We help IT Professionals succeed at work.

Amazon Web Services - AD Connector (Directory Services)

Baazi
Baazi asked
on
Hi,
I'm trying to run a Hybrid Infrastructure with the combination of On premise and AWS Cloud. So far I have successfully created the VPC and establish VPN connection with my local infrastructure. My next task is to deploy desktops on AWS WorkSpaces for which I would like those desktops to join the local AD, as a result I need to configure AWS "Directory Service"

During the process of creating the AWS AD Connector I get the error below.

The Status transition reason is as follow:
Configuration issues detected: SRV record for LDAP does not exist for IP: 192.168.x.x, SRV record for Kerberos does not exist for IP: 192.168.x.x, SRV record for LDAP does not exist for IP: 192.168.x.x, SRV record for Kerberos does not exist for IP: 192.168.x.x. Please verify existing configuration and retry the operation.

Please help me...

Thanks
Comment
Watch Question

Zephyr ICTCloud Architect

Commented:
This means that the AD connector can't reach the DNS servers that you specified when connecting to your directory.

You need make sure you have at least following ports open in the firewall if you're using an on-premises directory:
TCP/UDP 53 - DNS
TCP/UDP 88 - Kerberos authentication
TCP/UDP 389 - LDAP

Author

Commented:
Hi,
Ports are open and Also ran a test that Amazon provides. So thats not the issue. I know you pull that out from their pre req. if you search further on their site you will find a link pointing to Microsoft. It isn't help full.
Zephyr ICTCloud Architect

Commented:
Ok, but still, these errors point to the fact that communication with DNS doesn't seem to be working. Did you verify all DNS settings?

Can you reach your DNS server from the workspace PC if and when VPN is connected for example?
Can you perform nslookup of your domain?

Author

Commented:
Hey Bud thanks for trying but DNS isn't an issue - I spun up an instance on Amazon VPC and used a troubleshooting tool that Amazon provides for  DNS testing- it pass the test. I'm stuck with SRV record error.
Commented:
Yes I can do nslook up from an Amazon server
Zephyr ICTCloud Architect

Commented:
Weird, didn't have that issue with my setup ... Let me test a few things.

Author

Commented:
because no one else could answer my question.