[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Join an AWS EC2 instance to an existing domain via Amazon Virtual Private Cloud VPN

Posted on 2014-02-24
6
Medium Priority
?
2,868 Views
Last Modified: 2014-11-12
I have a project group that wants to set up some temporary compute instances on AWS. Easy enough.  The trick is they want the instances to be connected to our domain so users can authenticate normally and there is no differentiation in their experience when using these systems.  I've never joined a machine to the domain through a VPN connection, but I know it's possible

We've set up a VPC with a 10.x.x.x/24 CIDR block, traffic can pass through and I can remote to the instances I've created there.  When I attempt to join the domain, it errors out, stating it cannot contact the AD DC.  I've checked firewall settings, had ITSEC check out the VPN and can't find the problem.  Can anyone help?
0
Comment
Question by:Bighoppa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 24

Accepted Solution

by:
smckeown777 earned 668 total points
ID: 39885270
Going to ask the stupid question first...on the AWS instances have you set the DNS entries to point to your AD server? Should have a single primary DNS entry and remove the secondary one and see if that works...

Since you have connectivity normally when you can't join a domain its a dns related issue
0
 

Author Comment

by:Bighoppa
ID: 39885858
Yeah, DNS is set in the VPC options to our name servers, and I also hard-coded them into the VMs for good measure.  Can't get any traffic from them to the DNS.  Going to work with the security team and have them check the firewall rules again.
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 1332 total points
ID: 39887194
I just did this with a rackspace vm using the sonicwall global vpn client. No problem, so it is possible.

BTW once you have it up, you probably want to mess with the weight and priority
http://technet.microsoft.com/en-us/library/cc816890(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc794710(WS.10).aspx
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Author Comment

by:Bighoppa
ID: 39895301
Finally got it working.  Looks like one of the firewall guys fat-fingered the port rules.  Got them corrected last night and joined the VM to our domain this morning.
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 1332 total points
ID: 39895331
Good to hear. Don't forget to uncheck "register this connection in DNS" for all the non VPN nics. Ip4 and ipv6
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39895936
one last thing, this was new to me, might be old hat to you:
server manager -> tools -> active directory sites and services
add a site for your remote stuff seperate from default-first-site and make subnets for all the sites. I called my remote site "vpn" and assigned it a /32 network (one ip) for the vpn box. this keeps it out of the rotation better than turning down the weight and priority (but I left those settings set as well).
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question