I want to setup a failover cluster with 2 Windows EC2 instances, for which I'm following this link.
One of the pre-reqs listed says that, Make sure that all servers that you want to add as cluster nodes are joined to the same Active Directory domain.. In order to satisfy this requirement, I've setup an AWS Active Directory. My AWS AD console shows that I've 2 domain controllers for HA in 2 different subnets and both of them are active.
I followed AWS' guidelines and launched 2 Windows EC2 instances both of which are joined to the same domain. System Properties on both the instances confirm that they belong to the same domain.
This powershell command also displays info about both the EC2 instances:
PS C:\Users\Admin> Get-ADComputer -LDAPFilter "(&(objectCategory=computer)(whenCreated>=20111201000000.0Z))" -Properties
whenCreated | Format-Table Name,whenCreated,distinguishedName -Autosize -Wrap
For some reason, I'm unable to add one windows machine to the cluster. When I add its hostname to the server list, I see the following error:
The computer EC2AMAZ-5H2PQ21 could not be reached
Let's call this machine, instance-2 and the machine that's reachable instance-1.
Other symptoms that may help in identifying the problem are:
1) I can't connect to instance-2 using the Admin account that AWS MS AD service creates by default. I see the error, The security database on the server does not have a computer account for this workstation trust relationship.
2) I can connect to instance-1 using the Admin account that AWS MS AD service creates by default. On this instance, I can see my domain via the wizard, Active Directory Users and Computers.
3) I can't ping/nslookup, instance-2 from any machine.
4) I can ping/nslookup, instance-1 from both machines.
