[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Unable to join domain controller on EC2

Posted on 2014-04-14
2
Medium Priority
?
2,168 Views
Last Modified: 2014-11-12
Hi,I am hoping someone can assist me please.  

I setup windows 2008 server EC2 (Free Version Tier 1) for testing purpose before i go ahead and upgrade. I am having issue adding my vmware to the domain controller in AWS EC2. The vmware machine has internet connectivity. When I tried adding the vmware to the domain controller (using the CNAME point to the AWS public ip address) I am not having any luck, looks like it's dns issue.

Active directory has been successfully installed including the DNS service on AWS EC2, The primary DNS on the LAN  is pointing to the primary private ip address of the server. From EC2 Security, I have allowed ICMP, DNS. I have also setup CNAME from my domain to the public address of the AWS EC2 machine. Note: I have not purchased elastic ip address yet, so i tried testing this while the instance is running.

I am able to ping the AWS domain controller public ip address using the CNAME which I had created.  I have tried to point the dns server on the vmware to the public address off the aws machine and tried adding the vm machine to the dc with no luck.

Any advise please?
0
Comment
Question by:Indulge_209
2 Comments
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 2000 total points
ID: 39998595
Well, first off, setting up a DC on a public address is not really a good idea, Amazon has better solutions for that (e.g VPC - Virtual Private Cloud)... Besides that Amazon also has "templates" that will configure the complete AD for you, this is called Cloudformation

That being said, I understand you wish to try things first, see if it works, and keeping costs low, you might benefit from the official AWS documentation concerning Active Directory on EC2, this can be found here... Though it's not that extensive

It will be some work because you need to adjust/configure a lot of security groups/ports, not only DNS/ICMP, you'll need ports for AD, Kerberos, LDAP(S), GC, IPSEC maybe ... etc ...

Then you might test by seeing if you can connect to the LDAP server before trying to connect with some application...

Still, it would be a better idea to have a VPC maybe with a direct VPN connection to your office, I don't know what your budget is of course, or what the use will be ...

I'm not saying it's not possible to use EC2 ... I'm just not convinced it's a good idea
0
 

Author Closing Comment

by:Indulge_209
ID: 40055400
Thanks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Media Temple is thrilled to announce the launch of our new Partner Program, specifically designed to empower digital agencies and adtech platforms by offering white-glove support and exclusive hosting enhancements to optimize their sites and their c…
Data security in the cloud is very much like a security in an on-premises data center - only without costs for maintaining facilities and computer hardware.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question