This is a common problem.

You set up a VPN ether direct from a domain’ed PC, or with a site to site VPN. Every time you click on a network drive or shortcut you are prompted for username and password. It probably shows an error saying that “a domain control to authenticate  the request could not be found”.


The issue is caused because your router is handing out the DNS server as itself, or possibly the default from your cable / broadband provider.

The PC tries to look up the address of your AD server and the router tries to look up the answer on the internet rather than across the VPN on your AD domain server.


The Tik has an easy answer however.

In the firewall set up a “Layer7” rule with a name and your AD domain name in the regex.

Now add a dst-nat rule to trap all traffic coming from your inside interface, with the layer7 protocol named above. Set the dst-nat action to redirect the traffic to your AD DNS server.

This conversion is transparent to your PC. it still sends the DNS request via the router, however the router redirects it to the correct DNS server. All other DNS requests will get sent via the normal internet DNS servers.


Clearly the answer above is descriptive rather than technical. If you are familiar with MikroTik Router Board then I am sure you will be able to succeed with this direction.

If you need direct help, then please contact our helpdesk and we can provide remote consultancy to address this quickly.

Contact Us

in Mikrotik Routerboard