Validazione della rete

Prima di aggiungere l'istanza RDS Custom alla gestione automatica o AWS Managed Microsoft AD, verifica quanto segue da un' EC2 istanza nello stesso VPC in cui intendi avviare l'istanza RDS Custom per SQL Server.

Verifica se sei in grado di risolvere il nome di dominio completo (FQDN) nel controller di dominio. IPs


nslookup corp.example.com

Il comando deve restituire un risultato simile:


Server:  ip-10-0-0-2.us-west-2.compute.internal
Address:  25.0.0.2

Non-authoritative answer:
Name:    corp.example.com
Addresses:  40.0.9.25 (DC1 IP)
            40.0.50.123 (DC2 IP)

Risolvi AWS i servizi da un' EC2 istanza nel VPC in cui stai lanciando l'istanza personalizzata RDS:


$region='input-your-aws-region'
$domainFQDN='input-your-domainFQDN'
 
function Test-DomainPorts {
    param (
        [string]$Domain,
        [array]$Ports
    )
 
    foreach ($portInfo in $Ports) {
        try {
            $conn = New-Object System.Net.Sockets.TcpClient
            $connectionResult = $conn.BeginConnect($Domain, $portInfo.Port, $null, $null)
            $success = $connectionResult.AsyncWaitHandle.WaitOne(1000) # 1 second timeout
            if ($success) {
                $conn.EndConnect($connectionResult)
                $result = $true
            } else {
                $result = $false
            }
        }
        catch {
            $result = $false
        }
        finally {
            if ($null -ne $conn) {
                $conn.Close()
            }
        }
        Write-Host "$($portInfo.Description) port open: $result"
    }
}
 
# Check if ports can be reached 
$ports = @(
    @{Port = 53;   Description = "DNS"},
    @{Port = 88;   Description = "Kerberos"},
    @{Port = 389;  Description = "LDAP"},
    @{Port = 445;  Description = "SMB"},
    @{Port = 5985; Description = "WinRM"},
    @{Port = 636;  Description = "LDAPS"},
    @{Port = 3268; Description = "Global Catalog"},
    @{Port = 3269; Description = "Global Catalog over SSL"},
    @{Port = 9389; Description = "AD DS"}
)
 
function Test-DomainReachability {
    param (
        [string]$DomainName
    )
    
    try {
        $dnsResults = Resolve-DnsName -Name $DomainName -ErrorAction Stop
        Write-Host "Domain $DomainName is successfully resolving to following IP addresses: $($dnsResults.IpAddress)"
        Write-Host ""
        return $true
    } 
    catch {
        Write-Host ""
        Write-Host "Error Message: $($_.Exception.Message)"
        Write-Host "Domain $DomainName reachability check failed, please Configure DNS resolution"
        return $false
    }
}
 
$domain = (Get-WmiObject Win32_ComputerSystem).Domain
if ($domain -eq 'WORKGROUP') {
    Write-Host ""    
    Write-Host "Host $env:computername is still part of WORKGROUP and not part of any domain"
    }
else {
    Write-Host ""
    Write-Host "Host $env:computername is joined to $domain domain"
    Write-Host ""
    }
 
 
$isReachable = Test-DomainReachability -DomainName $domainFQDN  
if ($isReachable) {
    write-Host "Checking if domain $domainFQDN is reachable on required ports  "
    Test-DomainPorts -Domain $domainFQDN -Ports $ports
}
else {
    Write-Host "Port check skipped. Domain not reachable"
}   
 
 
 
# Get network adapter configuration
$networkConfig = Get-WmiObject Win32_NetworkAdapterConfiguration | 
                 Where-Object { $_.IPEnabled -eq $true } |
                 Select-Object -First 1
 
# Check DNS server settings
$dnsServers = $networkConfig.DNSServerSearchOrder
 
if ($dnsServers) {
    Write-Host "`nDNS Server settings:"
    foreach ($server in $dnsServers) {
        Write-Host "  - $server"
    }
} else {
    Write-Host "`nNo DNS servers configured or unable to retrieve DNS server information."
}
 
write-host ""
 
# Checks reachability to dependent services
$services = "s3", "ec2", "secretsmanager", "logs", "events", "monitoring", "ssm", "ec2messages", "ssmmessages"
 
function Get-TcpConnectionAsync {
    param (
        $ServicePrefix,
        $region
    )
    $endpoint = "${ServicePrefix}.${region}.amazonaws.com"
    $tcp = New-Object Net.Sockets.TcpClient
    $result = $false
 
    try {
        $connectTask = $tcp.ConnectAsync($endpoint, 443)
        $timedOut = $connectTask.Wait(3000)
        $result = $tcp.Connected
    } 
    catch {
        $result = $false
    } 
    return $result
}
 
foreach ($service in $services) {
    $validationResult = Get-TcpConnectionAsync -ServicePrefix $service -Region $region
    Write-Host "Reachability to $service is $validationResult"
}

Il TcpTestSucceeded valore deve restituire True pers3,,ec2,secretsmanager,logs, events monitoringssm, ec2messages e. ssmmessages

Avvertimento JavaScript è disabilitato o non è disponibile nel tuo browser.

Per usare la documentazione AWS, JavaScript deve essere abilitato. Consulta le pagine della guida del browser per le istruzioni.

Convenzioni dei documenti

Regole delle porte di configurazione della rete

Configurazione dell'autenticazione di Windows