# Directory Assessment Error Messages To create a hybrid directory, you need to a passed directory assessment. Directory assessments can fail for various reasons. The following table shows directory assessment error messages and how to resolve them. **Directory Assessment Error Messages & Resolutions** | Directory Assessment Error Message | Resolution | | --- | --- | | This assessment failed multiple tests on both managed instances. Investigate the failed tests by selecting each managed instance and resolving them in your on-premises directory. Then, create a new assessment. | One or more of the directory assessment tests failed for your self-managed AD. Review the [Assessment Test error messages](assessment_test_error-msgs.md) for more information on specific test failures and their resolutions. | | This assessment failed due to Internal Service Exception. Please retry by creating a new assessment or contact service for troubleshooting. | Try to create a new directory assessment. If you continue to experience this error, contact [Support](https://aws.amazon.com/premiumsupport/). | | This assessment failed due to missing permission to perform an action like `ec2:CreateSecurityGroup`, `ec2:DeleteSecurityGroup`, `ec2:CreateNetworkInterface`, `ec2:DeleteNetworkInterface`, `ec2:DescribeSubnets`, and `ec2:DescribeNetworkInterface`. | To create a directory assessment, your AWS account needs the necessary [AWS account permissions](create_hybrid_directory_prereqs.md#hybrid-dir-prereq-perms). | | This assessment failed due to missing permission to perform an action like `ssm:GetConnectionStatus`, `ssm:GetCommandInvocation`, `ssm:ListCommands`, `ssm:SendCommand`. | To create a directory assessment, you will need two Systems Manager nodes with the necessary [AWS account permissions](create_hybrid_directory_prereqs.md#hybrid-dir-prereq-perms). | | This assessment failed as you've reached the limit on the number of network interfaces that you can create. For more information, see [Amazon VPC quotas](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). | To create a directory assessment, you must create a network interface and security groups. There are limits to the number of VPC resources you can create however you can adjust some of these limits. For more information, see [Amazon VPC quotas](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). | | This assessment failed as you have reached the limit on the number of security groups that you can create, or assign to an instance. For more information, see [Amazon VPC quotas](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). | To create a directory assessment, you must create a network interface and security groups. There are limits to the number of VPC resources you can create however you can adjust some of these limits. For more information, see [Amazon VPC quotas](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.htmll). | | This assessment failed. Unable to connect to customer instances from AWS Systems Manager. | To create a directory assessment, you will need two AWS Systems Manager nodes that have a connected status. See [Troubleshooting SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/troubleshooting-ssm-agent.html). | | This assessment failed multiple critical tests. Investigate the failed tests by selecting each managed instance and resolve them in your on-premises directory. Then, create a new assessment. | One or more of the directory assessment tests failed for your self-managed AD. Review the [Assessment Test error messages](assessment_test_error-msgs.md) for more information. |