Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
25,048 questions
Microsoft Entra Domain Services Blocking TCP Port 53 DNS
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 46%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Jeremy Hall
0
Reputation points
Hello,
I am attempting to connect to my Microsoft Entra Domain by setting up an AWS AD Connector directory at AWS. Every time I attempt to create the AD Connector directory the process fails with the error message: : DNS unavailable (TCP port 53) for IP: 10.0.0.4.
I ran an AWS Directory Service Port Test from my AWS environment and I receive the below results when trying to reach TCP ports to 10.0.0.4:
“Testing TCP ports to 10.0.0.4:
Checking TCP port 53: FAILED
Checking TCP port 88: FAILED
Checking TCP port 389: FAILED
It seems there is something on my Microsoft Entra Domain that is blocking TCP Port 53 to the Entra Domain Services IP address.
I created a Site-to-Site VPN connection between AWS and Azure and the Site-to-Site is showing as UP at AWS.
I created a Network Security Group and associated it with the vnics of the DNS servers created within Entra Domain Services and allowed TCP Port 53 Inbound on the Network Security Group coming from my AWS VPC.
There must be something I am missing that is blocking the domain from being reachable outside of Azure. Any help is appreciated.'
Thanks.
Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Marcin Policht 49,405 Reputation points MVP Volunteer Moderator2024-04-24T18:26:58.7+00:00 Install DNS server on one of the VMs connected to the virtual network where the Entra Domain Services is running and use it as an intermediary
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
-
Jeremy Hall 0 Reputation points
2024-04-24T19:04:41.9133333+00:00 I also tried to add a test Windows EC2 instance to the domain. When I attempt to change from a Workgroup to a Domain joined PC, the following error message displays:
“An Active Directory Domain Controller (AD DC) for the domain mydomain.com could not be contacted.
Ensure that the domain name is typed correctly.
If the name is correct, click Details for troubleshooting information.”
When I click Details the below message code displays:
“The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "mydomain.com":
The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)
The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain.com
The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
10.0.0.5
10.0.0.4
Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.”
-
Marcin Policht 49,405 Reputation points MVP Volunteer Moderator
2024-04-24T21:19:41.1933333+00:00 That's not supported. Entra Domain Services join is available only for Azure VMs within the Entra Domain services vnets.
hth
Marcin
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT 35,606 Reputation points Microsoft Employee Moderator2024-04-25T07:09:11.0766667+00:00 @Jeremy Hall Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.
Sign in to comment
Sign in to answer