Solved

Unable to join domain controller on EC2

Posted on 2014-04-14
2
1,962 Views
Last Modified: 2014-11-12
Hi,I am hoping someone can assist me please.  

I setup windows 2008 server EC2 (Free Version Tier 1) for testing purpose before i go ahead and upgrade. I am having issue adding my vmware to the domain controller in AWS EC2. The vmware machine has internet connectivity. When I tried adding the vmware to the domain controller (using the CNAME point to the AWS public ip address) I am not having any luck, looks like it's dns issue.

Active directory has been successfully installed including the DNS service on AWS EC2, The primary DNS on the LAN  is pointing to the primary private ip address of the server. From EC2 Security, I have allowed ICMP, DNS. I have also setup CNAME from my domain to the public address of the AWS EC2 machine. Note: I have not purchased elastic ip address yet, so i tried testing this while the instance is running.

I am able to ping the AWS domain controller public ip address using the CNAME which I had created.  I have tried to point the dns server on the vmware to the public address off the aws machine and tried adding the vm machine to the dc with no luck.

Any advise please?
0
Comment
Question by:Indulge_209
2 Comments
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 500 total points
ID: 39998595
Well, first off, setting up a DC on a public address is not really a good idea, Amazon has better solutions for that (e.g VPC - Virtual Private Cloud)... Besides that Amazon also has "templates" that will configure the complete AD for you, this is called Cloudformation

That being said, I understand you wish to try things first, see if it works, and keeping costs low, you might benefit from the official AWS documentation concerning Active Directory on EC2, this can be found here... Though it's not that extensive

It will be some work because you need to adjust/configure a lot of security groups/ports, not only DNS/ICMP, you'll need ports for AD, Kerberos, LDAP(S), GC, IPSEC maybe ... etc ...

Then you might test by seeing if you can connect to the LDAP server before trying to connect with some application...

Still, it would be a better idea to have a VPC maybe with a direct VPN connection to your office, I don't know what your budget is of course, or what the use will be ...

I'm not saying it's not possible to use EC2 ... I'm just not convinced it's a good idea
0
 

Author Closing Comment

by:Indulge_209
ID: 40055400
Thanks
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now