
You receive an error message similar to one or more of the following when connecting to your on-premises directory:
SRV record for LDAP does not exist for IP:
SRV record for Kerberos does not exist for IP:
AD Connector needs to obtain the _ldap._tcp.
my scenario is I got my VPC via a VPN connection to my on-premises AD network. my vpc have 2 public subnets and 2 private subnets. in public subnets, I build ec2 windows server as RODC on each subnet. and in private subnets, i build ec2 window server dc. they all successfully replicate from the on-premises AD. all these four ec2 windows servers are all join to the on-premise domain.
The NACL, & SG for testing purpose, I had open to all. and I checked all the DNS server from the forward lookup zone > _msdcs..local > dc or forward lookup zone > _msdcs..local > _tcp , all got _ldap & _kerberos SRV records pointed to the right dns name. (such as _ldap service location (SRV) [0][100][389]DNS name.domain name.local)
2 Answers
Unfortunately, Doesn’t seem like anyone has any ideas. Closing this question as unanswered.

@Runtian, did you try solution proposed at https://forums.aws.amazon.com/thread.jspa?threadID=239820
Hi Runtian, I don’t have any ideas myself for the problem. I’ll leave this open for a few days to see if someone else might be able to provide some ideas.