- Newest
- Most votes
- Most comments
adding 443 rule exception on firewall for ds.eu-central-1.amazonaws.com solved the issue.
Error
2024-02-28 09:22:58 INFO [ssm-agent-worker] [MessageService] [Association] Updating association status { "ErrorCode": "", "ExecutionDate": "2024-02-28T09:22:58.688Z", "ExecutionSummary": "1 out of 1 plugin processed, 0 success, 1 failed, 0 timedout, 0 skipped. \nThe operation aws:domainJoin failed because Failed to create domain computer account 'EC2AMAZ-E363G22', Message=A WebException with status SendFailure was thrown.,ErrorCode=,ErrorType=Sender,StatusCode=0\r\nAmazon.Runtime.AmazonServiceException: A WebException with status SendFailure was thrown. ---\u003e System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---\u003e System.I--output truncated--", "OutputUrl": null, "Status": "InProgress" }
Error Components
-
Operation
aws:domainJoin
failed: This indicates that the specific SSM document action intended to join the EC2 instance to the Active Directory domain was unsuccessful. -
Failed to create domain computer account 'EC2AMAZ-E363G22': The process could not create a computer account in the Active Directory for the EC2 instance. This step is crucial for the domain join operation, as it registers the EC2 instance in the AD domain.
-
A WebException with status SendFailure was thrown: This suggests a problem with the HTTP request made by the SSM agent or a related process. The
SendFailure
typically indicates that the request could not be sent over the network. -
The underlying connection was closed: An unexpected error occurred on a send: This further clarifies that the network connection used for the operation was unexpectedly closed during the process of sending data.
Possible Causes
-
Network Connectivity Issues: There might be issues with the network configuration, such as incorrect security group settings, network ACLs, or problems with the VPC setup, preventing successful communication with the Active Directory services.
-
Firewall or Security Appliance Blocking: A firewall, either in AWS or on-premises, could be blocking the necessary ports or protocols used for domain join operations and AD communications.
-
AD Connector or Direct AD Issue: If you're using AD Connector, there may be a configuration issue or connectivity problem between AD Connector and your on-premises AD. Alternatively, if directly connected to AD, there might be a similar connectivity or configuration issue.
-
SSM Agent or Instance Configuration: The SSM agent might be misconfigured, or there could be an issue with the instance's configuration preventing successful domain join operations.
Relevant content
- asked 8 months ago
- asked a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 4 months ago