Share via

Disconnect from AD random

Anonymous
2023-11-01T17:35:53+00:00

Hello, I have an ec2 windows server 2019 instance in AWS.
Why, after some time, when I try to login into an windows ec2 instance with AD credentials I get this message? (picture)

The instance is bootstrapped from user data to join AD at launch. 

I mean it works for about 2 hours or so and then it throws me this message. 

How can it looses the trust... 

I don't have access to AD controller so I cannot see what is happening from the "other" part. 
If I try to leave the AD and rejoin I get an error that it says that the computer already exists.

![](https://filestore.community.support.microsoft.com/api/images/36f2d233-fe0d-4e2c-be2f-71aae31b8997?upload=true&fud_access=wJJIheezUklbAN2ppeDns8cDNpYs3nCYjgitr%2BfFBh2dqlqMuW7np3F6Utp%2FKMltnRRYFtVjOMO5tpbpW9UyRAwvLeec5emAPixgq9ta07Dgnp2aq5eJbnfd%2FU3qhn54JuvfuOUAUY8h3hsdAIM7gJR56viJXhjk%2BVRCdygjV%2FpO5cCvTRaFBQtybUYRGQo3wLX%2F29jz6OBtzOYemYMqKyzekADWJzkPIpP7%2FRY2DMFCkUGyAG%2FQJEINL25VR%2F6hVi%2BASf2RyKtnyz4Ra9vpnqaZxUrICxccFWAGuxvolbb3YxuHdPCfAOciFk%2B5MNYnvLnt%2F0fUjEUM3u5vp9hBii1h%2Bl7zYaXue9%2BSR%2BseiGpiFaVScyuiNNUgBKAAf9MWBBCpStTz6uKxrUxzoGMxv%2F1n5%2FDeKVgOcrSBRlomLKc%3D)

Windows for business Windows Server Directory services Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-11-02T01:14:25+00:00

    Hello George Dobrisan,

    Thank you for posting in Microsoft Community forum.

    If I try to leave the AD and rejoin I get an error that it says that the computer already exists.
    A: If you leave the machine from the AD, then you can ask the AD administrator to remove/delete the same machine on Domain Controller, after that you can try to reboot the machine and rejoin it to domain.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2023-11-02T07:15:50+00:00

    Thank you. It's a little bit difficult because I'm trying to test something and I cannot bother AD admin with this on 2 hours cycle :)
    Any ideas why this behavior with the instance that suddenly looses it's trust with AD or why is throwing that message?
    I noticed that it happens right after my RDP client goes idle.

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2023-11-02T08:39:27+00:00

    Hello George Dobrisan,

    Thank you for your reply.

    Did you mean the issue occurs once every two time? Or after RDP client goes idle?

    You can try to check whether the high-bit port below is exhausted or occupied when the issue occurs.

    Service Protocol Ports
    W32Time UDP 49152 -65535
    RPC Endpoint Mapper TCP 49152 -65535
    Kerberos password change TCP 49152 -65535
    RPC for LSA, SAM, Netlogon (*) TCP 49152 -65535
    LDAP TCP/UDP 49152 -65535
    LDAP SSL TCP 49152 -65535
    LDAP GC TCP 49152 -65535
    LDAP GC SSL TCP 49152 -65535
    DNS TCP/UDP 49152 -65535
    FRS RPC (*) TCP 49152 -65535
    Kerberos TCP/UDP 49152 -65535
    SMB (**) TCP/UDP 49152 -65535
    DFSR RPC (*) TCP 49152 -65535

    Best Regards,
    Daisy Zhou

    1 person found this answer helpful.
    0 comments