0

I have a VPC(VPC1) where my main instances are running, and I have another one (VPC2)specifically for directory service (AD Connector) and a MS AD server running. I have created a VPC peering (which is Active) and all the route tables of these VPC's are updated to talk to the other VPC instances. But here are the issues now:

  1. An instance created in VPC 1, configured with domain join option gets launched successfully, but not joined to the domain. I am not sure any logs I can find, IAM role for this instance is also integrated while launching.
  2. From the AD server (located in VPC2), I tried pinging this VPC1 server by its private IP address, which fails.

Is there anything else I need to configure.? As per my understanding, VPC peering in active state with route tables should properly route the requests. Any help would be appreciated

serverstackqns
  • 764
  • 3
  • 16
  • 42

1 Answers1

0

Obviously we'll need to ensure PING works before troubleshooting AD join issues, so I'll only comment on that.

  1. Add a Windows firewall rule or disable it (can also test this by pinging from another host within the same subnet)

  2. Do the hosts have more than one network adapter e.g. Public IP and Private IP? If so, the ICMP response traffic might be routing out the default gateway to the Internet, which will never find your other host's private IP

  3. Be sure you have a network ACL (NACL) rule allowing ICMP responses

  4. Be sure you have a rule on both Security Groups (the ones for the private IP on each instance) allowing ICMP both inbound and outbound

  5. From one of these servers, tracert (tracert ) might tell you if it's routing incorrectly

  6. Try adding a route to Windows to test the route theory

  7. Use Wireshark and/or VPC Flow Logs to determine whether the PING destination is ever receiving the packet

  8. If you have multiple subnets and route tables, make sure the subnets of your instances are associated with the route table(s) you're changing

  9. Check the subnet masks in your route tables and subnet groups in/out rules being used (e.g. using a /24, but should be /16, or vice-versa)

PSn00b
  • 59
  • 2