Keep getting an error with Image Builder and/or Fleet connecting to an Active Directory - error DOMAIN_JOIN_ERROR_NO_SUCH_DOMAIN
I'm attempting to build an App Streaming test application that runs on a custom vpc with a Microsoft AD.
I'm using pulumi to create this - code looks like this:
import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws"; import * as awsx from "@pulumi/awsx"; const stack = pulumi.getStack(); const name = `my-example-app-${stack}`; const main = new awsx.ec2.Vpc("custom", { cidrBlock: "10.0.0.0/16", subnetSpecs: [{ type: "Public" }, { type: "Private" }], tags: { Name: `${name}`, }, }); const testAD = new aws.directoryservice.Directory("testAD", { name: `${name}.com`, password: "ThisIsMyPassword123!", edition: "Standard", type: "MicrosoftAD", vpcSettings: { vpcId: main.vpcId, subnetIds: main.privateSubnetIds.apply((ids) => ids.slice(0, 2)), }, }); new aws.appstream.DirectoryConfig( "directoryConfig", { directoryName: testAD.name, // Note - this has been lifted from the windows server manager users and computers interface. organizationalUnitDistinguishedNames: [ `OU=Users,OU=${name},DC=${name},DC=com`, ], serviceAccountCredentials: { accountName: pulumi.interpolate`${testAD.name}\\Admin`, accountPassword: testAD.password, }, }, { dependsOn: [testAD] } ); export const directoryId = testAD.id; export const directoryName = testAD.name; export const vpcId = main.vpcId; export const publicSubnetIds = main.publicSubnetIds;
Using this, I get a new vpc, an Active Directory and a Directory config, and it's all working well. I'm able to boot up an ec2 instance into the appropriate subnet, configure it's DNS servers and join the AD I've created.
Here is a sample instance in pulumi typescript:
const imageId = "ami-0cd601a22ac9e6d79"; const instance = new aws.ec2.Instance("instance", { ami: imageId, instanceType: "t2.medium", vpcSecurityGroupIds: [main.vpc.defaultSecurityGroupId], subnetId: main.publicSubnetIds[0], tags: { Name: `${name}-admin-instance`, }, });
I've been trying to create an ImageBuilder and/or Fleet and get it to use the AD. I've tried creating them in pulumi, and in the web console. But every time I get the following error: DOMAIN_JOIN_ERROR_NO_SUCH_DOMAIN: The specified domain either does not exist or could not be contacted.
I'm using the same subnet and security group that I used to run the ec2 instance so I don't think they are the issue.
Could anyone explain why I'm getting this error and how can I fix it?
- Newest
- Most votes
- Most comments
The issue has been resolved - I was missing a DHCP Option Set for the VPC. This Option Set needed to list the DNS addresses of my Directory Service. In pulumi typescript this looks like this:
// main is the vpc // testAD is the Active Directory const optionSet = new aws.ec2.VpcDhcpOptions( "optionSet", { domainName: testAD.name, domainNameServers: testAD.dnsIpAddresses, tags: { Name: `${name}`, }, }, { dependsOn: main } ); new aws.ec2.VpcDhcpOptionsAssociation( "optionSetAssociation", { vpcId: main.vpcId, dhcpOptionsId: optionSet.id, }, { dependsOn: optionSet } );
Hello ede,
did the directory attachment to the fleet itself work?
Where exactly do you get the error?
Thanks in advance
Heiko
Relevant content
- Accepted Answerasked 2 years ago
- asked 2 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- How do I mount an Amazon EFS volume to an application directory in an Elastic Beanstalk environment?AWS OFFICIALUpdated 3 months ago
I don't think so, I've been trying ImageBuilder today, it starts up move to status 'Pending', then after about 10 minutes moves to status 'Stopped' with the error above. It never gets to run. I can try w/ Fleet and report back.
@HeikoMR - the attachment to the fleet does not work either. I get the error in the AWS Web Console at the very top in the 'Notifications' pane. Exact same error:
DOMAIN_JOIN_ERROR_NO_SUCH_DOMAIN.