Hi folks,
We're doing some testing to explore migrating to Proxmox and have run into a strange issue that I can't seem to find any other discussions of. Hoping that someone in this excellent community can help to get me pointed in the right direction!
PROBLEM DESCRIPTION: Windows Virtual Machines deployed on Proxmox (tested with Win10, Win11, and WinSrvr2022) are unable to join an Active Directory domain (running outside of Proxmox). Lots of good troubleshooting info on these forums and elsewhere helped me to confirm that all relevant networking, dns, and security configurations were accurate and Wireshark traces show that the CLDAP packets leaving the Proxmox server and destined for the AD server are becoming malformed (and thus AD never answers).
ADDITIONAL DETAILS:
The expected response is that one of the Active Directory Domain Controllers will respond with an LDAP searchResEntry packet and the AD join process then takes place. We don't see any response back from AD and it appears to be because when this same CLDAP packet traverses the Proxmox host on it's way out, there is some corruption of the packet (at least I think this is what the trace is telling me) Only the first 2 of the 4 assertions in the original CLDAP packet appear and then Wireshark notes the failed assertion/recursion depth issue:
As mentioned above, there don't appear to be any problems with networking, firewall rules, or DNS entries (the process works fine for an Ubuntu vm) but fiddling around with everything I can think to try to change has not yielded any other useful info or troubleshooting ideas. I'll be very grateful for any advice, ideas, or guidance that anyone might have!
We're doing some testing to explore migrating to Proxmox and have run into a strange issue that I can't seem to find any other discussions of. Hoping that someone in this excellent community can help to get me pointed in the right direction!
PROBLEM DESCRIPTION: Windows Virtual Machines deployed on Proxmox (tested with Win10, Win11, and WinSrvr2022) are unable to join an Active Directory domain (running outside of Proxmox). Lots of good troubleshooting info on these forums and elsewhere helped me to confirm that all relevant networking, dns, and security configurations were accurate and Wireshark traces show that the CLDAP packets leaving the Proxmox server and destined for the AD server are becoming malformed (and thus AD never answers).
ADDITIONAL DETAILS:
- Proxmox v8.3.0
- Active Directory running on Win Srvr 2019
- Windows VMs deployed outside of Proxmox (ie VMWare) can join the domain without issues
- Ubuntu VMs deployed on this same Proxmox host are able to successfully join the domain (although traces show that they use a simpler LDAP process with no CLDAP involved)
- Traces on the Windows VM show that the CLDAP packets are formed correctly when they leave the VM NIC
- Only when the packet traverses the Proxmox host does the issue occur - it happens when using Proxmox SDN networking (with or without SNAT) as well as when just building a simple Windows VM with the standard Proxmox vmbr0 interface of the host.
The expected response is that one of the Active Directory Domain Controllers will respond with an LDAP searchResEntry packet and the AD join process then takes place. We don't see any response back from AD and it appears to be because when this same CLDAP packet traverses the Proxmox host on it's way out, there is some corruption of the packet (at least I think this is what the trace is telling me) Only the first 2 of the 4 assertions in the original CLDAP packet appear and then Wireshark notes the failed assertion/recursion depth issue:
As mentioned above, there don't appear to be any problems with networking, firewall rules, or DNS entries (the process works fine for an Ubuntu vm) but fiddling around with everything I can think to try to change has not yielded any other useful info or troubleshooting ideas. I'll be very grateful for any advice, ideas, or guidance that anyone might have!
Last edited:
