I have a Windows EC2 in a subnet with no internet access, but the VPC has endpoints to all SSM related services. When I try to join the domain by associating an SSM document, it fails and the error log shows the following:
2020-03-25 10:23:35,277 [1] ERROR [Framework] - Failed to create domain computer account 'TESTVM', Message=A WebException with status ConnectFailure was thrown.,ErrorCode=,ErrorType=Sender,StatusCode=0
Amazon.Runtime.AmazonServiceException: A WebException with status ConnectFailure was thrown. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 52.95.35.59:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at Amazon.Runtime.Internal.HttpHandler`1.InvokeSync(IExecutionContext executionContext)
at Amazon.Runtime.Internal.Unmarshaller.InvokeSync(IExecutionContext executionContext)
at Amazon.Runtime.Internal.ErrorHandler.InvokeSync(IExecutionContext executionContext)
--- End of inner exception stack trace ---
at Amazon.Runtime.Internal.WebExceptionHandler.HandleException(IExecutionContext executionContext, WebException exception)
at Amazon.Runtime.Internal.ErrorHandler.ProcessException(IExecutionContext executionContext, Exception exception)
at Amazon.Runtime.Internal.ErrorHandler.InvokeSync(IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeSync(IExecutionContext executionContext)
at Amazon.Runtime.Internal.RetryHandler.InvokeSync(IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeSync(IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeSync(IExecutionContext executionContext)
at Amazon.Runtime.Internal.ErrorCallbackHandler.InvokeSync(IExecutionContext executionContext)
at Amazon.Runtime.Internal.MetricsHandler.InvokeSync(IExecutionContext executionContext)
at Amazon.Runtime.Internal.RuntimePipeline.InvokeSync(IExecutionContext executionContext)
at Amazon.Runtime.AmazonServiceClient.Invoke[TRequest,TResponse](TRequest request, IMarshaller`2 marshaller, ResponseUnmarshaller unmarshaller)
at Amazon.DirectoryService.AmazonDirectoryServiceClient.CreateComputer(CreateComputerRequest request)
at Amazon.EC2Services.Config.Plugins.DomainJoin.Ec2SDomainJoin.CreateComputer(DomainJoinDto domainJoinDto, String desiredComputerName, String accountCreationPassword)
It seems like the error is happening because it cant reach 52.95.35.59 which is expected because it is not internet accessible. But what is this IP ? I dont think it is an amazon IP, and the location of this IP shows somewhere in China ?
If the server has internet access, associating the ssm document works.
Edited by: thescreenslaver on Mar 25, 2020 3:50 AM
Edited by: thescreenslaver on Mar 25, 2020 3:52 AM
asked 2 years ago
AWS OFFICIALUpdated 9 months ago