# Troubleshooting Amazon Managed Microsoft AD
<a name="ms_ad_troubleshooting"></a>

The following can help you troubleshoot some common problems you might encounter when creating or using your Amazon Managed Microsoft AD Active Directory.

## Problems with your Amazon Managed Microsoft AD
<a name="general_issues"></a>

Some troubleshooting tasks can only be completed by Amazon Web Services Support. Here are some of the tasks:
+ Restarting your Amazon Directory Service-provided domain controllers.
+ [Upgrading your Amazon Managed Microsoft AD](ms_ad_upgrade_edition.md).

To create a support case, see [Creating support cases and case management](https://docs.amazonaws.cn/awssupport/latest/user/case-management.html).

## Problems with Netlogon and secure channel communications
<a name="ms_ad_tshoot_netlogon_issues"></a>

As a mitigation against [CVE-2020-1472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472), Microsoft has released patching which modifies the way that Netlogon secure channel communications are processed by domain controllers. Since the introduction of these secure Netlogon changes, some Netlogon connections (servers, workstations, and trust validations) may not be accepted by your Amazon Managed Microsoft AD.

To verify if your issue is related to Netlogon or secure channel communications, search your Amazon CloudWatch Logs for event IDs 5827 (for device authentication related issues) or 5828 (for AD trust validation related issues). For information about CloudWatch in Amazon Managed Microsoft AD, see [Enabling Amazon CloudWatch Logs log forwarding for Amazon Managed Microsoft AD](ms_ad_enable_log_forwarding.md).

For more information about the mitigation against CVE-2020-1472, see [How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472](https://support.microsoft.com/en-us/topic/how-to-manage-the-changes-in-netlogon-secure-channel-connections-associated-with-cve-2020-1472-f7e8cc17-0309-1d6a-304e-5ba73cd1a11e) on Microsoft 's website.

## You receive a 'Response Status: 400 Bad Request' error when attempting to reset a user's password
<a name="ms_ad_tshoot_reset_password"></a>

You receive an error message similar to the following when attempting to reset a user's password:

`Response Status: 400 Bad Request`

You may experience this issue when there are duplicate objects in your Amazon Managed Microsoft AD Organizational Unit (OU) with identical user logon names. User logon names must be unique. See [Troubleshooting Directory Data problems](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727059(v=technet.10)?redirectedfrom=MSDN) in Microsoft documentation for more information.

## Password recovery
<a name="ms_ad_tshoot_password_recovery"></a>

If a user forgets a password or is having trouble signing in to your Amazon Managed Microsoft AD directory, you can reset their password using either the Amazon Web Services Management Console, PowerShell or the Amazon CLI.

For more information, see [Resetting an Amazon Managed Microsoft AD user password](ms_ad_manage_users_groups_reset_password.md).

## Additional resources
<a name="troubleshoot_general_resources"></a>

The following resources can help you troubleshoot as you work with Amazon.
+ **[Amazon Knowledge Center](https://www.amazonaws.cn/premiumsupport/knowledge-center/)**–Find FAQs and links to other resources to help you troubleshoot issues.
+ **[Amazon Support Center](https://console.amazonaws.cn/support/home#/)**–Get technical support.
+ **[Amazon Premium Support Center](http://www.amazonaws.cn/support-plans/)**–Get premium technical support.

The following resources can help you troubleshoot common Active Directory issues.
+ [Active Directory Documentation](https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/active-directory-overview)
+ [AD DS Troubleshooting](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-ds-troubleshooting)

**Topics**
+ [Problems with your Amazon Managed Microsoft AD](#general_issues)
+ [Problems with Netlogon and secure channel communications](#ms_ad_tshoot_netlogon_issues)
+ [You receive a 'Response Status: 400 Bad Request' error when attempting to reset a user's password](#ms_ad_tshoot_reset_password)
+ [Password recovery](#ms_ad_tshoot_password_recovery)
+ [Additional resources](#troubleshoot_general_resources)
+ [Amazon EC2 Linux instance domain join errors](ms_ad_troubleshooting_join_linux.md)
+ [Amazon Managed Microsoft AD low available storage space](ms_ad_troubleshooting_low_storage_space.md)
+ [Schema extension errors](ms_ad_troubleshooting_schema.md)
+ [Trust creation status reasons](ms_ad_troubleshooting_trusts.md)
+ [Troubleshooting Amazon Managed Microsoft AD high CPU utilization](ms_ad_troubleshooting_high_cpu.md)