Validieren des Netzwerks - Amazon Relational Database Service

Die vorliegende Übersetzung wurde maschinell erstellt. Im Falle eines Konflikts oder eines Widerspruchs zwischen dieser übersetzten Fassung und der englischen Fassung (einschließlich infolge von Verzögerungen bei der Übersetzung) ist die englische Fassung maßgeblich.

Validieren des Netzwerks

Bevor Sie Ihre RDS-Custom-Instance entweder zu selbstverwaltetem oder AWS Managed Microsoft AD hinzufügen, überprüfen Sie Folgendes von einer EC2-Instance in derselben VPC, in der Sie die Instance von RDS Custom für SQL Server starten möchten.

  • Prüfen Sie, ob Sie den vollständig qualifizierten Domain-Namen (FQDN) in Domain-Controller-IPs auflösen können.

    nslookup corp.example.com

    Der Befehl muss eine Ausgabe ähnlich der folgenden zurückgeben:

    Server:  ip-10-0-0-2.us-west-2.compute.internal
Address:  25.0.0.2

Non-authoritative answer:
Name:    corp.example.com
Addresses:  40.0.9.25 (DC1 IP)
            40.0.50.123 (DC2 IP)

  • Lösen Sie AWS-Services von einer EC2-Instance in der VPC auf, in der Sie Ihre RDS-Custom-Instance starten:

    $region='input-your-aws-region'
$domainFQDN='input-your-domainFQDN'
 
function Test-DomainPorts {
    param (
        [string]$Domain,
        [array]$Ports
    )
 
    foreach ($portInfo in $Ports) {
        try {
            $conn = New-Object System.Net.Sockets.TcpClient
            $connectionResult = $conn.BeginConnect($Domain, $portInfo.Port, $null, $null)
            $success = $connectionResult.AsyncWaitHandle.WaitOne(1000) # 1 second timeout
            if ($success) {
                $conn.EndConnect($connectionResult)
                $result = $true
            } else {
                $result = $false
            }
        }
        catch {
            $result = $false
        }
        finally {
            if ($null -ne $conn) {
                $conn.Close()
            }
        }
        Write-Host "$($portInfo.Description) port open: $result"
    }
}
 
# Check if ports can be reached 
$ports = @(
    @{Port = 53;   Description = "DNS"},
    @{Port = 88;   Description = "Kerberos"},
    @{Port = 389;  Description = "LDAP"},
    @{Port = 445;  Description = "SMB"},
    @{Port = 5985; Description = "WinRM"},
    @{Port = 636;  Description = "LDAPS"},
    @{Port = 3268; Description = "Global Catalog"},
    @{Port = 3269; Description = "Global Catalog over SSL"},
    @{Port = 9389; Description = "AD DS"}
)
 
function Test-DomainReachability {
    param (
        [string]$DomainName
    )
    
    try {
        $dnsResults = Resolve-DnsName -Name $DomainName -ErrorAction Stop
        Write-Host "Domain $DomainName is successfully resolving to following IP addresses: $($dnsResults.IpAddress)"
        Write-Host ""
        return $true
    } 
    catch {
        Write-Host ""
        Write-Host "Error Message: $($_.Exception.Message)"
        Write-Host "Domain $DomainName reachability check failed, please Configure DNS resolution"
        return $false
    }
}
 
$domain = (Get-WmiObject Win32_ComputerSystem).Domain
if ($domain -eq 'WORKGROUP') {
    Write-Host ""    
    Write-Host "Host $env:computername is still part of WORKGROUP and not part of any domain"
    }
else {
    Write-Host ""
    Write-Host "Host $env:computername is joined to $domain domain"
    Write-Host ""
    }
 
 
$isReachable = Test-DomainReachability -DomainName $domainFQDN  
if ($isReachable) {
    write-Host "Checking if domain $domainFQDN is reachable on required ports  "
    Test-DomainPorts -Domain $domainFQDN -Ports $ports
}
else {
    Write-Host "Port check skipped. Domain not reachable"
}   
 
 
 
# Get network adapter configuration
$networkConfig = Get-WmiObject Win32_NetworkAdapterConfiguration | 
                 Where-Object { $_.IPEnabled -eq $true } |
                 Select-Object -First 1
 
# Check DNS server settings
$dnsServers = $networkConfig.DNSServerSearchOrder
 
if ($dnsServers) {
    Write-Host "`nDNS Server settings:"
    foreach ($server in $dnsServers) {
        Write-Host "  - $server"
    }
} else {
    Write-Host "`nNo DNS servers configured or unable to retrieve DNS server information."
}
 
write-host ""
 
# Checks reachability to dependent services
$services = "s3", "ec2", "secretsmanager", "logs", "events", "monitoring", "ssm", "ec2messages", "ssmmessages"
 
function Get-TcpConnectionAsync {
    param (
        $ServicePrefix,
        $region
    )
    $endpoint = "${ServicePrefix}.${region}.amazonaws.com"
    $tcp = New-Object Net.Sockets.TcpClient
    $result = $false
 
    try {
        $connectTask = $tcp.ConnectAsync($endpoint, 443)
        $timedOut = $connectTask.Wait(3000)
        $result = $tcp.Connected
    } 
    catch {
        $result = $false
    } 
    return $result
}
 
foreach ($service in $services) {
    $validationResult = Get-TcpConnectionAsync -ServicePrefix $service -Region $region
    Write-Host "Reachability to $service is $validationResult"
}

    Der Wert für TcpTestSucceeded muss True für s3, ec2, secretsmanager, logs, events, monitoring, ssm, ec2messages und ssmmessages zurückgeben.