Troubleshooting Simple AD
The following can help you troubleshoot some common problems you might encounter when creating or using your Simple AD Active Directory.
Topics
- Password recovery
- I receive a 'KDC can't fulfill requested option' error when adding a user to Simple AD
- I am not able to update the DNS name or IP address of an instance joined to my domain (DNS dynamic update)
- I can't log onto SQL Server using a SQL Server account
- My Simple AD is stuck in the 'Requested' state
- I receive an 'AZ constrained' error when I create a Simple AD
- Some of my users can't authenticate with my Simple AD
- Additional resources
- Troubleshooting Simple AD directory status messages
Password recovery
If a user forgets a password or is having trouble signing in to your Simple AD directory, you can reset their password using either the Amazon Web Services Management Console, Windows PowerShell or the Amazon CLI.
For more information, see Resetting a Simple AD user password.
I receive a 'KDC can't fulfill requested option' error when adding a user to Simple AD
This can occur when the Samba CLI client does not correctly send the 'net' commands to all domain controllers. If you see this error message when using the 'net ads' command to add a user to your Simple AD directory, use the -S argument and specify the IP address of one of your domain controllers. If you still see the error, try the other domain controller. You can also use the Active Directory Administration Tools to add users to your directory. For more information, see Installing the Active Directory Administration Tools for Simple AD.
I am not able to update the DNS name or IP address of an instance joined to my domain (DNS dynamic update)
DNS dynamic updates are not supported in Simple AD domains. You can instead make the changes directly by connecting to your directory using DNS Manager on an instance that is joined to your domain.
I can't log onto SQL Server using a SQL Server account
You might receive an error if you attempt to use SQL Server Management Studio (SSMS)
with a SQL Server account to log into SQL Server running on a Windows 2012 R2 Amazon EC2
instance. The issue occurs when SSMS runs as a domain user and can result in the error
Login failed for user
, even when valid credentials are provided. This is a known issue
and Amazon is actively working to resolve it.
To work around the issue, you can log into SQL Server with Windows Authentication instead of SQL Authentication. Or launch SSMS as a local user instead of a Simple AD domain user.
My Simple AD is stuck in the 'Requested' state
If you have a Simple AD that has been in the Requested
state for more than five
minutes, try deleting the directory and recreating it. If this problem persists, contact
the Amazon Web Services Support Center
I receive an 'AZ constrained' error when I create a Simple AD
Some Amazon accounts created before 2012 might have access to Availability Zones in the US East (N. Virginia), US West (N. California), or Asia Pacific (Tokyo) Region that do not support Amazon Directory Service directories. If you receive an error such as this when creating a directory, choose a subnet in a different Availability Zone and try to create the directory again.
Some of my users can't authenticate with my Simple AD
Your user accounts must have Kerberos preauthentication enabled. This is the default
setting for new user accounts, and it should not be modified. For more information about
this setting, go to Preauthentication
Additional resources
The following resources can help you troubleshoot as you work with Amazon.
-
Amazon Knowledge Center
–Find FAQs and links to other resources to help you troubleshoot issues. -
Amazon Support Center
–Get technical support. -
Amazon Premium Support Center
–Get premium technical support.