Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Issues setting up FSx with self managed active directory

0

Hi, Ran the amazon fsx validation tool and got no errors But when I try to setup the Fsx i get the following error:

File system ID

fs-01117e89344a09962 Failure message

File system creation failed. Amazon FSx is unable to communicate with your Microsoft Active Directory domain controllers. This is because Amazon FSx can't reach the DNS servers provided or domain controllers for your domain. To fix this problem, delete your file system and create a new one with valid DNS servers and networking configuration that allows traffic from the file system to the domain controller as recommended in the Amazon FSx user guide: https://docs.aws.amazon.com/fsx/latest/WindowsGuide/self-manage-prereqs.html.

Any suggestions ? Thanks

Tópicos
Armazenamento
Tags
Amazon FSx
Idioma
English
hemlock306
feita há 7 meses79 visualizações
1 Resposta
1

You can create a "DHCP option set" for your VPC containing the IPs for your Domain controllers.

Otherwise provide the IPs in the wizard while creating the FSX

If you are doing this from cloudformation you can also enter your domain controllers IPs in "DnsIps" under "SelfManagedActiveDirectoryConfiguration"

FSx1:
    Type: "AWS::FSx::FileSystem"
    Properties:
      FileSystemType: "WINDOWS"
      StorageCapacity:
        Ref: StorageCapacity
      SubnetIds:
        - Ref: Subnet1
        - Ref: Subnet2
      SecurityGroupIds:
        - yoursecgroup

      WindowsConfiguration:
        WeeklyMaintenanceStartTime:
        DailyAutomaticBackupStartTime: 
        ThroughputCapacity: 
        AutomaticBackupRetentionDays: #
        CopyTagsToBackups: true
        DeploymentType: "MULTI_AZ_1"
        PreferredSubnetId:
        SelfManagedActiveDirectoryConfiguration: 
          DnsIps: 
            - #.#.#.#
            - #.#.#.#
          DomainName: 
          OrganizationalUnitDistinguishedName:
          Password: !Join [ "", ["{{resolve:secretsmanager:",!Ref "SecretObject",":SecretString:password}}"]] # '{{resolve:secretsmanager:<SecretObject>:SecretString:password}}'
          UserName: !Join [ "", ["{{resolve:secretsmanager:",!Ref "SecretObject",":SecretString:username}}"]] # '{{resolve:secretsmanager:<SecretObject>:SecretString:username}}'

Also, see the password and Username parameters consumed from secrets manager (you need to pass that to join nodes to your domain)

For any of those options make sure that those IPs are reachable in UDP/TCP 53 from your VPC

AWS
Alfredo Gutierrez
respondido há 2 dias

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante