Why do I get the error “your network config conflicts with the Amazon WorkSpaces management network” when I try to register my directory for Amazon WorkSpaces?

Short description

Amazon WorkSpaces selects the IP address for the management network interface from various address ranges. The selection depends on the Region where the WorkSpaces are created in. When you register a directory, Amazon WorkSpaces must determine if the address ranges create a conflict.

To do so, Amazon WorkSpaces tests the virtual private cloud (VPC) Classless Inter-Domain Routing (CIDR) and the route tables in your VPC. If a conflict is found in all available address ranges in the Region, then you receive an error message and the directory isn’t registered.

Resolution

To resolve the conflict, follow these steps:

1. Identify the IP address ranges used for the management network interface in your chosen Region.
2. Review the route table associated with the directory and corresponding subnets where the directory will be registered for Amazon WorkSpaces. Directory registration can also fail if the routes for management interface IP ranges are in a route table of the subnet where the directory is being registered.
3. Remove any conflicting IP address ranges from the route table, and then try again to register the directory.

Note: Changing the route tables in your VPC after the directory is registered might cause another conflict.

If you can’t remove the route to your on-premises network, consider launching Amazon WorkSpaces in a different Region. Review the Management Interface IP Ranges to identify a Region that doesn’t conflict with your on-premises network and that is closest for the end users. You can visit Connection Health Check from the Region that your end users can connect to the WorkSpaces from. This can help identify the best Region to launch Amazon WorkSpaces.