I am trying to communicate between two ec2 instances which are having windows server 2008 installed. On one of the server I have installed Active directory and I want to bring another ec2 instance under one active directory.
I'm new to Amazon with active directory.
The problem I am trying to address is Installing dynamics CRM on these two ec2 instances. From my assumption or understanding, CRM requires a CRM web server and SQL server under 1 Active directory.
Any comments with links or suggestions would be very much appreciated.
Active Directory relies on DNS, so it all depends how you setup DNS for your instances.
But in summary if instance A is the domain controller for my.domain.com and instance B wants to join the domain then you have to make sure that instance B can get to instance A by resolving my.domain.com to the right IP address of A.
When you create an Active Directory domain controller, the controller itself automatically becomes a DNS server so the easiest way is just to make the default DNS server for instance B the actual IP address of instance A (you should be able to use the internal Amazon IP address as long as it's pingable)
Hope this helps.
Related
I am trying to set up SSM on Windows.
I have an ASG in a private subnet (absolutely 0 internet access). I can not use NAT, only VPC endpoints.
In the instance launch configuration, I have a PowerShell script that uses Set-DnsClientServerAddress so that the instance can find and join an AWS Managed MS AD service. I would also like to set up the instance so it can be fully managed with SSM.
The problem comes with the DNS Client Server Address.
When I set it to match the address of the AD service SSM will not work.
When I leave the DNS Client Server Address default, SSM works but I can not join the AD.
I tried forcing the SSM Agent to use the endpoints by creating a amazon-ssm-agent.json file and setting all three endpoints in there. This allowed the instance to show on the Managed Instance list, but its status never changed from pending and requests from within the instance still timed out.
Does anyone know the magic sauce to get these things all working at the same time?
EDIT 1:
I also tried adding a forward as described in this thread, however I'm either missing somethign or it is not working for my case:
https://forums.aws.amazon.com/thread.jspa?messageID=919331󠜣
It turns out that adding the forwarder as described in the link above worked. The part I was missing was joedaws comment, "I would also remove the existing 169.254.169.253 entry so that only the 10.201.0.2 ip address is in the list".
Of course, my IPs are different, but once I removed the preexisting forward so that my x.x.x.2 IP was the only one in the list (I did this for both of the AD DNS servers) the instance was discoverable by SSM.
So, I would make a minor change to the list that saugy wrote:
On a domain joined windows instance, log in with AD domain Admin user
Open DNS manager
Connect to one of the DNS IP addresses for the AWS AD
Select forwarders
Add the VPC's DNS IP (x.x.x.2 from you VPC's CIDR range)
Remove the existing IP (so you VPCs IP is the only one)
Click Apply
Repeat from step 3 with the other DNS IP address for the AWS AD (not 1
Also, as mentioned in the other post. This only has to be done once and the settings persist in the AD DNS.
I am curious about Amazon webservices and so I thought of creating a dynamic webpage with Amazon EC2. I created an instance, installed apache and php and made sure it is working in EC2(using remote access). I have assigned a elastic IP to the instance. My question is how to access the webpage that I created in the instance. I am not sure what to give the servername in httpd.conf. My goal is access the page like http://amazonaddress/test.php
I am using windows server, but I think it is basically the same. My documents are in the same folder as mentioned in conf file. But when I use my elastic IP, it isn't working . Not even the basic index page in the apache htdocs(that's the home folder according to conf). To throw more light I will explain what I have done till now.
I have created a micro instance(EC2) and logged into it using remote desktop. I have installed apache msi file and php after that. I have created a elasticIP and attached the instance and to my security group I have added http service to port 80. I have tested if localhost is working in my remote machine(points to index.html). After that I have tried accessing it using elastic IP and it just times out. Is there any step I have missed?
You can access it via http://255.255.255.255 where you replace the 255.255.255.255 with your elastic IP address.
Then you want to setup DNS for your domain name. So you'll need to create an A Record mapping www.yourdomain.com to whatever your elastic IP address is. You can usually do this via your domain name registrar as most of them also run basic DNS services for free.
You can access an ec2 instance using it's public DNS name (or elastic IP since you already have one of those), which can be seen in the instances description tab. Configuring your personal domain name to point to that server will involve creating an A Record mapping to that public IP.
Assuming apache has been setup correctly, that's all you should need to do to get started (and your test.php page is in /var/www/). For your purposes, you probably shouldn't even need to modify the httpd.conf file at all.
Also, be sure to remember to open a port on the security group (under Network & Security from the EC2 Console) that the instance belongs to. In your example, you will want to open port 80 inbound with source 0.0.0.0/0 (unless you want to limit access to a specific IP range).
Hope this helps.
I've set up 2 instances of Windows Server 2008 on EC2. I want one to act as the database server and the other as the client. For the client app to work it needs to be able to connect to the server instance with ALL of these things:
IP address of the database instance
access through a given UDP port
server name e.g. \\MyServer
an actual physical path through to its database e.g. \\UNC\SharedFolder\MyDatabaseFolder
I'm a complete novice with EC2. Is there anyway I can set this up?
Many thanks
At least three of the four are completely possible and I have worked with similar setups. Maybe someone else knows more about the UDP bit.
IP address of the database instance
That is standard on EC2. All instances have two network interfaces, one EC2 internal and one to the outside world. For communication between instances use the internal one. Data traffic over these interfaces is free.
Access through a given UDP port
I have never tried UDP communication in EC2, but if it works you should probably keep it within a local network of your own, i.e. a virtual private cloud (VPC).
Server name e.g. \MyServer
This kind of host name lookup does not need a name server, although you certainly could run one (preferably within a VPC). If you put the server name and (internal) IP into your hosts file (%systemroot%\system32\drivers\etc\hosts) you don't need a name server, though.
An actual physical path through to its database e.g. \UNC\SharedFolder\MyDatabaseFolder
Folder sharing should work the same as with any other Windows machine, but even that should probably be kept within a VPC.
Setting up a VPC can be a little steep to start with, but the documentation is good and the hard bits are often not needed (such as VPN tunnels). Have a look at the example scenarios and follow the one best matching your needs.
I have a three-tier Windows-based web application bundled into 3 AMIs on Amazon EC2 that I use for load testing.
An ASP.NET web application on IIS
An .NET application server
SQL Server
After I launch them, the config files of each tier needs modifying to update the IP addresses.
At the moment I am doing this manually: I connect to the webserver instance via remote desktop and modify the config file to point to the new IP of the application server instance. Then I do the same with the application server to change the IP in the connection string.
This must be a common requirement and I must be missing something obvious. There must be a better way!
I could use Elastic IP addresses, but these machines are only provisioned for a couple of hours at a time, and I would be charged for the addresses when they were NOT in use (which would be most of the time).
Is there some way of persistently naming the machines? Can I somehow get all the machines on the same network and use machine names instead of IP addresses?
I could write some nifty PowerShell script that would perform the modifications remotely. Is there an example somewhere?
I could use a dynamic IP address service. I'm not sure if this would have any negative effect on performance or availability... Are there any downsides to this approach?
I could install some sort of self-configuring service on each machine (which connects to S3? SNS? SimpleDB?) to publish/retrieve the addresses of the other machines and update the config files automatically. Is there an example somewhere?
What is best practice?
You could use Amazon Virtual Private Cloud (Amazon VPC). You have a private subnet where you can assign an IP address to an instance, but it may require launching an instance from command line to assign IP. VPC is charged the same way as EC2.
sorry for this newbie question, as a Developer I never setup a web domain dns on a windows server. I already buy my .com domain, i will get an instance on amazon ec2. How I setup the dns on windows server 2008, to get traffic to my domain? Any tutorial? I have looked, but all i find is setup a local domain. Any tip for Amazon EC2?
Thanks
For most domain name hosts, they'll have some sort of way for you to link the domain name to a particular ip address or other domain name, both of which you can get from Amazon AWS. You can link an elastic ip that is associated with your instance and it'll work like a charm.
Assign an Elastic IP address to your server
Use your ISP's/Domain registrar's DNS tools to point your domain name at this ip address. The exact steps here will vary depending on who controls your domains DNS settings.
In iis, right-click on your site and choose edit bindings. Set your domain name as the host name (eg www.mydomain.com)