?
Solved

Unable to join domain controller on EC2

Posted on 2014-04-14
2
Medium Priority
?
2,071 Views
Last Modified: 2014-11-12
Hi,I am hoping someone can assist me please.  

I setup windows 2008 server EC2 (Free Version Tier 1) for testing purpose before i go ahead and upgrade. I am having issue adding my vmware to the domain controller in AWS EC2. The vmware machine has internet connectivity. When I tried adding the vmware to the domain controller (using the CNAME point to the AWS public ip address) I am not having any luck, looks like it's dns issue.

Active directory has been successfully installed including the DNS service on AWS EC2, The primary DNS on the LAN  is pointing to the primary private ip address of the server. From EC2 Security, I have allowed ICMP, DNS. I have also setup CNAME from my domain to the public address of the AWS EC2 machine. Note: I have not purchased elastic ip address yet, so i tried testing this while the instance is running.

I am able to ping the AWS domain controller public ip address using the CNAME which I had created.  I have tried to point the dns server on the vmware to the public address off the aws machine and tried adding the vm machine to the dc with no luck.

Any advise please?
0
Comment
Question by:Indulge_209
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 2000 total points
ID: 39998595
Well, first off, setting up a DC on a public address is not really a good idea, Amazon has better solutions for that (e.g VPC - Virtual Private Cloud)... Besides that Amazon also has "templates" that will configure the complete AD for you, this is called Cloudformation

That being said, I understand you wish to try things first, see if it works, and keeping costs low, you might benefit from the official AWS documentation concerning Active Directory on EC2, this can be found here... Though it's not that extensive

It will be some work because you need to adjust/configure a lot of security groups/ports, not only DNS/ICMP, you'll need ports for AD, Kerberos, LDAP(S), GC, IPSEC maybe ... etc ...

Then you might test by seeing if you can connect to the LDAP server before trying to connect with some application...

Still, it would be a better idea to have a VPC maybe with a direct VPN connection to your office, I don't know what your budget is of course, or what the use will be ...

I'm not saying it's not possible to use EC2 ... I'm just not convinced it's a good idea
0
 

Author Closing Comment

by:Indulge_209
ID: 40055400
Thanks
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question