Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AppStream Domain Join Error DOMAIN_JOIN_ERROR_NO_SUCH_DOMAIN The specified domain either does not exist or could not be contacted

0

Hello. I am setting up AppStream with a Directory Config so I can have Active Directory domain joined instances. It can't start the image builder. It gives the errors: "DOMAIN_JOIN_ERROR_NO_SUCH_DOMAIN The specified domain either does not exist or could not be contacted".
I have an EC2 instance in the same VPC and subnet that can reach the domain just fine and is in fact a domain controller itself. Ideally the Image Builder would contact that domain controller first, but there is no setting I can find to do that. I have inbound rules in the security group that allow traffic to the private IPs on premise via a VPN and also rules for the public IPs for the domain with all traffic allowed. I tried the Amazon Q network troubleshooting tool and it showed me this result: "NO_PATH: Reachability Analyzer was unable to find a path from the source to the destination. This may be due to actual lack of connectivity or other common causes." I have tried different OUs and different AD user accounts. Same results. Any ideas what I can do to make this work?

Topics
End User Computing
Tags
Amazon WorkSpaces Applications
Language
English
asked 2 years ago837 views
3 Answers
1
Accepted Answer

You are on the right track analysing networking. Ensure that the subnet the image builder is in has a path to your domain controller and is able to do a DNS lookup, preferably on a domain controller. Security groups, routes and VPC DHCP Option Sets are all items to troubleshoot.

AWS
answered 2 years ago
0

Thanks for your help.

The Image builder is in the same subnet as the domain controller.

I have created a DHCP Option Set and specified only the DNS server, which is the IP of the domain controller.

Now the Image Builder starts, but won't let me connect to it. It just hangs at "You are connecting as an administrator."

I do see the AppStream instance in Active Directory so we are making progress.

I have another image builder that is not using a Directory Config for Active Directory. When I do an NSLookup on the domain I get this:

DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: <Domain Controller IP>

Non-authoritative answer: Name: <domain>.us-east-1.ec2-utilities.amazonaws.com Addresses: some IPs that aren't mine

I can ping the DC by its IP, but apparently DNS still isn't right.

answered 2 years ago
0

Ok, I got it to work. I think the reason it was hanging up was Group Policy. I moved the OU to somewhere with fewer GPOs and it loaded.

The main thing that fixed my problem was creating the DHCP Option Set and specifying the EC2 domain controller as DNS server, etc.

Thanks!

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content