece but even the agent is installed on computers and we did all configuration (gpo, and ... denied" on lock scree process but the users can perform their change password from IE!

asked Mar 12 by Gabriel Abarca (250 points)
+1 vote
1 answer

After installing our second Adaxes service and joining it to the configuration via shared configuration like the install guide said (https://www.adaxes.com/resources/InstNotes. ... ?" I am an administrator and login just fine to our first node.

asked Dec 10, 2019 by mark.it.admin (3.5k points)
0 votes
1 answer

Dear Support, can you please clarify - to call adaxes custom commands from "other" machines via following code - Adaxes PS module needs to be installed or ... -Object "Softerra.Adaxes.Adsi.AdmNamespace" $admService = $admNS.GetServiceDirectly("xxx") Thanks!

asked Oct 9, 2019 by Dmytro.Rudyi (3.3k points)
2,183 questions
1,948 answers
5,392 comments
5,257 users