'AWS Active Directory Seemless Join Not Working for Private

I'm having problems with getting "Seemless Join" to work on my Windows Server 2019 Base EC2 instances in my private subnets. When I spin up EC2 instances on my public subnets, everything just works.

I can create EC2 instances on the private subnet, but they fail to use Active Directory until I follow these manual steps: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/join_windows_instance.html, which suggests to me that active directory is not the problem.

I've followed the steps here: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/launching_instance.html and as mentioned, they work for my public subnet. I've checked that private instances were created with the correct "Domain Join Directory" and "EC2DomainJoin" role.

I tried trouble shooting and noticed:

I don't even see the NetpDoDomainJoin getting attempted when the private EC2 instance spins up

> %windir%\debug\netsetup.log

# I just get logs from when the AMI image was first created (years ago)

However for my public EC2 instances, I get something along the lines:

03/23/2022 01:20:59:117 -----------------------------------------------------------------
03/23/2022 01:20:59:117 NetpDoDomainJoin
03/23/2022 01:20:59:117 NetpDoDomainJoin: using new computer names
03/23/2022 01:20:59:117 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
03/23/2022 01:20:59:117 NetpDoDomainJoin: NetpGetNewHostName returned 0x0

I did a ipconfig on private EC2 instance

> ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : EC2AMAZ
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No



> nltest /dsgetdc:myexample.com /force
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

How do I get my private EC2 instance to seemlessly join to my Active Directory ?

Update: I created a NAT gateway for my private subnet to enable access to the internet and now the seemless join works. Why is this ? Is there a way to get this working without internet access (I'm planning to later use squid proxies to control internet access for my EC2 instances)?

active-directory


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function