AWS directory service Problem Set and Solution 問題與解法

用AWS directory service 在串接AD時可能會有些小問題，這邊分享遇過的問題與解決方法

1. Status: Failed ( DNS )
2. Status: Failed ( internal error )
3. Status: Inoperable

Status: Failed
Status transition reason: Configuration issues detected: DNS lookup for realm name failed for IP: X.X.X.X Please verify existing configuration and retry the operation.

DNS解析失敗，嘗試以後的經驗是卡對應EC2 instanc的SecurityGroup，也就是VPC的SecurityGroup，這裡SecurityGroup很像基本防火牆的作用，研究中不管設定怎樣的Policy都讀不到，建立一套新的DNS就可以了，若有其他解法歡迎分享。





Status: Failed
Status transition reason: An internal service error has been encountered while connecting the directory. Please retry the operation.

這邊on premise-AD建在EC2上，而這狀況這通常發生在我剛把EC2啟動的時候，所以就是等EC2完整作用完再設定連接就可以了。

Status: Inoperable
Status transition reason: On-premises issue(s) detected by instance X.X.X.X: Unable to reach DNS port (TCP 53) of on-premises server X.X.X.X, Unable to reach DNS port (TCP 53) of on-premises server 92.5.101.24. On-premises issue(s) detected by instance X.X.X.X: Unable to reach DNS port (TCP 53) of on-premises server 92.5.64.214, Unable to reach DNS port (TCP 53) of on-premises server X.X.X.X.

AWS AD的設定頁面不像EC2一樣，有啟動停止的選項，所以不用擔心，當你將EC2停止後，AWS AD的連接就會自動停止，就會顯示這樣的訊息。所以遇到這樣的狀況只要將對應的EC2啟動起來就可以了。



另外如果你將建好的AWS AD砍掉，要在與原來的AD相連的話，經驗上來說，該EC2的SG要另外給一個新的，才能順利建立。