We converted to an AD environment a few months ago. From my home office, I have a Win10 laptop that I joined to our domain with much difficulty (had to set the AD dns server on my local LAN) as compared to my Win7 desktop (never did anything special) but did manage to join and can logon as my domain self after I started VPN with a local account. Later, I could login just as my domain self w/o VPN running as I presumably used cached creds. Did not have this issue with Win7.
And my laptop OpenVPN networks initially were showing up as Public and I used PS set-netconnectionprofile to be Private (could not set DomainAuthenticated) but that was no help.
On the Win10 machine (as on the desktop) I have SecurePoint OpenVPN connected to all 3 of our AD sites just fine. I can ping 3 domain controllers, I can do an nslookup on _LDAP._TCP.DC._MSDCS.ad.mydomain.com and find all 3 of my DCs, I can ping all the domain machines with unqualified machine names, etc.
I seem to be able to do everything except –
-
I have to use my domain suffix when logging on (user@ad.mydomain.com not just user). Don't have to do this on my other machine.
-
gpupdate fails saying it cannot connect to a domain controller.
Any ideas why gpupdate fails? I see no useful info in the event logs, and my Win7 desktop using the same network runs fine in respect to domain access. I'm suspect of Win10 and/or the SecurePoint OpenVPN on Win10 yet most everything works just fine.
This "may" be related to the adapter binding order. I am unable to change the binding order of adapters in Win10 like I can in Win7 (see http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/adapter-priority-setting-unavailable-in-windows-10/d2b63caa-e77c-4b46-88b5-eeeaee00c306?auth=1) for the problem description.
Best Answer
This was an adapter binding order problem! Win10 changed this as compared to Win7. You could no longer set the binding order via Network Connections/Advanced/Advanced Settings/Adapters and Bindings.
You have to go into each and every adapter, IPv4 properties, Advanced, and turn off automatic metrics, and set a lower metric for adapters you want searched first. Didn't matter I had my DC as the preferred DNS server on my primary LAN.
Hope this helps someone because this caused me a LOT of grief trying to get a Win10 machine running on the domain via OpenVPN!
http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/adapter-priority-setting-unavailable-in-windows-10/d2b63caa-e77c-4b46-88b5-eeeaee00c306?auth=1 has some more info.