Cannot RDP to 2019 Domain Controller - AWS Build
Closed this issue · 1 comments
I seem to have successfully built the Environment. I am running the DC as a 2016 server in this latest rendition and also tried 2019 with another 2019 member server and the SPLUNK server + Guacamole.
The params I've used on this latest iteration give me the 'environment was built successfully output' at the end with machine access creds and IP addresses. The EC2 instances are created successfully, I can access the SPLUNK server, Guacamole, and the Non-Domain controller via RDP without issues. When I try to access the domain controller via RDP from my Windows host I receive the following error: " A user account restriction (for example, a time-of-day restriction) is preventing you from logging on. Please contact a system admin for assistance...."
I tried using Session Manager within AWS, the RDP download file from within the EC2 console, and Guacamole. The connections exit with generic errors that do not directly reveal the issue. The only reason i want to connect to the DC is to verify BadBlood has run and successfully populated the domain with objects to attack (maybe not necessary).
Has anyone else encountered and overcome this problem? I've even detached the EBS volume, attached it to the RDP accessible member server, and assessed the GPO settings for RDP firewall rules, Terminal Services GPO's and all seems to be allowing 3389 RDP.
Nevermind. There appears to be issues (at least for me) with the parameters you provide in the aws configure command. The environment in my experience over about 12 attempts is that you will only achieve a successful build under tightly controleld circumstances. Not sure if there are AWS regional considerations but any other options I chose resulted in a dysfunctional, non-connectable or incomplete build full of issues:
? do you want to use packer for prebuilt images? Yes
configuring attack_range settings
? detected existing key in /attack_range/root-77290.key, would you like to use it No
? generate a new ssh key pair for this range Yes
new aws ssh created: /attack_range/root-80402.key
? enter region to build in. us-west-1
? enter public ips that are allowed to reach the attack_range.
Example: 68.117.138.196/32,0.0.0.0/0 1.1.1.1 ( removed for privacy sake)
? enter attack_range name, multiple can be build under different names in the same region ar1
using ssh key name: root-80402
configuring attack_range environment
? shall we build a windows server Yes
? which version should it be 2016
? should the windows server be a domain controller Yes
? should we install red team tools on the windows server Yes
? should we install badblood on the windows server, which will populate the domain with objects Yes
? shall we build another windows server Yes
? which version should it be 2019
? should the windows server join the domain Yes
? should we install red team tools on the windows server Yes
? shall we build a linux server No
? shall we build a kali linux machine No
? shall we build nginx plus web proxy No
? shall we include Splunk SOAR (y/N)No
I've built this successfully 3 times in the Ohio and Oregon regions. If i try to build a Server 2019 DC and member server, include kali linux, etc, the build fails ( Cannot RDP to the DC, Red team tools missing, bad blood doesn't run, etc.).
Working now using above build.