Problems with your AWS Managed Microsoft AD Problems with Netlogon and secure channel communications You receive a 'Response Status: 400 Bad Request' error when attempting to reset a user's password Password recovery Additional resources

Troubleshooting AWS Managed Microsoft AD

The following can help you troubleshoot some common problems you might encounter when creating or using your AWS Managed Microsoft AD Active Directory.

Problems with your AWS Managed Microsoft AD

Some troubleshooting tasks can only be completed by AWS Support. Here are some of the tasks:

Restarting your AWS Directory Service-provided domain controllers.
Upgrading your AWS Managed Microsoft AD.

To create a support case, see Creating support cases and case management.

Problems with Netlogon and secure channel communications

As a mitigation against CVE-2020-1472, Microsoft has released patching which modifies the way that Netlogon secure channel communications are processed by domain controllers. Since the introduction of these secure Netlogon changes, some Netlogon connections (servers, workstations, and trust validations) may not be accepted by your AWS Managed Microsoft AD.

To verify if your issue is related to Netlogon or secure channel communications, search your Amazon CloudWatch Logs for event IDs 5827 (for device authentication related issues) or 5828 (for AD trust validation related issues). For information about CloudWatch in AWS Managed Microsoft AD, see Enabling Amazon CloudWatch Logs log forwarding for AWS Managed Microsoft AD.

For more information about the mitigation against CVE-2020-1472, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 on Microsoft ’s website.

You receive a 'Response Status: 400 Bad Request' error when attempting to reset a user's password

You receive an error message similar to the following when attempting to reset a user's password:

Response Status: 400 Bad Request

You may experience this issue when there are duplicate objects in your AWS Managed Microsoft AD Organizational Unit (OU) with identical user logon names. User logon names must be unique. See Troubleshooting Directory Data problems in Microsoft documentation for more information.

Password recovery

If a user forgets a password or is having trouble signing in to your AWS Managed Microsoft AD directory, you can reset their password using either the AWS Management Console, Windows PowerShell or the AWS CLI.

For more information, see Resetting an AWS Managed Microsoft AD user password.

Additional resources

The following resources can help you troubleshoot as you work with AWS.

AWS Knowledge Center–Find FAQs and links to other resources to help you troubleshoot issues.
AWS Support Center–Get technical support.
AWS Premium Support Center–Get premium technical support.

The following resources can help you troubleshoot common Active Directory issues.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Quotas

Amazon EC2 Linux instance domain join errors