Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS Managed Microsoft AD Hybrid Edition Directory Assessment testDcDiag fails with INTERNAL_EXCEPTION: Cannot index into a null array

0

I am creating an AWS Managed Microsoft AD Hybrid Edition directory assessment for a self-managed AD domain.

The assessment fails only at DC Diagnostic Test.

The failed SSM command invocation is:

CommandId: 71d0f94f-cf15-437c-ac2a-8afc8ea74493 Document: AWS-RunPowerShellScript Targets:

  • IT-Tommy-aws.tommyaws.shop / mi-0f3817d698a0aa68b
  • IT-Tommy-aws2.tommyaws.shop / mi-01bb8489ccb5d415c

Both return:

{ "Output": {}, "Error": [ { "ErrorMessage": "Exception raised Cannot index into a null array.", "ErrorCode": "INTERNAL_EXCEPTION" } ], "TestPassed": false, "Warn": "", "TestName": "testDcDiag" }

This happened in two separate assessments. The previous failed commandId was: 301023e1-dda1-4882-9790-0c64fee50e37

Local validation:

  • dcdiag /c passes locally.
  • repadmin /replsummary shows 0 failures.
  • SYSVOL and NETLOGON are accessible.
  • DNS A, SRV, and PTR records are consistent.
  • AD Site subnet 172.16.100.0/24 is mapped to Default-First-Site-Name.
  • Reverse zone 100.16.172.in-addr.arpa is AD-integrated.
  • SSM Agent is online.
  • SSM endpoints resolve and TCP 443 succeeds.
  • No SSM connectivity errors were seen at the assessment failure time.

The domain controllers are Korean-localized Windows Server systems, and local DCDiag output is in Korean.

Question: Does AWS Directory Assessment testDcDiag support localized/non-English DCDiag output? Is this INTERNAL_EXCEPTION likely caused by the AWS testDcDiag parser/script rather than a real Microsoft DCDiag failure?

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS Systems ManagerAWS Directory Service
Language
English
asked a month ago76 views
2 Answers
0

Based on the error message "Cannot index into a null array" and the context you've provided, this appears to be a parsing issue rather than an actual DCDiag failure. The fact that DCDiag passes locally on your domain controllers but fails during the AWS Directory Assessment strongly suggests that the AWS testDcDiag script is encountering unexpected output format.

The Korean-localized Windows Server systems are very likely the root cause of this issue. The AWS Directory Assessment testDcDiag test appears to expect English-language output from the DCDiag command. When the script receives Korean-localized output instead, it cannot properly parse the results, leading to the "Cannot index into a null array" error when it tries to access expected array elements that don't exist due to the parsing failure.

This is an internal exception within the AWS assessment framework rather than a genuine Active Directory health issue. Your local validation confirms that your domain controllers are functioning correctly - DCDiag passes, replication is healthy, SYSVOL and NETLOGON are accessible, and DNS records are properly configured.

To resolve this issue and successfully create your hybrid directory, you should contact AWS Support. They can either:

  1. Provide guidance on temporarily changing the system locale to English for the assessment
  2. Work with the service team to address the localization compatibility issue
  3. Potentially run a modified assessment that can handle non-English output

Since a passed directory assessment is required to create a hybrid directory, and this is a limitation of the assessment tooling rather than an actual directory health problem, AWS Support intervention will be necessary to proceed with your Hybrid Edition deployment.
Sources
Troubleshooting hybrid directory and directory assessment - AWS Directory Service
Extend your Active Directory domain to AWS with AWS Managed Microsoft AD (Hybrid Edition) | Microsoft Workloads on AWS
Directory Assessment Error Messages - AWS Directory Service

answered a month ago
EXPERT
reviewed a month ago
0

After changing both domain controllers to English locale and confirming dcdiag output is now English, we created another Directory Assessment.

The DC Diagnostic Test still failed.

New failed SSM command:

  • CommandId: d3ced192-912e-4201-9b9b-2045674bf2ed
  • Time: 2026-05-11T07:40:18 UTC
  • Status: Failed
  • Errors: 2
  • Document: AWS-RunPowerShellScript

All other AWS-RunPowerShellScript commands in the same assessment succeeded. Please investigate this command’s backend result and confirm why testDcDiag fails even after localized DCDiag output was changed to English.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content