- Newest
- Most votes
- Most comments
I understand that you are getting the error "Cannot contact any KDC for realm 'my-domain.com' while getting initial credentials" when trying to connect from ECS Container launched in a peered VPC. Researching on this error, I found that this error is generally seen if the machine running kinit is unable to resolve the domain controller. Now, since it is not clear as to how the AD Service and Directory Service is configured, I am unable to comment as to what can be the possible reasons for such failure in DNS Resolution from the ECS in a peered VPC. However, considering the fact that you are not seeing issues when you run the ECS Cluster in the same VPC as the AD Server. One common scenario when ECS will fail to resolve a domain is in the below case -
For example, if you create a private domain called "example.com" and associated with the VPCA then by default only resources within VPCA will be able to resolve the domain "example.com". Even if you peer the VPCA with VPCB, resources in VPCB will not be able to resolve the domain "example.com". I just wanted to let you know that generally Private hosted Zones are not resolvable outside of the VPC it is created. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zone-private-considerations.html
To better answer your question, we require details that are non-public information. Therefore, please open a support case with AWS using the following link
Relevant content
- Accepted Answerasked 2 months ago
- asked 5 years ago
- asked 4 months ago
- asked 8 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
