Resolve domain connectivity issues between EC2 instances and domain controllers in AWS VPCs with minimal hassle. Learn how AWS Network Manager and VPC flow logs help diagnose and fix connection problems effectively.
Table of Contents
Question
A company is using a shared services VPC with two domain controllers. The domain controllers are deployed in the company’s private subnets. The company is deploying a new application into a new VPC in the account. The application will be deployed onto an Amazon EC2 for Windows Server instance in the new VPC. The instance must join the existing Windows domain that is supported by the domain controllers in the shared services VPC.
A transit gateway is attached to both the shared services VPC and the new VPC. The company has updated the route tables for the transit gateway, the shared services VPC, and the new VPC. The security groups for the domain controllers and the instance are updated and allow traffic only on the ports that are necessary for domain operations. The instance is unable to join the domain that is hosted on the domain controllers.
Which combination of actions will help identify the cause of this issue with the LEAST operational overhead? (Choose two.)
A. Use AWS Network Manager to perform a route analysis for the transit gateway network. Specify the existing EC2 instance as the source. Specify the first domain controller as the destination. Repeat the route analysis for the second domain controller.
B. Use port mirroring with the existing EC2 instance as the source and another EC2 instance as the target to obtain packet captures of the connection attempts.
C. Review the VPC flow logs on the shared services VPC and the new VPC.
D. Issue a ping command from one of the domain controllers to the existing EC2 instance.
E. Ensure that route propagation is turned off on the shared services VPC.
Answer
A. Use AWS Network Manager to perform a route analysis for the transit gateway network. Specify the existing EC2 instance as the source. Specify the first domain controller as the destination. Repeat the route analysis for the second domain controller.
C. Review the VPC flow logs on the shared services VPC and the new VPC.
Explanation
Using AWS Network Manager, perform a route analysis from the new EC2 instance to each domain controller via the transit gateway, identifying potential routing issues. Additionally, reviewing VPC flow logs in both the shared services and new VPC can reveal insights into traffic flow and potential connectivity problems.
AWS Certified Advanced Networking – Specialty ANS-C01 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.