By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

NLA error after updating instance type

0

Hello,

Have a domain joined t3.2xlarge instance that I would like to upgrade to m6i.2xlarge according to the compute optimizer recommendation. But after modifying the instance type, I receive the NLA error: NLA error Cannot even RDP using the local Administrator account, the same NLA error displays.

This instance exists in ap-southeast-2 and done a few tests.

  1. Changing back to t3.2xlarge, connected using domain credentials OK
  2. Changing to m5.2xlarge, connected using domain crendentials OK
  3. Added another NIC when it was on m6i.2xlarge, NLA error on the second interface.
  4. (Don't think this matters, the instance is HVM) Upgraded to the latest PV driver, changing instance type to m6i.2xlarge, NLA error.
  5. Launched a m6i.2xlarge instance in a different subnet(AZ), joined domain OK, connected using domain crendentials OK; changed to t3.2xlarge, NLA error; changed back to m6i.2xlarge, connected using domain crendentials OK
  6. Launched another m6i.2xlarge instance in the same subnet as the t3.2xlarge, swapped the root volume, NLA error. Swapped back the volumes, connected OK.

Has anyone encountered this fault? How can I perform the necessary upgrade?

Kind regards, Ken

Topics
ComputeManagement & Governance
Tags
Amazon EC2AWS Compute OptimizerWindows Provisioning
Language
English
Ken
asked a year ago404 views
1 Answer
0
Accepted Answer

Managed to isolate the cause after performing some rescuing via SSM. The issue seems to stem from the upgrade from the CPU generation leap.

I had always thought each component, Storage, Compute, and Networking are separate, but the ENI config was lost during the upgrade, so the server had trouble (i.e. did not know where the DNS server is) contacting the DCs for authentication. Without this link to the DCs, NLA will never be met.

So if you are going to upgrade to the latest generation.

  1. While on the current instance type (while you can RDP to the EC2 instance), navigate to System Properties and go to the Remote tab.
  2. Untick the NLA option and apply and save the change.
  3. Shutdown the instance and change to the desired instance type.
  4. RDP to the instance using the Administrator account.
  5. Here you will see that the network interface configuration is empty, so add your DNS server IP address back in here.
  6. Confirm you have a connection to the DCs by pinging or something of the sort, then repeat step 1, but this time enable the NLA option and save.

Reboot and Voilà, you should now have access to the EC2 instance using your domain logins again.

Ken
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content